VNC, sshd and NT

William.Smargiassi@smed.com William.Smargiassi "at" smed.com
Wed, 15 Jul 1998 17:59:39 +0000


I use VNC over ssh from Linux or Windows 95/NT to Solaris 2.5.1 on an Ultra
without any problems. I've also done port forwardings to that machine over
a 33.6 modem over the Internet to NT WinVNC servers on the same network.
The traffic is encrypted over the Internet, but is unencrypted on that LAN
(that network is entirely  located in one physically secure room, so I'm
less worried about snooping). Things are as fast as you'd expect, very near
the unencrypted speed. Perhaps it's the port of sshd to NT or  the server
or client processor speed?

bill




Jeff Kwan <jkwan "at" po-box.mcgill.ca> on 07/15/98 12:28:03

To:   vnc-list "at" orl.co.uk
cc:    (bcc: William Smargiassi/SMS)
Subject:  VNC, sshd and NT




Hi folks, I've been experimenting with VNC and sshd on NT.  My results
thus far have been very unimpressive...  OK, here's my setup:  vncviewer
(3.3.2) running on a Linux box with ssh and an NT 4.0 box with Winvnc
3.3.2, Cygnus gnu-win32 and sshd compiled under Cygnus gnu-win32.
Winvnc and vncviewer work fine alone without port forwarding and
ssh/sshd work fine together too.  Utilizing the method described in the
VNC FAQ, by forwarding the local port to the remote port 5900 with ssh
-L 5900:winvncserver:5900 appears to work, with some code changes in
Winvnc.  So, the server will see it coming from a local port (even tho
it isn't) and will give an error message and stop.  I commented out that
portion of code that checks and prevents local loop-back viewing in
vncClient.cpp.  That seemed to make it work (I got to the password
stage).  It looked like it was on it's way...  Until I started using it,
ugh!  Compared to a unencrypted-unsshtunneled connection, this one was
slooow as molassass.  Screen updates came really slow.  I turned on ssh
compression and it got even worse.  I have yet to try it on a Linux to
Linux connection.  I fear that it's the layer upon layer to get sshd to
work and that's why the performance suffers.  Any suggestions?

Primarily, the reason why we want a secure VNC is often we need to
administer remote NT machines and login with the admin accounts...
Don't want people to be able to read what we're typing b/c of the
password entry on the intial login.

One possible solution if one wants a secure connection to a Windows
machine is by building SSL support in VNC and
running a ssl proxy that the people at Obdev have made (
http://www.obdev.at/Products/sslproxy.html ), it's GPL'd.
Or how about just encrypting the keystrokes?




---------------------------------------------------------------------
The VNC mailing list     -   see http://www.orl.co.uk/vnc/intouch.html
---------------------------------------------------------------------





---------------------------------------------------------------------
The VNC mailing list     -   see http://www.orl.co.uk/vnc/intouch.html
---------------------------------------------------------------------