VNC, sshd and NT

Jeff Kwan jkwan "at" po-box.mcgill.ca
Wed, 15 Jul 1998 17:31:07 +0000


Hi folks, I've been experimenting with VNC and sshd on NT.  My results
thus far have been very unimpressive...  OK, here's my setup:  vncviewer
(3.3.2) running on a Linux box with ssh and an NT 4.0 box with Winvnc
3.3.2, Cygnus gnu-win32 and sshd compiled under Cygnus gnu-win32.
Winvnc and vncviewer work fine alone without port forwarding and
ssh/sshd work fine together too.  Utilizing the method described in the
VNC FAQ, by forwarding the local port to the remote port 5900 with ssh
-L 5900:winvncserver:5900 appears to work, with some code changes in
Winvnc.  So, the server will see it coming from a local port (even tho
it isn't) and will give an error message and stop.  I commented out that
portion of code that checks and prevents local loop-back viewing in
vncClient.cpp.  That seemed to make it work (I got to the password
stage).  It looked like it was on it's way...  Until I started using it,
ugh!  Compared to a unencrypted-unsshtunneled connection, this one was
slooow as molassass.  Screen updates came really slow.  I turned on ssh
compression and it got even worse.  I have yet to try it on a Linux to
Linux connection.  I fear that it's the layer upon layer to get sshd to
work and that's why the performance suffers.  Any suggestions?

Primarily, the reason why we want a secure VNC is often we need to
administer remote NT machines and login with the admin accounts...
Don't want people to be able to read what we're typing b/c of the
password entry on the intial login.

One possible solution if one wants a secure connection to a Windows
machine is by building SSL support in VNC and
running a ssl proxy that the people at Obdev have made (
http://www.obdev.at/Products/sslproxy.html ), it's GPL'd.
Or how about just encrypting the keystrokes?




---------------------------------------------------------------------
The VNC mailing list     -   see http://www.orl.co.uk/vnc/intouch.html
---------------------------------------------------------------------