Is VNC really secure?
Todd A. Jacobs
nospam "at" codegnome.org
Mon, 29 Nov 1999 00:13:19 +0000
On Sun, 28 Nov 1999, Adam Malejko wrote:
> Ok, I've read through the FAQ, and have been lurking on this list for quite
> a while, and I believe that VNC's secure enough for me to run over the
> internet. However, in telling a few fellow students at my University about
> VNC, they seem to think that it's still not secure enough for them. Does
> anyone have a strong enough argument about this, stating the how's and why's
> of VNC's security? I've looked all over the web site and I still can't find
> anything that's good enough to convince them.
The problem isn't really the VNC login, it's the windows you run over
VNC. If you run VNC, and su to root, your keystrokes are *not*
encrypted. Only your initial VNC challenge/response is encrypted. (This is
a FAQ).
There's a nice page on the VNC web site explaining how to run VNC over an
encrypted SSH connection. I highly recommend it.
--
Todd A. Jacobs
Network Systems Engineer
---------------------------------------------------------------------
The VNC mailing list - see http://www.uk.research.att.com/vnc/intouch.html
---------------------------------------------------------------------