Submit Hint Search The Forums LinksStatsPollsHeadlinesRSS
14,000 hints and counting!

Click here to return to the 'Secure?! Heh' hint
The following comments are owned by whoever posted them. This site is not responsible for what they say.
Secure?! Heh
Authored by: Cadre on Dec 07, '01 05:06:40PM

It's quite trivial to tunnel VNC connections through ssl. And I assure you, it doesn't get much more secure than that. Then you can firewall the 5901 port off from all outside traffic on the server machine. Good VNC clients support tunneling innately too.

On the client side just type this:
ssh user@server -L 5901:server:5901 server

The on the client side, have your VNC client connect to localhost:5901

The ports I put above are dependent on which screen you have the VNC server set to. 0 - 5900, 1 - 5901, etc. Also, this assumes you don't have something already bound to 5901 on the client machine. If you do, then you'll have to change the first port in the ssh command to an unused one and have the VNC client connect to that port instead.

Considering the above and the fact that the VNC protocol is documented and open and most of the clients and servers are also open source, the encryption tunneling mechanism is open and the clients and servers are open source (all of which have been reviewed by a multitude of developers), you have a more secure solution than Timbuktu, which who knows how many little developer backdoors have been stuck in...

[ Reply to This | # ]