Find the answer to your Linux question:
Results 1 to 6 of 6
After setting up an ssh server, I decided it would be useful to use VNC so that I could get a graphical desktop when connected to my home machine. I've ...
Enjoy an ad free experience by logging in. Not a member yet? Register.
  1. #1
    Linux Guru smolloy's Avatar
    Join Date
    Apr 2005
    Location
    CA, but from N.Ireland
    Posts
    2,414

    VNC security issues


    After setting up an ssh server, I decided it would be useful to use VNC so that I could get a graphical desktop when connected to my home machine.

    I've set up the ssh server very securely (no root login, no password logins, only pubkey authentication, limited domains, etc.), but I was wondering if using vnc opened up any security holes?

    For example, will the VNC connection automatically use the ssh server? (I assume it does, since it asks for the key pass phrase.) Does anyone know of any security issues I should be careful of?

    Thanks guys.
    Registered Linux user #388328 || Registered LFS user #15880
    AMD 64 X2 4600+ :: 2X1GB DDR2 800 :: GeForce 9400 GT 512MB :: ASUS M2N32 Deluxe :: 4X250GB SATAII
    Need instant help? Try us on IRC -- #linuxforums on freenode

  2. #2
    Just Joined!
    Join Date
    Aug 2006
    Location
    Ripon, UK
    Posts
    26
    VNC will not automatically use the ssh server. The trick is to use port forwarding eg:
    ssh -l vnc -i ~charles/.ssh/vnckey -g -L 5902:192.168.136.220:5900 vncserver.co.uk

    This will allow a (tight)vnc client locally to connect to localhost:2 and all will be secure. Do use tightvnc unless you can actually see the machine that is serving your desktop, by the way, or it will be horribly slow.

    HTH.
    Charles.

  3. #3
    Linux Guru smolloy's Avatar
    Join Date
    Apr 2005
    Location
    CA, but from N.Ireland
    Posts
    2,414
    Thanks cmcevoy.

    I'm sure that the vnc session I'm using from work is using SSH tunneling, so I'm sure that is secure, but I was wondering if having a vncserver running will allow people to connect to it without using ssh. i.e. could they brute force my vnc username and password to obtain a connection to my computer?

    How can I make sure that the only way to connect to my computer is to use SSH?
    Registered Linux user #388328 || Registered LFS user #15880
    AMD 64 X2 4600+ :: 2X1GB DDR2 800 :: GeForce 9400 GT 512MB :: ASUS M2N32 Deluxe :: 4X250GB SATAII
    Need instant help? Try us on IRC -- #linuxforums on freenode

  4. #4
    Just Joined!
    Join Date
    Aug 2006
    Location
    Ripon, UK
    Posts
    26
    Mine lives behind a smoothwall firewall, which accepts (non-standard port) SSH connexions and port-maps forward to my desktop, which then has no direct connexion to the Big Bad World.
    Charles

  5. #5
    Linux Guru smolloy's Avatar
    Join Date
    Apr 2005
    Location
    CA, but from N.Ireland
    Posts
    2,414
    Thanks for your reply.

    I set it up so that the only way to connect to my computer is to use SSH. Then, once I've connected, I run a neat little shell script that a friend wrote for me to start a vncserver that only accepts connections from localhost. That way, I think, no one should be able to connect unless they manage to crack my SSH security.
    Registered Linux user #388328 || Registered LFS user #15880
    AMD 64 X2 4600+ :: 2X1GB DDR2 800 :: GeForce 9400 GT 512MB :: ASUS M2N32 Deluxe :: 4X250GB SATAII
    Need instant help? Try us on IRC -- #linuxforums on freenode

  6. #6
    Just Joined!
    Join Date
    Aug 2006
    Location
    Ripon, UK
    Posts
    26
    I would have thought that so long as you are not accepting connexions on ports 580x or 590x then there is no easy way for vnc to represent a security risk. It sounds pretty secure to me, but I'm no expert!
    Charles

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •