Post by c***@city.ac.ukHi, I'm looking into the security side of VNC and i've noticed that people
have managed to get the VNC protocol working thorugh SSH and telnet. I was
wondering if anyone could give any good ideas as to how this could be
achieved and what would be the advantages of using SSH to encrypt a VNC
session. Any input would be greatly appreciated.
Many Thanks
DM
_______________________________________________
VNC-List mailing list
http://www.realvnc.com/mailman/listinfo/vnc-list
Well Finally,
A different question!
Okay, the vnc protocol does not ecrypt the information being sent
back and forth, so that someone with a bit of time, the right intenert
connection and a computer can see and (even worse) record everything you
do via VNC. This includes the keystrokes to passwords and your internet
banking, and everything... (But you know this)
So your choices are a tunnel (a point to point connection routing for a
specific number of applications) or a VPN (reroute the entire network
protocols via a tunnel).
As you can tell my opinion leans heavy towards tunnels, and I am very
biased to ssh.But before I start ranting, let me acknowledge that VPN's
(Virtual Private Networks) have thier place in the telecomunications.
So why SSH?
===========
1) SSH is an independantly developed system not connected to any
commercial needs, so you donot have to fear anyone changing the ball
game to "survive", and you are not forced to trust somebody!
2) SSH is not new, so it's a mature protocoll, with all the problems
already worked out, and supported by many many companies / programs
known to all firewalls etc. It is a standard.
3) It is available as OpenSource. This means that there is nothing
hidden in the executable code, and in this case that thousands of
security experts are have looked at the code, and announced what ever
errors they have found.
4) the SSH system was (is?) well designed to solve exactly this type of
problem.
So what is SSH?
==============
SSH consists of 3 parts:
1) The Secure SHell. An encrypted and (usually compressed) telnet like
connection to a remote host. Although the system was named after this
part this is the least usefull.
2) An encrypted (and possibly compressed) remote file transfer system,
which is extreemely usefull, but not the topic of discusion here.
3) an Encrypted (and possibly compressed) TCP port tunneling system.
By setting up an SSH server, you get all this plus:
+ SSH server is (relatively) easy to setup, and requires NO maintenance!
+ the Client side can be copied to the same floppy as your vncviewer
allowing you to securely remote access from anywhere!
+ a single SSH server can provide encrypted (and yes, compressed)
tunnels for all the machines on the network behind a router/firewall,
allowing for a central "tunnel" server.
How do I go about this?
Well you simply allow ssh connections from the internet through the
firewall to your Super Linux Firewal, Router, File Server, Primary
Domain Controller, Print server, Mail server, Fax Server ......
machine, and that was it!
WHAT? your don't have a Linux Server that does all that?
Let me guess, you live in a cave, and hunt saber-tooth tigers as sport?
Well, just for people like you there is even a Windozzzze version of the
SSH server.
And I even wrote some documentation on how to install it!
(My boss at work hunts saber-tooth tigers too! 8-)
So if someone is willing to offer web space to store it, I'd be willing
to remove the company specific stuff, polish it up and publish it.
Jerry Westrick