AW: Access controls and logging
Stiglmair Erich
Erich.Stiglmair "at" sbawm.bayern.de
Wed, 21 Jul 1999 12:37:09 +0000
It should although be able to show a popup by connecting.
Otherwise at least gives it in Germany problems with the works =
committee
- or did I overlook this function?
Mit freundlichen Gr=FC=DFen
Erich Stiglmair
Dipl.-VwW(FH)
erich.stiglmair "at" sbawm.bayern.de
Tel. 0881-645-0 Zentrale
0881-645-148 Durchwahl
Fax 0881-645-100
-----Urspr=FCngliche Nachricht-----
Von: owner-vnc-list-digest "at" uk.research.att.com
[SMTP:owner-vnc-list-digest "at" uk.research.att.com]
Gesendet am: Dienstag, 20. Juli 1999 07:00
An: vnc-list-digest "at" uk.research.att.com
Betreff: vnc-list-digest V1 #392
vnc-list-digest Tuesday, July 20 1999 Volume 01
: Number 392
............................
VNC-LIST-DIGEST is a daily collection of the messages sent to
the
VNC mailing list. For more information about VNC see the home
page
http://www.uk.research.att.com/vnc .
In this issue:
Re: Re: Mac with 68040
BO2K
RE: CORBA/Internal Version: RE: Radmin
RE: vnc will not work with rh6
Re: vnc client with many clients
pasting into vim via vnc
Access controls and logging
RE: BO2K
Re: Access controls and logging
VNC and Netware user lists
RE: BO2K (No VNC content, sorry)
Re: Problems with rfbcounter
Re: Global per-user registry settings / screen-painting
Connecting to SSH server w/ssh client to use VNC
Re: Access controls and logging
SSH and VNC
Re: Connecting to SSH server w/ssh client to use VNC
Re: SSH and VNC
Re: SSH and VNC
RE: connection closed
Re: SSH and VNC
Re: SSH and VNC
RE: SSH and VNC ---For Non-Programmers
Re: connection closed
vncserver on RedHat6 with truetype fontserver
Re: SSH and VNC ---For Non-Programmers
Re: SSH and VNC
X Server Console Multiple Broadcast
Re: X Server Console Multiple Broadcast
............................
----------------------------------------------------------------------
Date: Mon, 19 Jul 1999 11:26:03 +0100
From: thorn "at" estec.esa.nl
Subject: Re: Re: Mac with 68040
Hello,
thanks a lot for your great support! I downloaded the
68000-version
from Dair and it is running and running...
The problem what I have now, it is VERY (!) slow. I decrease
all,
what cost speed (f.e. the Screenresolution from the server PC
etc.),
but nevertheless it takes much time to controll the server-PC.
Also it has sometimes problems with the refresh. If I move the
Window
from the server-PC on the Mac it refresh it quicker...
...but ok, this is not a big problem!
Has anybody an idea to increase the speed?
Cheers
Tobias
what I do:
- - run only the viewer on the Mac (for high system-resources)
- - give a good memory base on the Mac
- - drecrease the color & resolution to a minimum on the
server-PC
- - remote only easy programms (but it is slow...)
- - and I must say, there must be a problem with the two
different
plattforms...
because a Pc-Pc-connection is good (I check this), perhaps a
Mac-Mac-connection
is also good, but I have only one...and I want to remote with
the Mac the PC
-
---------------------------------------------------------------------
The VNC mailing list - see
http://www.uk.research.att.com/vnc/intouch.html
-
---------------------------------------------------------------------
------------------------------
Date: Mon, 19 Jul 1999 04:53:12 -0700
From: "Matthew Lee Mandalek" <mandalek "at" inter-net.net>
Subject: BO2K
This is a multi-part message in MIME format.
- ------=3D_NextPart_000_0005_01BED1A2.0FDBE910
Content-Type: multipart/mixed;
boundary=3D"----=3D_NextPart_000_0000_01BED1A2.0F600250"
- ------=3D_NextPart_000_0000_01BED1A2.0F600250
Content-Type: multipart/alternative;
boundary=3D"----=3D_NextPart_001_0001_01BED1A2.0F649630"
- ------=3D_NextPart_001_0001_01BED1A2.0F649630
Content-Type: text/plain;
charset=3D"iso-8859-1"
Content-Transfer-Encoding: 7bit
Thought this might be interesting reading....
>1. Back Off, Back Orifice
http://cgi.zdnet.com/slink?4978
It doesn't matter if you buy cDc Communications argument that
"Back Orifice 2000 is the most powerful network administration
tool available for the Microsoft environment." The plain truth
is
that BO2K enables crackers to wreak havoc on net-connected
Windows 95, Windows 98 and NT systems. Click here for the full
story.
Internet Systems
Matthew Mandalek
74040 Highway #111, L211
Palm Desert, CA 92260
760-862-1249 - Voice
760-862-1289 - Fax
6980378 - ICQ
mandalek - Instant Messenger
=20
- ------=3D_NextPart_001_0001_01BED1A2.0F649630
Content-Type: text/html;
charset=3D"iso-8859-1"
Content-Transfer-Encoding: quoted-printable
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 3.2//EN">
<HTML>
<HEAD>
<META HTTP-EQUIV=3D3D"Content-Type" CONTENT=3D3D"text/html; =3D
charset=3D3Diso-8859-1">
<META NAME=3D3D"Generator" CONTENT=3D3D"MS Exchange Server version =3D
5.5.2410.0">
<TITLE></TITLE>
</HEAD>
<BODY>
<P><FONT SIZE=3D3D2 FACE=3D3D"Arial">Thought this might be
interesting =3D
reading....</FONT>
</P>
<P><FONT SIZE=3D3D2 FACE=3D3D"Courier New">>1. Back Off, Back =3D
Orifice</FONT>
<BR><FONT SIZE=3D3D2 FACE=3D3D"Courier New"><A =3D
HREF=3D3D"http://cgi.zdnet.com/slink?4978" =3D
TARGET=3D3D"_blank">http://cgi.zdnet.com/slink?4978</A></FONT>
</P>
<P><FONT SIZE=3D3D2 FACE=3D3D"Courier New">It doesn't matter if you
buy cDc =3D
Communications argument that</FONT>
<BR><FONT SIZE=3D3D2 FACE=3D3D"Courier New">"Back Orifice 2000
is the =3D
most powerful network administration</FONT>
<BR><FONT SIZE=3D3D2 FACE=3D3D"Courier New">tool available for the
Microsoft =3D
environment." The plain truth is</FONT>
<BR><FONT SIZE=3D3D2 FACE=3D3D"Courier New">that BO2K enables
crackers to =3D
wreak havoc on net-connected</FONT>
<BR><FONT SIZE=3D3D2 FACE=3D3D"Courier New">Windows 95, Windows 98
and NT =3D
systems. Click here for the full</FONT>
<BR><FONT SIZE=3D3D2 FACE=3D3D"Courier New">story.</FONT>
</P>
<BR>
<P ALIGN=3D3DCENTER><B><I><FONT COLOR=3D3D"#000080"
FACE=3D3D"Arial">Internet =3D
Systems</FONT></I></B></P>
<P ALIGN=3D3DCENTER><I><FONT COLOR=3D3D"#000080" SIZE=3D3D2 =3D
FACE=3D3D"Arial">Matthew Mandalek</FONT></I></P>
<P ALIGN=3D3DCENTER><FONT SIZE=3D3D2 FACE=3D3D"Arial">74040 Highway
#111, =3D
L211</FONT></P>
<P ALIGN=3D3DCENTER><FONT SIZE=3D3D2 FACE=3D3D"Arial">Palm Desert,
CA =3D
92260</FONT></P>
<P ALIGN=3D3DCENTER><FONT SIZE=3D3D2 FACE=3D3D"Arial">760-862-1249 - =
=3D
Voice</FONT></P>
<P ALIGN=3D3DCENTER><FONT SIZE=3D3D2 FACE=3D3D"Arial">760-862-1289 - =
=3D
Fax</FONT></P>
<P ALIGN=3D3DCENTER><FONT SIZE=3D3D2 FACE=3D3D"Arial">6980378 -
ICQ</FONT></P>
<P ALIGN=3D3DCENTER><FONT SIZE=3D3D2 FACE=3D3D"Arial">mandalek -
Instant =3D
Messenger</FONT></P>
<P><FONT SIZE=3D3D2 FACE=3D3D"Arial"> </FONT>
</P>
</BODY>
</HTML>
- ------=3D_NextPart_001_0001_01BED1A2.0F649630--
- ------=3D_NextPart_000_0000_01BED1A2.0F600250
Content-Type: text/x-vcard;
name=3D"Matthew Lee Mandalek (E-mail).vcf"
Content-Transfer-Encoding: 7bit
Content-Disposition: attachment;
filename=3D"Matthew Lee Mandalek (E-mail).vcf"
- ------=3D_NextPart_000_0000_01BED1A2.0F600250--
- ------=3D_NextPart_000_0005_01BED1A2.0FDBE910
Content-Type: application/x-pkcs7-signature;
name=3D"smime.p7s"
Content-Transfer-Encoding: base64
Content-Disposition: attachment;
filename=3D"smime.p7s"
MIAGCSqGSIb3DQEHAqCAMIACAQExCzAJBgUrDgMCGgUAMIAGCSqGSIb3DQEHAQAAoIIIOTCC=
Ay4w
ggKXoAMCAQICEQDSdi6NFAw9fbKoJV2v7g11MA0GCSqGSIb3DQEBAgUAMF8xCzAJBgNVBAYT=
AlVT
MRcwFQYDVQQKEw5WZXJpU2lnbiwgSW5jLjE3MDUGA1UECxMuQ2xhc3MgMSBQdWJsaWMgUHJp=
bWFy
eSBDZXJ0aWZpY2F0aW9uIEF1dGhvcml0eTAeFw05ODA1MTIwMDAwMDBaFw0wODA1MTIyMzU5=
NTla
MIHMMRcwFQYDVQQKEw5WZXJpU2lnbiwgSW5jLjEfMB0GA1UECxMWVmVyaVNpZ24gVHJ1c3Qg=
TmV0
d29yazFGMEQGA1UECxM9d3d3LnZlcmlzaWduLmNvbS9yZXBvc2l0b3J5L1JQQSBJbmNvcnAu=
IEJ5
IFJlZi4sTElBQi5MVEQoYyk5ODFIMEYGA1UEAxM/VmVyaVNpZ24gQ2xhc3MgMSBDQSBJbmRp=
dmlk
dWFsIFN1YnNjcmliZXItUGVyc29uYSBOb3QgVmFsaWRhdGVkMIGfMA0GCSqGSIb3DQEBAQUA=
A4GN
ADCBiQKBgQC7WkSKBBa7Vf0DeootlE8VeDa4DUqyb5xUv7zodyqdufBou5XZMUFweoFLuUgT=
Vi3H
COGEQqvAopKrRFyqQvCCDgLpL/vCO7u+yScKXbawNkIztW5UiE+HSr8Z2vkV6A+HthzjzMaa=
jn9q
JJLj/OBluqexfu/J2zdqyErICQbkmQIDAQABo3wwejARBglghkgBhvhCAQEEBAMCAQYwRwYD=
VR0g
BEAwPjA8BgtghkgBhvhFAQcBATAtMCsGCCsGAQUFBwIBFh93d3cudmVyaXNpZ24uY29tL3Jl=
cG9z
aXRvcnkvUlBBMA8GA1UdEwQIMAYBAf8CAQAwCwYDVR0PBAQDAgEGMA0GCSqGSIb3DQEBAgUA=
A4GB
AIi4Nzvd2pQ3AK2qn+GBAXEekmptL/bxndPKZDjcG5gMB4ZbhRVqD7lJhaSV8Rd9Z7R/LSzd=
mkKe
wz60jqrlCwbe8lYq+jPHvhnXU0zDvcjjF7WkSUJj7MKmFw9dWBpJPJBcVaNlIAD9GCDlX4Km=
saiS
xVhqwY0DPOvDzQWikK5uMIIFAzCCBGygAwIBAgIQFscel95aTKzIlQN11oPDDDANBgkqhkiG=
9w0B
AQQFADCBzDEXMBUGA1UEChMOVmVyaVNpZ24sIEluYy4xHzAdBgNVBAsTFlZlcmlTaWduIFRy=
dXN0
IE5ldHdvcmsxRjBEBgNVBAsTPXd3dy52ZXJpc2lnbi5jb20vcmVwb3NpdG9yeS9SUEEgSW5j=
b3Jw
LiBCeSBSZWYuLExJQUIuTFREKGMpOTgxSDBGBgNVBAMTP1ZlcmlTaWduIENsYXNzIDEgQ0Eg=
SW5k
aXZpZHVhbCBTdWJzY3JpYmVyLVBlcnNvbmEgTm90IFZhbGlkYXRlZDAeFw05OTA2MjgwMDAw=
MDBa
Fw0wMDA2MjcyMzU5NTlaMIIBHjEXMBUGA1UEChMOVmVyaVNpZ24sIEluYy4xHzAdBgNVBAsT=
FlZl
cmlTaWduIFRydXN0IE5ldHdvcmsxRjBEBgNVBAsTPXd3dy52ZXJpc2lnbi5jb20vcmVwb3Np=
dG9y
eS9SUEEgSW5jb3JwLiBieSBSZWYuLExJQUIuTFREKGMpOTgxHjAcBgNVBAsTFVBlcnNvbmEg=
Tm90
IFZhbGlkYXRlZDE0MDIGA1UECxMrRGlnaXRhbCBJRCBDbGFzcyAxIC0gTWljcm9zb2Z0IEZ1=
bGwg
U2VydmljZTEdMBsGA1UEAxQUTWF0dGhldyBMZWUgTWFuZGFsZWsxJTAjBgkqhkiG9w0BCQEW=
Fm1h
bmRhbGVrQGludGVyLW5ldC5uZXQwgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBAOnGNNzm=
LnSR
BahHG+KwX1I4NQuMbpENHID0FuKyN2xWko66xscNABtziDyEW09nhHw8sqFzjkJgn3erVHhE=
hvdL
ffb2fYEsR3IYeHQX1EiVK3TDsThBHcIdoXD7MHH0tQUfVvhKiAzxucvBjBrEpTPMslugVTHn=
rHMP
umRvEO+DAgMBAAGjggGPMIIBizAJBgNVHRMEAjAAMIGsBgNVHSAEgaQwgaEwgZ4GC2CGSAGG=
+EUB
BwEBMIGOMCgGCCsGAQUFBwIBFhxodHRwczovL3d3dy52ZXJpc2lnbi5jb20vQ1BTMGIGCCsG=
AQUF
BwICMFYwFRYOVmVyaVNpZ24sIEluYy4wAwIBARo9VmVyaVNpZ24ncyBDUFMgaW5jb3JwLiBi=
eSBy
ZWZlcmVuY2UgbGlhYi4gbHRkLiAoYyk5NyBWZXJpU2lnbjARBglghkgBhvhCAQEEBAMCB4Aw=
gYYG
CmCGSAGG+EUBBgMEeBZ2ZDQ2NTJiZDYzZjIwNDcwMjkyOTg3NjNjOWQyZjI3NTA2OWM3MzU5=
YmVk
MWIwNTlkYTc1YmM0YmM5NzAxNzQ3ZGE1ZDNmMjE0MWJlYWRiMmJkMmU4OTIxZmFmNjlmN2Q3=
MTE0
OTliYTFiODQ0ZmVmM2VhNDUwYzAzBgNVHR8ELDAqMCigJqAkhiJodHRwOi8vY3JsLnZlcmlz=
aWdu
LmNvbS9jbGFzczEuY3JsMA0GCSqGSIb3DQEBBAUAA4GBADeu3upBy6XxpRkV2s78GFW/9Axy=
O1x3
ft4Rcad7g6qqCg5HYRJbLGhH9FhYQw0dcLEoeYdDJmjLErs91lh5ceJ+KM0JiTTLWtsh8brp=
pBa+
nB0SgK0madnuqyyUQep3al71ZAXEbJ32BwzkZO2tSUwXZkRdqzC1z+fScZ3B07+iMYIDODCC=
AzQC
AQEwgeEwgcwxFzAVBgNVBAoTDlZlcmlTaWduLCBJbmMuMR8wHQYDVQQLExZWZXJpU2lnbiBU=
cnVz
dCBOZXR3b3JrMUYwRAYDVQQLEz13d3cudmVyaXNpZ24uY29tL3JlcG9zaXRvcnkvUlBBIElu=
Y29y
cC4gQnkgUmVmLixMSUFCLkxURChjKTk4MUgwRgYDVQQDEz9WZXJpU2lnbiBDbGFzcyAxIENB=
IElu
ZGl2aWR1YWwgU3Vic2NyaWJlci1QZXJzb25hIE5vdCBWYWxpZGF0ZWQCEBbHHpfeWkysyJUD=
ddaD
wwwwCQYFKw4DAhoFAKCCAawwGAYJKoZIhvcNAQkDMQsGCSqGSIb3DQEHATAcBgkqhkiG9w0B=
CQUx
DxcNOTkwNzE5MTE0OTE5WjAjBgkqhkiG9w0BCQQxFgQUlEHTCCNkM0FQEZG/cNTT9lA4HSEw=
WAYJ
KoZIhvcNAQkPMUswSTAKBggqhkiG9w0DBzAOBggqhkiG9w0DAgICAIAwBwYFKw4DAgcwDQYI=
KoZI
hvcNAwICASgwBwYFKw4DAhowCgYIKoZIhvcNAgUwgfIGCSsGAQQBgjcQBDGB5DCB4TCBzDEX=
MBUG
A1UEChMOVmVyaVNpZ24sIEluYy4xHzAdBgNVBAsTFlZlcmlTaWduIFRydXN0IE5ldHdvcmsx=
RjBE
BgNVBAsTPXd3dy52ZXJpc2lnbi5jb20vcmVwb3NpdG9yeS9SUEEgSW5jb3JwLiBCeSBSZWYu=
LExJ
QUIuTFREKGMpOTgxSDBGBgNVBAMTP1ZlcmlTaWduIENsYXNzIDEgQ0EgSW5kaXZpZHVhbCBT=
dWJz
Y3JpYmVyLVBlcnNvbmEgTm90IFZhbGlkYXRlZAIQFscel95aTKzIlQN11oPDDDANBgkqhkiG=
9w0B
AQEFAASBgJmWdc6FtQkjAzsVs8q9SP1qUX8+uX2aNIcfTGtRkKBh+nRuDBqQaOYklMW7B+qN=
nVYr
c8Qh5gjSy2KBrfgr4CmHIi43LEHjDoT7RvfE/Ae7t901e/TP4M3GhzVl3vuB2I41XDKJkIze=
RXWu
AL5QESqgK9HOBi+Dc9R+t5RQOT+LAAAAAAAA
- ------=3D_NextPart_000_0005_01BED1A2.0FDBE910--
-
---------------------------------------------------------------------
The VNC mailing list - see
http://www.uk.research.att.com/vnc/intouch.html
-
---------------------------------------------------------------------
------------------------------
Date: Mon, 19 Jul 1999 13:25:47 -0000
From: "Morton, David (NICL)"
<David.Morton "at" northern-electric.co.uk>
Subject: RE: CORBA/Internal Version: RE: Radmin
- -
It seems
- ----Original Message-----
From: Matthew Benjamin [mailto:mbenjamin "at" provide.net]
Sent: 13 July 1999 22:09
To: vnc-list "at" uk.research.att.com; Tony Gurnick
Subject: CORBA/Internal Version: RE: Radmin
>=20
> Both packages lack the ability to hunt the network and
retrieve the IP
> address of all possible machines
> that can be remote accessed.
>=20
> BTW does anyone have a package that does do this?
>=20
I have a wraper for vnc that installs the server version and
starts the
service before connecting - so any NT machine on an NT domain -
where the
user has permissions can be accesses !
If you know the NT Domain user name you want to connect to, this
can be
easily mapped to ip address by :
net send username
nbtstat -n
To build a list of connectable machines - try this=20
net view to extract a list of machines that are switched on=20
Use nc.exe - a small port scanning program from the hobbit -
can't remember
the url, but if you can't find it on the net, let me know, and I
will send
it out
dir | nc -v macname 5800
which will return an errorlevel of 0 if a vnc server is running
on the
target machine ( macname)
or 1 if not.
put all this simple check in a for loop to cycle through the
output of net
view and write the machine names where %errorlevel% =3D 0 to a
file.
with a little in line text editing - unix perl, sed and or awk
are good for
this - this list could be turned in to html code to make each
machine a
hyperlink to port 5800
et voila a web page listing all machines on the net with vnc
installed !=20
**********************************************************************
This email and any files transmitted with it are confidential
and=20
intended solely for the use of the individual or entity to whom
they =20
are addressed. If you have received this email in error please
notify=20
the system manager.
This footnote also confirms that this email message has been
swept by=20
MIMEsweeper for the presence of computer viruses.
www.mimesweeper.com
**********************************************************************
-
---------------------------------------------------------------------
The VNC mailing list - see
http://www.uk.research.att.com/vnc/intouch.html
-
---------------------------------------------------------------------
------------------------------
Date: Mon, 19 Jul 1999 08:50:37 -0500
From: Greg Breland <gbreland "at" healthtech.net>
Subject: RE: vnc will not work with rh6
By default, RH6 puts fonts here
/usr/lib/X11/fonts/misc/
/usr/lib/X11/fonts/75dpi/
In you config file you have them listed as being here:
/usr/X11R6/lib/X11/fonts/misc/
/usr/X11R6/lib/X11/fonts/Speedo/
/usr/X11R6/lib/X11/fonts/Type1/
/usr/X11R6/lib/X11/fonts/75dpi/
/usr/X11R6/lib/X11/fonts/100dpi/
Have you confirmed that your fonts reside in the X11R6 directory
and not the
/lib/X11 directory? The only way they would be there is if you
moved them
there.
-
---------------------------------------------------------------------
The VNC mailing list - see
http://www.uk.research.att.com/vnc/intouch.html
-
---------------------------------------------------------------------
------------------------------
Date: Mon, 19 Jul 1999 09:41:35 -0400
From: "Jay R. Ashworth" <jra "at" baylink.com>
Subject: Re: vnc client with many clients
On Sun, Jul 18, 1999 at 07:54:11PM -0400, Rich Lafferty wrote:
> > > I'm not sure that this does what you think it does. If you
had 50=20
> > > clients connected to a single server (my max has been
three), then
> > > all 50 would be fighting for control of the keyboard,
mouse, etc.=20
> >=20
> > You live in a Windows world, don't you Rich.
>=20
> No, I don't. A handful of unices, OpenVMS and MacOS here.
Well, you know, that left my _head_ with a smiley face at the
end of
the sentence. Oops.
> > It's perfectly possible to run multiple vncservers on a Unix
box --
> > although running 50 Xservers might be an, um, 'interesting
load
> > experiment'.
>=20
> That's not a single server, then, is it?
Well, you know, in common parlance, yes "a Unix box" =3D=3D "one
server"...
> Besides, the
confusion was
> cleared up in a follow-up post *two days* ago. If you're going
to
> contribute signal-less not-quite-flames, at least do them with
some
> sense of timing.
So I found out when the mail list server got around to shipping
me
those messages, two hours later. These things will happen...
Cheers,
- -- jra
- --=20
Jay R. Ashworth
jra "at" baylink.com
Member of the Technical Staff Buy copies of The New Hackers
Dictionary.
The Suncoast Freenet Give them to all your friends.
Tampa Bay, Florida http://www.ccil.org/jargon/
+1 813 790 7592
-
---------------------------------------------------------------------
The VNC mailing list - see
http://www.uk.research.att.com/vnc/intouch.html
-
---------------------------------------------------------------------
------------------------------
Date: Mon, 19 Jul 1999 17:02:55 +200
From: "Jean Jordaan" <rgo_anas "at" rgo.sun.ac.za>
Subject: pasting into vim via vnc
Hello all
I'm happily using WinVNC [1] to work on a Linux box on the LAN
from=20
W95.=20
Problem: I copy an amount of text in M$ Word (ctrl-a ctrl-c) and
alt-
tab to the Linux session. There I cannot middle-button-paste in
gvim=20
[2] ("Nothing in register *") but pasting into vim or emacs is
no=20
problem.=20
Any clues?
- --jean . .. .....
///\oo/\\\
[1] http://www.uk.research.att.com/vnc/winvnc.html
[2] http://www.vim.org
-
---------------------------------------------------------------------
The VNC mailing list - see
http://www.uk.research.att.com/vnc/intouch.html
-
---------------------------------------------------------------------
------------------------------
Date: Mon, 19 Jul 1999 11:43:08 -0400
From: Rich Lafferty <rich "at" alcor.concordia.ca>
Subject: Access controls and logging
I use VNC with a variety of clients to access Mac servers, in
order
to do remote administration.
I'm currently in the process of doing up a short security audit
around
here, and a couple of wish-list requests have come to mind. In
particular, it would be good if VNC had some form of at least
rudimentary access-control; I'd like to be able to say "only
allow
connections from <machine on secure subnet>".
Second, it'd also be a Neat Thing if VNC were to log connections
and unsuccessful connection attempts. It's a bit of a liability
to
have a service which basically equals console access when
there's no
way to find out if anyone's been trying to get access they
shouldn't
have.
Any chance of these bits getting included at some point in the
future?
-Rich
- --=20
- ------------------------------ Rich Lafferty
---------------------------
Sysadmin/Programmer, Information and Instructional Technology
Services
Concordia University, Montreal, QC (514)
848-7600 =20
- ------------------------- rich "at" alcor.concordia.ca
----------------------
-
---------------------------------------------------------------------
The VNC mailing list - see
http://www.uk.research.att.com/vnc/intouch.html
-
---------------------------------------------------------------------
------------------------------
Date: Mon, 19 Jul 1999 08:50:04 -0700
From: "Tony Su" <beaches "at" inetworld.net>
Subject: RE: BO2K
One of the main differences (if not <the> main diff) is that
BO2K doesn't in
any way indicate to a logged in User that it's running.
As long as WinVNC sets up that icon in the tray and shows up in
the Services
applet (NT), then Admins (and others) shouldn't consider it in
the same
light.
Tony Su
http://www.inetworld.net/beaches/home.html
Get DSL! 144kb - 1.5mb per second!
Free pre-qualification
VPN, Virtual Storage, Proxies
- -----Original Message-----
From: owner-vnc-list "at" uk.research.att.com
[mailto:owner-vnc-list "at" uk.research.att.com]On Behalf Of Matthew
Lee Mandalek
Sent: Monday, July 19, 1999 4:53 AM
To: Listserv - Vnc-List (E-mail)
Subject: BO2K
Thought this might be interesting reading....
>1. Back Off, Back Orifice
http://cgi.zdnet.com/slink?4978
It doesn't matter if you buy cDc Communications argument that
"Back Orifice 2000 is the most powerful network administration
tool available for the Microsoft environment." The plain truth
is
that BO2K enables crackers to wreak havoc on net-connected
Windows 95, Windows 98 and NT systems. Click here for the full
story.
Internet Systems
Matthew Mandalek
74040 Highway #111, L211
Palm Desert, CA 92260
760-862-1249 - Voice
760-862-1289 - Fax
6980378 - ICQ
mandalek - Instant Messenger
-
---------------------------------------------------------------------
The VNC mailing list - see
http://www.uk.research.att.com/vnc/intouch.html
-
---------------------------------------------------------------------
------------------------------
Date: Mon, 19 Jul 1999 17:01:49 +0100
From: "James \"Wez\" Weatherall" <jnw22 "at" cam.ac.uk>
Subject: Re: Access controls and logging
> I use VNC with a variety of clients to access Mac servers, in
order
> to do remote administration.
>=20
> I'm currently in the process of doing up a short security
audit around
> here, and a couple of wish-list requests have come to mind. In
> particular, it would be good if VNC had some form of at least
> rudimentary access-control; I'd like to be able to say "only
allow
> connections from <machine on secure subnet>".
This feature will be available in the next release.
Cheers,
James "Wez" Weatherall
- --
- - Queens' College MCR Entertainments Officer -=20
Laboratory for Communications Engineering, Cambridge - Tel :
766513
AT&T Labs Cambridge, UK - Tel :
343000
-
---------------------------------------------------------------------
The VNC mailing list - see
http://www.uk.research.att.com/vnc/intouch.html
-
---------------------------------------------------------------------
------------------------------
Date: Mon, 19 Jul 1999 18:35:20 +0100
From: "Alex Heylin" <aheylin "at" cix.co.uk>
Subject: VNC and Netware user lists
This is a multi-part message in MIME format.
- ------=3D_NextPart_000_0068_01BED215.74B1FB40
Content-Type: text/plain;
charset=3D"iso-8859-1"
Content-Transfer-Encoding: quoted-printable
I would like to use VNC on a mainly netware 4.11 network, and am
=3D
wondering if anyone's written a proglet or knows a way to get
from a =3D
user's login name / real name to the IP addresses of the PCs
they're =3D
logged into. =3D20
Either that, or a graphical means of displaying all the VNC
servers =3D
running on a given network (or subnet) complete with the server
name (eg =3D
the windows PC name) and if possible a description line (from
the =3D
windows Network control panel).
Has anyone done anything like this? Or am I barking up the
wrong tree =3D
completely? ?If there a much easier way to achive the same
effect. I =3D
want to use this for IT helpdesk -> users PC control. It needs
to be =3D
easy to find the right IP address from out DHCP stack. - We are
looking =3D
at fixed IP, but I'd rather avoid it if possible.
Thanks!
Alex
- ------=3D_NextPart_000_0068_01BED215.74B1FB40
Content-Type: text/html;
charset=3D"iso-8859-1"
Content-Transfer-Encoding: quoted-printable
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN">
<HTML><HEAD>
<META content=3D3D"text/html; charset=3D3Diso-8859-1" =3D
http-equiv=3D3DContent-Type>
<META content=3D3D"MSHTML 5.00.2014.210" name=3D3DGENERATOR>
<STYLE></STYLE>
</HEAD>
<BODY bgColor=3D3D#ffffff>
<DIV><FONT size=3D3D2>I would like to use VNC on a mainly netware
4.11 =3D
network, and=3D20
am wondering if anyone's written a proglet or knows a way to get
from a =3D
user's=3D20
login name / real name to the IP addresses of the PCs they're
logged =3D
into. =3D20
</FONT></DIV>
<DIV><FONT size=3D3D2></FONT> </DIV>
<DIV><FONT size=3D3D2>Either that, or a graphical means of
displaying all =3D
the VNC=3D20
servers running on a given network (or subnet) complete with the
server =3D
name (eg=3D20
the windows PC name) and if possible a description line (from
the =3D
windows=3D20
Network control panel).</FONT></DIV>
<DIV> </DIV>
<DIV><FONT size=3D3D2>Has anyone done anything like this? Or
am I =3D
barking up=3D20
the wrong tree completely? ?If there a much easier way to
achive =3D
the same=3D20
effect. I want to use this for IT helpdesk -> users PC
=3D
control. =3D20
It needs to be easy to find the right IP address from out DHCP
stack. - =3D
We are=3D20
looking at fixed IP, but I'd rather avoid it if
possible.</FONT></DIV>
<DIV> </DIV>
<DIV><FONT size=3D3D2>Thanks!</FONT></DIV>
<DIV> </DIV>
<DIV><FONT size=3D3D2>Alex</FONT></DIV></BODY></HTML>
- ------=3D_NextPart_000_0068_01BED215.74B1FB40--
-
---------------------------------------------------------------------
The VNC mailing list - see
http://www.uk.research.att.com/vnc/intouch.html
-
---------------------------------------------------------------------
------------------------------
Date: Mon, 19 Jul 1999 13:46:50 -0400
From: "Stuart, Bill" <Stuart "at" Tessco.Com>
Subject: RE: BO2K (No VNC content, sorry)
=20
Matthew Lee Mandalek [ mandalek "at" inter-net.net
<mailto:mandalek "at" inter-net.net> ] Wrote:=20
Thought this might be interesting reading....=20
>1. Back Off, Back Orifice=20
http://cgi.zdnet.com/slink?4978
<http://cgi.zdnet.com/slink?4978> =20
It doesn't matter if you buy cDc Communications argument that=20
"Back Orifice 2000 is the most powerful network administration=20
tool available for the Microsoft environment." The plain truth
is=20
that BO2K enables crackers to wreak havoc on net-connected=20
Windows 95, Windows 98 and NT systems. Click here for the full=20
story.=20
Matthew,=20
=20
SO DOES MICROSOFT'S SMS, COMPAQ'S CARBON COPY, AND ARTISOFT'S
COSESSION
REMOTE!
=20
Please don't buy into the hype that Microsoft and the anti-virus
companies
have foisted upon the public. It is the absolute truth that
Back Orifice is
a powerful tool. It was not created with malice for anyone or
anything,
except for maybe the weak security model of Windows. Remember,
Bill Gates
and Network Associates are trying to sell you software! The
best way to
sell things has always been through fear. "Back Orifice is
Evil!" sells
lots of anti-virus software... Fact is Microsoft's own products
can be used
in much the same way (including hidden operation!).
=20
Like any other powerful tool (like, say, nuclear energy), it can
be used for
good or evil. Einstein never intended his equation to be used
to kill
millions. Luckily we only killed hundreds of thousands, maybe
saving
millions in the process! Nuclear energy can be good (medicine,
electric
power, safer food, ended a war, etc.), or it can be bad (Three
Mile Island,
Chernobyl, Cold War, India, Pakistan, Iraq). Back Orifice can
also be good
(simple, cheap, secure, total remote control with OPEN SOURCE
CODE.) or it
can be bad (unknown malicious users penetrating insecure systems
because
uninformed users are allowed to run executables received via
email). If a
cracker, using BO2K as his vehicle, penetrates a system, then
blame should
be shared by Microsoft's weak security, a poor sys admin who
would allow
users to be uniformed and to run executables unchecked, and of
course mostly
the cracker (CASTRATE THE BASTARD if you catch him!).
=20
BO2K is a tool. How you use it determines the color of your
hat...
=20
PLEASE DON'T RESPOND BACK TO THIS MAILING LIST!
Respond to me directly if you wish to continue this discussion.
=20
Sorry for the non-VNC content, but I thought Matthew's statement
deserved a
public response. You'll not see any more non-VNC posts from me.
I am not a
cracker, or even much of a hacker, and I am not associated with
any of these
companies or cDc in any way.
=20
- Bill
stuart "at" tessco.com <mailto:stuart "at" tessco.com>=20
=20
My opinions belong to me, not my company... YMMV.
-
---------------------------------------------------------------------
The VNC mailing list - see
http://www.uk.research.att.com/vnc/intouch.html
-
---------------------------------------------------------------------
------------------------------
Date: Mon, 19 Jul 1999 18:54:22 +0100
From: Quentin Stafford-Fraser <quentin "at" uk.research.att.com>
Subject: Re: Problems with rfbcounter
Jay wrote:
> I downloaded rfbcounter and
> compiled it. It runs fine, but when I try to view it=20
> from ether one of my systems it creates
> a window that quickly disappears.=20
Jay -=20
Are you using the -bgr233 option to vncviewer as mentioned in
the
rfbcounter docs?
There may also be endian issues - can you view it on the same
machine
that runs it?
regards
Quentin
- --=20
-
----------------------------------------------------------------------
Dr Quentin Stafford-Fraser
AT&T Laboratories Cambridge
http://www.uk.research.att.com/~qsf
-
---------------------------------------------------------------------
The VNC mailing list - see
http://www.uk.research.att.com/vnc/intouch.html
-
---------------------------------------------------------------------
------------------------------
Date: Mon, 19 Jul 1999 19:10:50 +0100
From: Quentin Stafford-Fraser <quentin "at" uk.research.att.com>
Subject: Re: Global per-user registry settings / screen-painting
Hi Wez,
This stuff is scarily complicated. Do you think you could
sketch a
table/flowchart which would allow people to see the order in
which
settings are set/consulted in each situation? I'm happy to turn
it into
a pretty Powerpoint slide or something.
Something like:
-------- Are you using Win95/98/NT? -----=20
| |
| |
Win9x NT
| |
Running as a service/application
Service/App?
| | |
|
Single/multi-user setup
| |
and so forth. I don't understand it, and I helped write the
docs!
Ta,
Q.
James \"Wez\" Weatherall wrote:
>=20
> ->
> Did I get that right: The definition of "global per-user
setting" in the
> documentation is wrong and they are all (and always) located
under
> HKEY_USERS\.default instead of HKEY_CURRENT_USER ?
> Or is this related only to running winvnc as a service.
> Then it's ok and normal NT-logic (which is not documented on
the web site?).
> -<
>=20
> No. The documentation is accurate. It states, in addition to
the above,
> that:
> "NOTE : Windows NT : The settings used by the winvnc service
are the Default
> user settings and are stored per-machine, rather than on a
per-user basis as
> is done when running WinVNC normally. Access for all users
will be
> controlled by the one machine-specific password.
>=20
> NOTE : Windows 95 : If Win95 has been set to use different
settings for each
> user then the settings used are those of the currently logged
in user. If
> no user is logged in or Win95 is set to use the same settings
for all users
> then the settings used are the Default user settings and are
stored
> per-machine, rather than on a per-user basis as is done when
running WinVNC
> normally. (Under Win95, pressing Cancel on the login dialog
gives access to
> the Default user settings.)"
>=20
> WinVNC will use HKEY_CURRENT_USER where possible. When
running on Win95
> with a single profile setup, HKEY_CURRENT_USER is always
> HKEY_USERS/.Default, while on NT, when running as a service,
> HKEY_CURRENT_USER is always HKEY_USERS/.Default, because the
service does
> not run as a particular user.
>=20
> ->
- --=20
-
----------------------------------------------------------------------
Dr Quentin Stafford-Fraser
AT&T Laboratories Cambridge
http://www.uk.research.att.com/~qsf
-
---------------------------------------------------------------------
The VNC mailing list - see
http://www.uk.research.att.com/vnc/intouch.html
-
---------------------------------------------------------------------
------------------------------
Date: Mon, 19 Jul 1999 14:48:22 -0400
From: David Pope <sasdcp "at" wnt.sas.com>
Subject: Connecting to SSH server w/ssh client to use VNC
I have used the information posted to this listserve to
successfully
install a SSH server on my NT box :) and tested the connection
from the
same box with an ssh client. I want to test the performance
gain for VNC
through a compressed ssh tunnel.
=20
My question is:=20
=20
What pieces do I need to have on another machine in order to use
the ssh client to connect to the server. =20
Currently, I have copying over the ssh.exe and the cygwin19.dll.
I think I need to have my private key too and
maybe a etc/passwd file on the client machine, but I am not
sure.
=20
Any help would be appreciated especially in the form=20
you need the following files on the client:
=20
ssh.exe
cygwin19.dll
(list of other files I need)
=20
Thanks,
David
=20
-
---------------------------------------------------------------------
The VNC mailing list - see
http://www.uk.research.att.com/vnc/intouch.html
-
---------------------------------------------------------------------
------------------------------
Date: Mon, 19 Jul 1999 14:52:48 -0400
From: "Jay R. Ashworth" <jra "at" baylink.com>
Subject: Re: Access controls and logging
On Mon, Jul 19, 1999 at 05:01:49PM +0100, James "Wez" Weatherall
wrote:
> > I'm currently in the process of doing up a short security
audit around
> > here, and a couple of wish-list requests have come to mind.
In
> > particular, it would be good if VNC had some form of at
least
> > rudimentary access-control; I'd like to be able to say "only
allow
> > connections from <machine on secure subnet>".
>=20
> This feature will be available in the next release.
Is there a publically accessible ticklist of planned additions
to the
code?
Cheers,
- -- jra
- --=20
Jay R. Ashworth
jra "at" baylink.com
Member of the Technical Staff Buy copies of The New Hackers
Dictionary.
The Suncoast Freenet Give them to all your friends.
Tampa Bay, Florida http://www.ccil.org/jargon/
+1 813 790 7592
-
---------------------------------------------------------------------
The VNC mailing list - see
http://www.uk.research.att.com/vnc/intouch.html
-
---------------------------------------------------------------------
------------------------------
Date: Mon, 19 Jul 1999 20:00:16 +0100
From: Quentin Stafford-Fraser <quentin "at" uk.research.att.com>
Subject: SSH and VNC
Hello All,
I've been away for a while, but all the SSH discussions in my
absence
have encouraged me to revive a page I started writing a while
ago on
'Using VNC with SSH'.=20
You can find it on the Documentation page, or directly from
http://www.uk.research.att.com/vnc/sshvnc.html=20
Comments and suggestions welcomed.
Quentin
- --=20
-
----------------------------------------------------------------------
Dr Quentin Stafford-Fraser
AT&T Laboratories Cambridge
http://www.uk.research.att.com/~qsf
-
---------------------------------------------------------------------
The VNC mailing list - see
http://www.uk.research.att.com/vnc/intouch.html
-
---------------------------------------------------------------------
------------------------------
Date: Mon, 19 Jul 1999 12:54:39 -0700
From: Scott Dudley <scott "at" telesoft.com>
Subject: Re: Connecting to SSH server w/ssh client to use VNC
This is a multi-part message in MIME format.
- --------------B29D6DBED52FFDB16EF0DDC2
Content-Type: text/plain; charset=3Dus-ascii
Content-Transfer-Encoding: 7bit
David Pope wrote:
> I have used the information posted to this listserve to
successfully
> install a SSH server on my NT box :) and tested the connection
from the
> same box with an ssh client. I want to test the performance
gain for VNC
> through a compressed ssh tunnel.
>
> My question is:
>
> What pieces do I need to have on another machine in order to
use the ssh client to connect to the server.
> Currently, I have copying over the ssh.exe and the
cygwin19.dll. I think I need to have my private key too and
> maybe a etc/passwd file on the client machine, but I am not
sure.
>
> Any help would be appreciated especially in the form
> you need the following files on the client:
>
> ssh.exe
> cygwin19.dll
> (list of other files I need)
>
> Thanks,
> David
>
>
>
---------------------------------------------------------------------
> The VNC mailing list - see
http://www.uk.research.att.com/vnc/intouch.html
>
---------------------------------------------------------------------
- --------------B29D6DBED52FFDB16EF0DDC2
Content-Type: text/plain; charset=3Dus-ascii;
name=3D"SSH2.QUICKSTART"
Content-Transfer-Encoding: 7bit
Content-Disposition: inline;
filename=3D"SSH2.QUICKSTART"
[ This document is courtesy of Mr. Hirotaka Yamamoto.
PLEASE don't send him bug-reports about ssh. Send them
to ssh2-bugs "at" ssh.fi.
Sami Lehtinen <sjl "at" ssh.fi> ]
SSH2 Quick Start
September 22, 1998
Table of Contents:
1. About SSH
2. Compatibility with SSH1
3. Building & Installing
4. System Configuration
5. Per-User Configuration
6. Using with SSH1
0. About This Document
This document gives a short description on how one can make SSH2
(SSH
version 2) compatible with SSH1 (SSH version 1) and can install
and
configure SSH2. All descriptions are based on SSH version 2.0.9,
which
was the latest as of Sep. 22, 1998. Building, installing,
configuring, and testing is done on RedHat Linux 5.1, Debian
2.0, and
Solaris2.5.1 operating systems.
No Warranty
This document is opened in the hope that it will be useful for
many
novices, but WITHOUT ANY WARRANTY EXPRESSED OR IMPLIED.
Re-Distribution
Permission to modify this document and to distribute it is
hereby
granted, as long as above notices and copyright notice are
retained. I
will appreciate your notice of modification.
1. About SSH
SSH is a truly seamless and secure replacement of old, insecure
remote login programs such as rlogin or rsh. According to the
official SSH (Secure SHell) site, SSH is "the secure login
program
that revolutionized remote management of networks hosts over the
Internet. It is a powerful, very easy-to-use program that uses
strong
cryptography for protecting all transmitted confidential data,
including passwords, binary files, and administrative
commands.", and
SSH2 is "the sequel to the award winning SSH1 protocol. It
provides a
set of radical improvements to SSH1."=20
You can obtain SSH2 & SSH1 clients and servers in binaries or in
source from the master FTP server, or from its mirrors.=20
2. Compatibility with SSH1
SSH2 can be compatible with SSH1, but is NOT compatible by
default. First, SSH2 requires clients and a server of SSH1 to be
compatible. You will need to obtain and install SSH version
1.2.26 or
later. For the version 1.2.23 and probably any previous releases
of
SSH1 did NOT work with SSH2 in our testing. I don't know about
versions 1.2.24 and 1.2.25. Upgrade to the latest SSH1 before
installing SSH2.
After installing proper versions of SSH1 and SSH2, now you
should edit
SSH2's configuration files, which are normally placed at the
directory
"/etc/ssh2/". The configuration is described later.
3. Building and Installing
The process of building and installing SSH (either version
1.2.26 or
2.0.9) is fairly straightforward. Have you already got SSH
sources?
Download them first. The tar-balls have been signed by PGP.
Verify
your sources if you worry. Below I describe the process briefly.
For
more details, please read README files in the source archives.
=20
Unpack your SSH1 sources, like
> gzip -dc ssh-1.2.26.tar.gz | tar xvpf -
This will create a directory "ssh-1.2.26".=20
=20
Configure the archive and then make binaries, like
> cd ssh-1.2.26
> ./configure; make
=20
Become a super-user and install binaries, configuration
files,
and hostkey by typing
=20
> su
# make install
This will normally install clients (ssh1, slogin1, ...)
to
"/usr/local/bin", and a server (sshd1) to
"/usr/local/sbin".
Notice that the programs that have no trailing "1" in
its name
(i.e., ssh, slogin, sshd, ...) are symbolic links to the
real
executables (ssh1, slogin1, sshd1, ...).
=20
Installing SSH2 is much the same process, say
> gzip -dc ssh-2.0.9.tar.gz | tar xvpf -
> cd ssh-2.0.9
> ./configure; make
> su
# make install
This will normally install clients (ssh2, slogin2, ...)
to
"/usr/local/bin", and a server (sshd2) to
"/usr/local/sbin".
The symbolic links (ssh, slogin, sshd, ...) have been
changed
to direct new SSH2 counterparts (ssh2, slogin2, sshd2,
...)
during the install process.
> ls -l /usr/local/bin/ssh
lrwxrwxrwx 1 root staff 4 Sep 21 18:27
/usr/local/bin/ssh -> ssh2
=20
4. System Configuration
The default configuration is mostly reasonable for ordinary
purposes,
but it lacks compatibility with SSH1. Add the following 2 lines
to
sshd2_config placed at "/etc/ssh2" (or where you installed it).
With
this configuration, sshd2 server will forward requests from SSH1
client to sshd1.
=20
Ssh1Compatibility yes
=20
Sshd1Path /usr/local/sbin/sshd1
Replace "/usr/local/sbin" with the directory where you installed
sshd1
server. Then add the following 2 lines to ssh2_config placed at
the
same directory of sshd2_config. With this configuration, ssh2
client
will invoke ssh1 client when contacting SSH1 server.
=20
Ssh1Compatibility yes
=20
Ssh1Path /usr/local/bin/ssh1
Replace "/usr/local/bin" with the directory where you installed
ssh1
client. Consult the manual pages of sshd and ssh for other
configurations.
5. Per-User Configuration
User configuration of SSH2 becomes smarter than that of SSH1.
Now
public keys are stored in separate files and one can have
multiple
host-specific identifications (i.e., private keys). Read the ssh
manual page for details. Here I describe most basic usage of
SSH2. When you want to login to a remote host (Remote) from a
local
computer (Local) using SSH2, you do:
=20
1. Create private & public keys of Local, by executing
ssh-keygen (ssh-keygen2) on Local.=20
Local> ssh-keygen
Generating 1024-bit dsa key pair
9 o.oOo..oOo.o
Key generated.
1024-bit dsa, created by ymmt "at" Local Wed Sep 23
07:11:02 1998
Passphrase :
Again :
Private key saved to /home/ymmt/.ssh2/id_dsa_1024_a
Public key saved to
/home/ymmt/.ssh2/id_dsa_1024_a.pub
ssh-keygen will ask you a passphrase for new key. Enter
a
sequence of any ordinal character (white spaces are OK)
of proper
length (20 characters or so). ssh-keygen creates a
".ssh2"=20
directory in your home directory, and stores a new
authentication key in two separate files. One is your
private
key and thus it must NOT be opened to anyone but you. In
above
example, it is id_dsa_1024_a. The other
(id_dsa_1024_a.pub) is
a public key that is safe to be opened and to be
distributed
to other computers. =20
=20
2. Create an "identification" file in your ".ssh2"
directory on Local.
Local> cd ~/.ssh2
Local> echo "IdKey id_dsa_1024_a" > identification
This will create a file "identification" in your ".ssh2"
directory, which has one line that denotes which file
contains your identification. An identification
corresponds a passphrase (see above). You can create
multiple identifications by executing ssh-keygen
again, but rarely you should.
=20
3. Do the same thing (1, and optionally 2) on Remote.
This is needed just to setup ".ssh2" directory on
Remote. Passphrase may be different.
=20
4. Copy your public key of Local (id_dsa_1024_a.pub) to
".ssh2"
directory of Remote under the name, say, "Local.pub".
".ssh2" on Remote now contains:
Remote>ls -F ~/.ssh2
Local.pub
authorization
hostkeys/
id_dsa_1024_a
id_dsa_1024_a.pub
identification
random_seed
=20
5. Create an "authorization" file in your ".ssh2"
directory on
Remote. Add the following one line to "authorization",
=20
=20
Key Local.pub
=20
=20
which directs SSH server to see Local.pub when
authorizing your login. If you want to login to
Remote from other hosts, create authorization keys on
the hosts (step 1 and 2) and repeat step 4 and 5 on
Remote.
=20
6. Now you can login to Remote from Local using SSH2!
=20
Try to login:
Local>ssh Remote
Passphrase for key "/home/ymmt/.ssh2/id_dsa1024_a"
with
comment "1024-bit dsa, created by ymmt "at" Local Mon Sep
21
17:53:01 1998":
=20
Enter your passphrase on Local, good luck!
=20
6. Using with SSH1
Your users may insist that they use old SSH1 clients after you
installed SSH2. Here are some notices about it.
=20
Server
sshd2 server will forward SSH1 clients to sshd1, so
users
who want to connect SSH2 server with SSH1 protocol
should
explicitly use ssh1 command.
=20
Clients
Users of SSH1 should also use ssh-keygen1,
ssh-agent1 and
ssh-add1.
=20
=20
In short, use ssh*1 explicitly.
Comments and suggestions are welcome.
Copyright (C) 1998 Hirotaka Yamamoto <ymmt "at" is.s.u-tokyo.ac.jp>
- --------------B29D6DBED52FFDB16EF0DDC2
Content-Type: text/x-vcard; charset=3Dus-ascii;
name=3D"scott.vcf"
Content-Transfer-Encoding: 7bit
Content-Description: Card for Scott Dudley
Content-Disposition: attachment;
filename=3D"scott.vcf"
begin:vcard=20
n:Dudley;Scott
tel;fax:(602) 308-1300
tel;work:(602) 308-1115
x-mozilla-html:FALSE
url:www.telesoft.com
org:Telesoft Corp.;Research & Development
version:2.1
email;internet:scott "at" telesoft.com
title:Developer
adr;quoted-printable:;;3443 N Central Ave=3D0D=3D0ASuite
1800;Phoenix;AZ;85016;US
x-mozilla-cpt:;-29056
fn:Scott Dudley
end:vcard
- --------------B29D6DBED52FFDB16EF0DDC2--
-
---------------------------------------------------------------------
The VNC mailing list - see
http://www.uk.research.att.com/vnc/intouch.html
-
---------------------------------------------------------------------
------------------------------
Date: Mon, 19 Jul 1999 13:12:30 -0700
From: Scott Dudley <scott "at" telesoft.com>
Subject: Re: SSH and VNC
This is a multi-part message in MIME format.
- --------------23B664ED91F03DA3EA1FBBF0
Content-Type: text/plain; charset=3Dus-ascii
Content-Transfer-Encoding: 7bit
Quentin Stafford-Fraser wrote:
> Hello All,
>
> I've been away for a while, but all the SSH discussions in my
absence
> have encouraged me to revive a page I started writing a while
ago on
> 'Using VNC with SSH'.
>
> You can find it on the Documentation page, or directly from
> http://www.uk.research.att.com/vnc/sshvnc.html
>
> Comments and suggestions welcomed.
> Quentin
> --
>
----------------------------------------------------------------------
> Dr Quentin Stafford-Fraser
> AT&T Laboratories Cambridge
> http://www.uk.research.att.com/~qsf
>
>
---------------------------------------------------------------------
> The VNC mailing list - see
http://www.uk.research.att.com/vnc/intouch.html
>
---------------------------------------------------------------------
Quentin,
Both your page and Rich Lafferty state to pass the -C argument
to ssh in
order to enable compression however on my version (2.0.13), +C
enables, -C
disables. Also noted that screen refreshes are much quicker
over compressed
tunnel however, mouse becomes "jerky" and doesn't seem to be as
responsive.
Any similar experiences?
Thanks.
- --------------23B664ED91F03DA3EA1FBBF0
Content-Type: text/x-vcard; charset=3Dus-ascii;
name=3D"scott.vcf"
Content-Transfer-Encoding: 7bit
Content-Description: Card for Scott Dudley
Content-Disposition: attachment;
filename=3D"scott.vcf"
begin:vcard=20
n:Dudley;Scott
tel;fax:(602) 308-1300
tel;work:(602) 308-1115
x-mozilla-html:FALSE
url:www.telesoft.com
org:Telesoft Corp.;Research & Development
version:2.1
email;internet:scott "at" telesoft.com
title:Developer
adr;quoted-printable:;;3443 N Central Ave=3D0D=3D0ASuite
1800;Phoenix;AZ;85016;US
x-mozilla-cpt:;-29056
fn:Scott Dudley
end:vcard
- --------------23B664ED91F03DA3EA1FBBF0--
-
---------------------------------------------------------------------
The VNC mailing list - see
http://www.uk.research.att.com/vnc/intouch.html
-
---------------------------------------------------------------------
------------------------------
Date: Mon, 19 Jul 1999 16:42:14 -0400
From: Rich Lafferty <rich "at" alcor.concordia.ca>
Subject: Re: SSH and VNC
Quoting Scott Dudley (scott "at" telesoft.com) from Mon, Jul 19, 1999
at 01:12:30PM -0700:
> Quentin Stafford-Fraser wrote:
>=20
> > Hello All,
> >
> > I've been away for a while, but all the SSH discussions in
my absence
> > have encouraged me to revive a page I started writing a
while ago on
> > 'Using VNC with SSH'.
> >
> > You can find it on the Documentation page, or directly from
> > http://www.uk.research.att.com/vnc/sshvnc.html
>=20
> Quentin,
>=20
> Both your page and Rich Lafferty state to pass the -C argument
to ssh in
> order to enable compression however on my version (2.0.13), +C
enables, -C
> disables.=20
Ah, that's an ssh1 vs ssh2 thing. We only use ssh1 here because
of licensing
concerns with ssh2. In general, I think you'll find references
to 'ssh'=20
refer to ssh1, and people specify 'ssh2' explicitly. (Or I find
that, at
least :-)
> Also noted that screen refreshes are much quicker over
compressed
> tunnel however, mouse becomes "jerky" and doesn't seem to be
as
> responsive. Any similar experiences?
That's because you're getting chunks of data at a time, which is
the
nature of compression. (It's not as noticeable as you describe
here,
though..)
> Content-Description: Card for Scott Dudley
Ick! Something's polluting your messages :-)
-Rich
- --=20
- ------------------------------ Rich Lafferty
---------------------------
Sysadmin/Programmer, Information and Instructional Technology
Services
Concordia University, Montreal, QC (514)
848-7600 =20
- ------------------------- rich "at" alcor.concordia.ca
----------------------
-
---------------------------------------------------------------------
The VNC mailing list - see
http://www.uk.research.att.com/vnc/intouch.html
-
---------------------------------------------------------------------
------------------------------
Date: Mon, 19 Jul 1999 17:04:10 -0400
From: "Simon, Mike" <msimon "at" ptct.com>
Subject: RE: connection closed
good news,
after another reboot of the server, vnc seems to be
working again.
it has gone through periods of working/not working, with
most
of the working sessions being shortly after a reboot.
it's a
production
server, so I dont get to reboot the machine as often as
I'd like.
as I mentioned before, once it get into its "connection
closed"
mode,
it likes to stay that way, and has even done so after a
reboot.
I'm happy to say I've never had any issues with any of
the other vnc
servers I use, and we all owe a big thanks to all the
people that
made=20
and provided vnc.
thx,
mike
> -----Original Message-----
> From: James "Wez" Weatherall [SMTP:jnw22 "at" cam.ac.uk]
> Sent: Friday, July 16, 1999 12:44 PM
> To: vnc-list "at" uk.research.att.com
> Subject: Re: connection closed
>=20
> > I've attached a log of one instance of:
> > start WinVNC / attempt login / connection closed
> > In this log, Maximizer is the user who is always
> > logged into the console of the server. I'm not sure why the
> > new/old username message is repeated, could this be
> > part of the problem? I've tried logging in with a different
> > user on the console, but that didn't help either.
> >
> > Oh yeah, the Java viewer doesn't work either on this server.
> > It starts initializing the applet, but quickly (to quick)
goes
> > to a blank white screen with Done at the bottom of the
screen.
> > No password box ever appears. Let me know if a log of the
Java
> > connection would help figure this out.
>=20
> What log level was that log at? If it was less than 10, try
setting it to
> 10.
>=20
> You should check the Services Control Panel and make sure that
the VNC
> Server service is set to have access to the desktop.
>=20
> Cheers,
>=20
> James "Wez" Weatherall
> --
> - Queens' College MCR Entertainments Officer -
> Laboratory for Communications Engineering, Cambridge - Tel :
766513
> AT&T Labs Cambridge, UK - Tel :
343000
>=20
>=20
>=20
>=20
>
---------------------------------------------------------------------
> The VNC mailing list - see
http://www.uk.research.att.com/vnc/intouch.html
>
---------------------------------------------------------------------
-
---------------------------------------------------------------------
The VNC mailing list - see
http://www.uk.research.att.com/vnc/intouch.html
-
---------------------------------------------------------------------
------------------------------
Date: Mon, 19 Jul 1999 14:31:23 -0700 (PDT)
From: Seth Cohn <scohn "at" oregonmed.net>
Subject: Re: SSH and VNC
You might want to use this link:
http://www.net.lut.ac.uk/psst/
Instead of the one for the free ssh you give at the end of that
page.
That ssh isn't open source, and it's unsupported and not
current.
The above link listed a pile of ssh clients and servers, all
free, for
various platforms, including java.
Seth
On Mon, 19 Jul 1999, Quentin Stafford-Fraser wrote:
> Hello All,
>=20
> I've been away for a while, but all the SSH discussions in my
absence
> have encouraged me to revive a page I started writing a while
ago on
> 'Using VNC with SSH'.=20
>=20
> You can find it on the Documentation page, or directly from
> http://www.uk.research.att.com/vnc/sshvnc.html=20
>=20
> Comments and suggestions welcomed.
> Quentin
> --=20
>
----------------------------------------------------------------------
> Dr Quentin Stafford-Fraser
> AT&T Laboratories Cambridge
> http://www.uk.research.att.com/~qsf
>=20
>
---------------------------------------------------------------------
> The VNC mailing list - see
http://www.uk.research.att.com/vnc/intouch.html
>
---------------------------------------------------------------------
>=20
-
---------------------------------------------------------------------
The VNC mailing list - see
http://www.uk.research.att.com/vnc/intouch.html
-
---------------------------------------------------------------------
------------------------------
Date: Mon, 19 Jul 1999 23:01:16 +0100
From: "Luis B. Almeida" <Luis.Almeida "at" inesc.pt>
Subject: Re: SSH and VNC
Quentin Stafford-Fraser wrote:
>=20
> Hello All,
>=20
> I've been away for a while, but all the SSH discussions in my
absence
> have encouraged me to revive a page I started writing a while
ago on
> 'Using VNC with SSH'.
>=20
> You can find it on the Documentation page, or directly from
> http://www.uk.research.att.com/vnc/sshvnc.html
>=20
> Comments and suggestions welcomed.
> Quentin
Quentin,
I think your web page is rather useful. Just a small
clarification: My
instructions aren't exactly a revision of Miroslav's, but rather
a
modification of his instructions for Win 9x. It would be useful
to
clarify this in the web page.
Regards,
Luis
- --=20
Luis B. Almeida
Phone:
+351-1-3100246,+351-1-3544607
INESC Fax: +351-1-3145843
R. Alves Redol, 9 E-mail: luis.almeida "at" inesc.pt
1000-029 Lisboa, Portugal http://hebb.inesc.pt/~lba/=20
-
------------------------------------------------------------------------=
*** Indonesia is cheating with the referendum in East Timor
***
see http://etan.org/
-
---------------------------------------------------------------------
The VNC mailing list - see
http://www.uk.research.att.com/vnc/intouch.html
-
---------------------------------------------------------------------
------------------------------
Date: Mon, 19 Jul 1999 17:25:55 -0500
From: Brent Perez <Brentp "at" venkel.com>
Subject: RE: SSH and VNC ---For Non-Programmers
Does anyone have advice or a compiled version for Win 32 ( NT )
that is
pretty easy to understand? I am not a programmer and have only
very little
experience with these secure protocals but understand the
importance the SSH
discussions. I would like to implement this but ama little
lost..Help?
Brent W. Perez, MCP
Toll Free: 800-950-8365=20
Ph: 512-794-0081=20
Fax: 512-794-0087
Email: brentp "at" venkel.com <mailto:brentp "at" venkel.com>=20
Website: www.venkel.com <http://www.venkel.com>=20
- -----Original Message-----
From: owner-vnc-list "at" uk.research.att.com
[mailto:owner-vnc-list "at" uk.research.att.com]On Behalf Of Scott
Dudley
Sent: Monday, July 19, 1999 3:12 PM
To: vnc-list "at" uk.research.att.com
Subject: Re: SSH and VNC
Quentin Stafford-Fraser wrote:
> Hello All,
>
> I've been away for a while, but all the SSH discussions in my
absence
> have encouraged me to revive a page I started writing a while
ago on
> 'Using VNC with SSH'.
>
> You can find it on the Documentation page, or directly from
> http://www.uk.research.att.com/vnc/sshvnc.html
>
> Comments and suggestions welcomed.
> Quentin
> --
>
----------------------------------------------------------------------
> Dr Quentin Stafford-Fraser
> AT&T Laboratories Cambridge
> http://www.uk.research.att.com/~qsf
>
>
---------------------------------------------------------------------
> The VNC mailing list - see
http://www.uk.research.att.com/vnc/intouch.html
>
---------------------------------------------------------------------
Quentin,
Both your page and Rich Lafferty state to pass the -C argument
to ssh in
order to enable compression however on my version (2.0.13), +C
enables, -C
disables. Also noted that screen refreshes are much quicker
over compressed
tunnel however, mouse becomes "jerky" and doesn't seem to be as
responsive.
Any similar experiences?
Thanks.
-
---------------------------------------------------------------------
The VNC mailing list - see
http://www.uk.research.att.com/vnc/intouch.html
-
---------------------------------------------------------------------
------------------------------
Date: Mon, 19 Jul 1999 17:41:09 -0500
From: "Samuel Gonzalez, Jr." <sam "at" linuxtec.com>
Subject: Re: connection closed
Hello All
I still have a server that will not allow me to
install as
service, I have tried re-booting and to no avail. I have left
the service
running but have had the connection closed errors also. Has
anyone found a
reason why VNC could not be installed as a service on an NT 4.0
Server SP 3?
This is on a routed VPN but I am able to pull up Win 95 clients
on the remote
subnet with no problem. Unfortunately for me I need the server
more than the
clients. BTW excellent piece of software!
Sam
"Simon, Mike" wrote:
> good news,
>
> after another reboot of the server, vnc seems to be
working again.
> it has gone through periods of working/not working,
with most
> of the working sessions being shortly after a reboot.
it's a
> production
> server, so I dont get to reboot the machine as often
as I'd like.
>
> as I mentioned before, once it get into its
"connection closed"
> mode,
> it likes to stay that way, and has even done so after
a reboot.
>
> I'm happy to say I've never had any issues with any of
the other vnc
> servers I use, and we all owe a big thanks to all the
people that
> made
> and provided vnc.
>
> thx,
> mike
>
> > -----Original Message-----
> > From: James "Wez" Weatherall [SMTP:jnw22 "at" cam.ac.uk]
> > Sent: Friday, July 16, 1999 12:44 PM
> > To: vnc-list "at" uk.research.att.com
> > Subject: Re: connection closed
> >
> > > I've attached a log of one instance of:
> > > start WinVNC / attempt login / connection closed
> > > In this log, Maximizer is the user who is always
> > > logged into the console of the server. I'm not sure why
the
> > > new/old username message is repeated, could this be
> > > part of the problem? I've tried logging in with a
different
> > > user on the console, but that didn't help either.
> > >
> > > Oh yeah, the Java viewer doesn't work either on this
server.
> > > It starts initializing the applet, but quickly (to quick)
goes
> > > to a blank white screen with Done at the bottom of the
screen.
> > > No password box ever appears. Let me know if a log of the
Java
> > > connection would help figure this out.
> >
> > What log level was that log at? If it was less than 10, try
setting it to
> > 10.
> >
> > You should check the Services Control Panel and make sure
that the VNC
> > Server service is set to have access to the desktop.
> >
> > Cheers,
> >
> > James "Wez" Weatherall
> > --
> > - Queens' College MCR Entertainments Officer -
> > Laboratory for Communications Engineering, Cambridge - Tel :
766513
> > AT&T Labs Cambridge, UK - Tel :
343000
> >
> >
> >
> >
> >
---------------------------------------------------------------------
> > The VNC mailing list - see
http://www.uk.research.att.com/vnc/intouch.html
> >
---------------------------------------------------------------------
>
>
---------------------------------------------------------------------
> The VNC mailing list - see
http://www.uk.research.att.com/vnc/intouch.html
>
---------------------------------------------------------------------
-
---------------------------------------------------------------------
The VNC mailing list - see
http://www.uk.research.att.com/vnc/intouch.html
-
---------------------------------------------------------------------
------------------------------
Date: Tue, 20 Jul 1999 00:52:03 +0200
From: Tonny Sejr Kromann <tonny.sejr "at" get2net.dk>
Subject: vncserver on RedHat6 with truetype fontserver
Hi there
I have a RedHat6 and a RedHat5.1(based) machine.
I can run the server on the 5.1 but not on the 6.0.
I can also connect from the 6.0 to the 5.1.
The "fixed" font problem is listed in the log
on the 6.0 machine.
"xset q" gives only the font-path "unix/:-1", which is
also what is written in "/etc/X11/XF86Config"
How do I make the vncserver run on RedHat 6.0 with
it's truetype fontserver?
- --=20
Best regards
Tonny
-
---------------------------------------------------------------------
The VNC mailing list - see
http://www.uk.research.att.com/vnc/intouch.html
-
---------------------------------------------------------------------
------------------------------
Date: Mon, 19 Jul 1999 23:59:33 +0100
From: "Luis B. Almeida" <Luis.Almeida "at" inesc.pt>
Subject: Re: SSH and VNC ---For Non-Programmers
Brent Perez wrote:
>=20
> Does anyone have advice or a compiled version for Win 32 ( NT
) that is
> pretty easy to understand? I am not a programmer and have only
very little
> experience with these secure protocals but understand the
importance the SSH
> discussions. I would like to implement this but ama little
lost..Help?
>=20
Brent,
I think you should follow Miroslav's instructions for Win NT.
The link
to those instructions is available at the end of Quentin's SSH
and VNC
page
http://www.uk.research.att.com/vnc/sshvnc.html
Miroslav's instructions use precompiled stuff. You don't need to
compile
anything.
Luis
- --=20
Luis B. Almeida
Phone:
+351-1-3100246,+351-1-3544607
INESC Fax: +351-1-3145843
R. Alves Redol, 9 E-mail: luis.almeida "at" inesc.pt
1000-029 Lisboa, Portugal http://hebb.inesc.pt/~lba/=20
-
------------------------------------------------------------------------=
*** Indonesia is cheating with the referendum in East Timor
***
see http://etan.org/
-
---------------------------------------------------------------------
The VNC mailing list - see
http://www.uk.research.att.com/vnc/intouch.html
-
---------------------------------------------------------------------
------------------------------
Date: Tue, 20 Jul 1999 00:08:07 +0100
From: Quentin Stafford-Fraser <quentin "at" uk.research.att.com>
Subject: Re: SSH and VNC
Seth Cohn wrote:
>=20
> You might want to use this link:
>=20
> http://www.net.lut.ac.uk/psst/
Thanks,=20
I've added that, and put in Luis's changes as well.
Quentin
- ----------------------------
Dr Quentin Stafford-Fraser
AT&T Laboratories Cambridge
http://www.uk.research.att.com/~qsf
-
---------------------------------------------------------------------
The VNC mailing list - see
http://www.uk.research.att.com/vnc/intouch.html
-
---------------------------------------------------------------------
------------------------------
Date: Mon, 19 Jul 1999 17:13:23 -0700
From: Tom Davidson <tdavidson "at" technologyanswers.com>
Subject: X Server Console Multiple Broadcast
Hello All,
My question is: is it possible to have VNC on UNIX (RH6.0 Linux)
to
"broadcast"
to multiple clients viewing and possibly interacting with the
console
login? In other words, have the VNC server for X on UNIX act
like the
VNC server on Windows where the same desktop is shared with all
logged
in clients. This is important for collaborative instruction or
work.
Thanks,
Tom Davidson
-
---------------------------------------------------------------------
The VNC mailing list - see
http://www.uk.research.att.com/vnc/intouch.html
-
---------------------------------------------------------------------
------------------------------
Date: Tue, 20 Jul 1999 03:57:04 +0000
From: Alex Nicolaou <anicolao "at" cgl.uwaterloo.ca>
Subject: Re: X Server Console Multiple Broadcast
Tom Davidson wrote:
> My question is: is it possible to have VNC on UNIX (RH6.0
Linux) to
> "broadcast"
> to multiple clients viewing and possibly interacting with the
console
> login? In other words, have the VNC server for X on UNIX act
like the
> VNC server on Windows where the same desktop is shared with
all logged
> in clients. This is important for collaborative instruction
or work.
Instead of having it interact with the "console" login, you can
run
vncviewer -shared on the console and all the other machines.
alex
-
---------------------------------------------------------------------
The VNC mailing list - see
http://www.uk.research.att.com/vnc/intouch.html
-
---------------------------------------------------------------------
------------------------------
End of vnc-list-digest V1 #392
******************************
=
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D
This digest came to you via the vnc-list-digest mailing list.
For more information see
http://www.uk.research.att.com/vnc/intouch.html
=
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D
---------------------------------------------------------------------
The VNC mailing list - see http://www.uk.research.att.com/vnc/intouch.html
---------------------------------------------------------------------