[lug] vnc security

Holshouser, David dholshou at ball.com
Mon Jun 18 09:02:57 MDT 2001 

A friend at an old work place had something setup to do vnc through an ssh
tunnel. I haven't played with it, but this is his response to my request for
info.

============
It's fairly easy to do if you are running the vnc server on Linux, since
there are many ssh implementations that support port forwarding.  I use this
every day to view my fvwm desktop from my Windows 98 machine.  If the vnc
server needs to run on Windows, it is still possible using a Java-based ssh
server called Mindterm, which can do the port forwarding.

I don't know how much you've read about this, so I'll give you a quick
overview.  The vnc server makes desktop :1 available on port 5901, desktop
:2 on 5902, etc.  Let's assume that your vnc server session is on :2.  When
you start the vnc viewer, it connects to 5902 on the server machine, and
there's your desktop.  To get this going over ssh, you start by configuring
your ssh client to forward local port 5902 across the ssh channel to the
server's port 5902.  This is referred to as outgoing port forwarding in my
client (I use ssh-2.4.0 from www.ssh.com).  Once the port is forwarded, you
tell the vnc viewer to connect to localhost:2 instead of the server machine,
and there's the desktop.  You do need to specifically request the vnc viewer
to use hextile and copyrect encoding, because it will use raw encoding by
default for local connections, which slows things down noticeably.

If the server will be running on Windows, the hard part is getting a decent
ssh server that supports port forwarding.  The one that worked the best in
my opinion was Mindterm, which is available at:

http://www.appgate.org/products/mindterm/

It is Java based, so if you have a Java runtime on your Windows machine, it
should work.  It was easy to start with a batch file, and ran on 98/NT/2000
without needing the CYGWIN stuff.  Let me know if you need the batch file.
Hopefully you are serving Linux instead of Windows anyway!!!
================



> -----Original Message-----
> From: Dan Kuester [mailto:lurgyman at babylonia.flatirons.org]
> Sent: Friday, June 15, 2001 9:16 AM
> To: BLUG
> Subject: [lug] vnc security
> 
> 
> 	Is VNC secure?  If it isn't, is there an easy way to make it
> secure?
> 
> -- 
> Dan Kuester
> 
> _______________________________________________
> Web Page:  http://lug.boulder.co.us
> Mailing List: http://lists.lug.boulder.co.us/mailman/listinfo/lug
>

More information about the LUG mailing list