VNC over the internet - security issues ?
FedoraForum.org - Fedora Support Forums and Community
Results 1 to 9 of 9
  1. #1
    RedHat123 Guest

    VNC over the internet - security issues ?

    I have a small office that pays me to admin their (windows) server on a part time basis. Setting up software, troubleshooting, running a few reports etc..

    Id like to explore using VNC to admin the server via my linux workstation at home. Ive used VNC in the past to admin a 'Nix server via a windows desktop, but this was only from within my local network, not across the net. Opening ports on the router scares me. I would be setting up the "virtual server" section of a router to foward requests onthe public ip and a specific port# to a private/internal ip and port#.

    Does anyone have a good example of how to setup something like this in a secure way ? Otherwise, Im just going to keep making the trip out there when they need me. This is an idea of what im talking about, but im not sure about security
    http://faq.gotomyvnc.com/cgi-bin/fom...router&file=64

    even if the VNC server was not running, the fact that a port has been opened in the router settings is a concern to me.

    comments ?

  2. #2
    Twey Guest
    Rather than using VNC, you should take advantage of X's network transparency.
    $ ssh -X my.box.com
    will connect you to my.box.com via SSH, and any graphical programs you run will run on that computer, but display on yours.

    If you must use VNC, see http://www.ltsp.org/contrib/vnc.html for instructions on forwarding it through SSH.

  3. #3
    RedHat123 Guest

    Question

    Quote Originally Posted by Twey
    Rather than using VNC, you should take advantage of X's network transparency.
    $ ssh -X my.box.com
    will connect you to my.box.com via SSH, and any graphical programs you run will run on that computer, but display on yours.

    If you must use VNC, see http://www.ltsp.org/contrib/vnc.html for instructions on forwarding it through SSH.
    Remember, the machine to be connected to is running windows,. In other words its Linux -> Windows, not the other way around. In my case, maybe i need to look at using an x server for winders such as this ?
    http://sources.redhat.com/cygwin/xfree/

  4. #4
    Twey Guest
    Ah, I see. Yes, cygwin is always a good idea, or for VNC see RealVNC (although the free edition isn't so secure).

  5. #5
    hanybee Guest
    can u plz tell me how i get Fedora desktop in Xp???????

  6. #6
    Join Date
    Sep 2004
    Location
    Denver, Colorado
    Posts
    561
    You need an ssh server on your windows xp box. You could use cygwin, but there is also openssh for windows at:

    http://sshwindows.sourceforge.net

  7. #7
    Twey Guest
    No, you need a VNC client. See realvnc.com. As for sshwindows, it's just a minimal Cygwin installation with sshd.

  8. #8
    Join Date
    Jul 2005
    Location
    London
    Posts
    87
    Quote Originally Posted by hanybee
    can u plz tell me how i get Fedora desktop in Xp???????
    I am just a newbie to Linux. But what I have found which works well is to run a vncserver (install vnc-server from yum and then type vncserver at the prompt to setup and start the server on the host linux machine) and then I can access the Linux box from my XP machine using the web/java applet by going to http://local-ip-address:5801 (no windows software needed).

    Hope this helps.

    -Ken

  9. #9
    philjohn Guest
    Using VNC over the internet (esp via the web interface) is horribly insecure, everything is sent in plaintext, passwords if you su, password to access the vncserver etc.

    When I've needed to do this (to control a windows machine remotely) I setup vnc to only allow connections from localhost, then setup sshwindows so that I could ssh in and start the vnc server. You then need to start an ssh tunnel (google for it), so on your local machine it will look like you are connecting to a vnc server on localhost, you are actually vnc'ing to an ssh client running locally which then tunnels (forwards) the data on to the ssh server running on the machine to be controlled, which then passes it on to the actual VNC server.

    The other option (which is probably simpler) would be to setup a VPN using encryption and using that for your tunnel.

Similar Threads

  1. Security issues
    By KRAZYBASTID in forum Using Fedora
    Replies: 29
    Last Post: 29th November 2006, 04:38 AM
  2. How to update FC4 only for security issues
    By lukeb in forum Security and Privacy
    Replies: 2
    Last Post: 19th October 2006, 10:22 AM
  3. Internet Connection Shareing Security
    By ace2005 in forum Servers & Networking
    Replies: 3
    Last Post: 12th September 2005, 04:41 AM

Tags for this Thread

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •