VNC over the internet - security issues ?

[RedHat123]

I have a small office that pays me to admin their (windows) server on a part time basis. Setting up software, troubleshooting, running a few reports etc..

Id like to explore using VNC to admin the server via my linux workstation at home. Ive used VNC in the past to admin a 'Nix server via a windows desktop, but this was only from within my local network, not across the net. Opening ports on the router scares me. I would be setting up the "virtual server" section of a router to foward requests onthe public ip and a specific port# to a private/internal ip and port#.

Does anyone have a good example of how to setup something like this in a secure way ? Otherwise, Im just going to keep making the trip out there when they need me. This is an idea of what im talking about, but im not sure about security
http://faq.gotomyvnc.com/cgi-bin/fom...router&file=64

even if the VNC server was not running, the fact that a port has been opened in the router settings is a concern to me.

comments ?

[Twey]

Rather than using VNC, you should take advantage of X's network transparency.
$ ssh -X my.box.com
will connect you to my.box.com via SSH, and any graphical programs you run will run on that computer, but display on yours.

If you must use VNC, see http://www.ltsp.org/contrib/vnc.html for instructions on forwarding it through SSH.

[RedHat123]

Rather than using VNC, you should take advantage of X's network transparency.
$ ssh -X my.box.com
will connect you to my.box.com via SSH, and any graphical programs you run will run on that computer, but display on yours.

If you must use VNC, see http://www.ltsp.org/contrib/vnc.html for instructions on forwarding it through SSH.

Remember, the machine to be connected to is running windows,. In other words its Linux -> Windows, not the other way around. In my case, maybe i need to look at using an x server for winders such as this ?
http://sources.redhat.com/cygwin/xfree/

[Twey]

Ah, I see. Yes, cygwin is always a good idea, or for VNC see RealVNC (although the free edition isn't so secure).

[hanybee]

can u plz tell me how i get Fedora desktop in Xp???????

[RHamel]

You need an ssh server on your windows xp box. You could use cygwin, but there is also openssh for windows at:

http://sshwindows.sourceforge.net

[Twey]

No, you need a VNC client. See realvnc.com. As for sshwindows, it's just a minimal Cygwin installation with sshd.

[kenm_uk]

can u plz tell me how i get Fedora desktop in Xp???????

I am just a newbie to Linux. But what I have found which works well is to run a vncserver (install vnc-server from yum and then type vncserver at the prompt to setup and start the server on the host linux machine) and then I can access the Linux box from my XP machine using the web/java applet by going to http://local-ip-address:5801 (no windows software needed).

Hope this helps.

-Ken

[philjohn]

Using VNC over the internet (esp via the web interface) is horribly insecure, everything is sent in plaintext, passwords if you su, password to access the vncserver etc.

When I've needed to do this (to control a windows machine remotely) I setup vnc to only allow connections from localhost, then setup sshwindows so that I could ssh in and start the vnc server. You then need to start an ssh tunnel (google for it), so on your local machine it will look like you are connecting to a vnc server on localhost, you are actually vnc'ing to an ssh client running locally which then tunnels (forwards) the data on to the ssh server running on the machine to be controlled, which then passes it on to the actual VNC server.

The other option (which is probably simpler) would be to setup a VPN using encryption and using that for your tunnel.