Do you have a question? Post it now! No Registration Necessary. Now with pictures!
- Posted on
- staying secure while allowing vnc...
December 22, 2006, 3:44 pm
rate this thread
to it thru an ssh tunnel.
I'm not a security guru so I thought I'd ask here if what I've done is
a good idea.
My box started out as a RH9 box, however it has been upgraded many
times. Most upgrades I compile from source and have been things like
SSH, mozilla, iptables, and a few other things. Some legacy rpms from
the legacy project have also been installed. I'll upgrade to another
OS when I buy or build a new box.
Anyway it has become necessary that I access this system while I'm on
the road. My job has given me a laptop (yeah!) but won't let me put
any flavor of Linux on it. Dragging my personal laptop, which
dualboots to WinXP and Debian, along as a 2nd one is just not going to
happen. So the solution I've decided to use is VNC thru an ssh tunnel.
This seems fine, but a few things I had to do to get the VNC stuff
working, worries me. I don't at all understand the implications and
hope this group can let me know.
The main things I did was:
commented out DisplayManager.requestPort: 0
uncomment !* # any host can get a login window
To connect from the laptop, I start up Putty, SSH to the box. Putty is
configured to do port forwarding for 5900 to 127.0.0.1:5900 and for
5901 in a similar way. I then vnc to 127.0.0.1:1 It seems to work,
but like I said I don't know what that stuff with xdm and gdm really
allows to happen to my system. Should I worry? What should I watch for
to see if anyone is attempting or has succeeded in hacking my box.
I also tried without running Putty, to vnc to xxx.xxx.xxx.xxx:1 and
that also seems to work. So how secure is vnc's password protection?
I'm using a "good" password, well "good" but something I don't have to
Thanks in advance.
- » what should be use in redhat 8.0 make file instead of freebsd file (bsd.port.mk)
- — Next thread in » Linux Security
- » Cloud Ace Technologies is offering Implementation Services on Cloud Computing, Cloud Serv...
- — Newest thread in » Linux Security