staying secure while allowing vnc...

Do you have a question? Post it now! No Registration Necessary.  Now with pictures!

Threaded View
I used parts of the following guides to set my box up so that I can vnc
to it thru an ssh tunnel. /

I'm not a security guru so I thought I'd ask here if what I've done is
a good idea.

My box started out as a RH9 box, however it has been upgraded many
times.  Most upgrades I compile from source and have been things like
SSH, mozilla, iptables, and a few other things.  Some legacy rpms from
the legacy project have also been installed.  I'll upgrade to another
OS when I buy or build a new box.

Anyway it has become necessary that I access this system while I'm on
the road.  My job has given me a laptop (yeah!) but won't let me put
any flavor of Linux on it.  Dragging my personal laptop, which
dualboots to WinXP and Debian, along as a 2nd one is just not going to
happen.  So the solution I've decided to use is VNC thru an ssh tunnel.

This seems fine, but a few things I had to do to get the VNC stuff
working, worries me.  I don't at all understand the implications and
hope this group can let me know.

The main things I did was:

edit /etc/X11/xdm/xdm-config
commented out DisplayManager.requestPort: 0

edit /etc/X11/xdm/Xaccess
uncomment !* # any host can get a login window

run gdmconfig
enable XDMCP

To connect from the laptop, I start up Putty, SSH to the box.  Putty is
configured to do port forwarding for 5900 to and for
5901 in a similar way.  I then vnc to  It seems to work,
but like I said I don't know what that stuff with xdm and gdm really
allows to happen to my system.  Should I worry? What should I watch for
to see if anyone is attempting or has succeeded in hacking my box.

I also tried without running Putty, to vnc to and
that also seems to work.  So how secure is vnc's password protection?
I'm using a "good" password, well "good" but something I don't have to
write down.

Thanks in advance.


Re: staying secure while allowing vnc... schreef:
Quoted text here. Click to load it

I used to use vnc over ssh all the time until I read something about
FreeNX, it based on NX technology from nomachine (
Its works much faster than vnc and it use ssh to provide some encryption.


Site Timeline