VNC strong authentication, fixing the registry permissions

Joseph A. Knapka jknapka "at" earthlink.net
Fri, 24 Nov 2000 18:04:28 +0000


David Starks-Browning wrote:
> 
> On Friday 24 Nov 00, Tim Waugh writes:
> > > Unless you can find a stable native sshd port for Win32 (there are
> > > various non-native cygwin-derived sshd ports, but these are all
> > > flawed as they are not true NT services), sshd is port forwarding
> > > the VNC traffic over potentially insecure network segments
> > > (typically true in a colocation scenario).
> >
> > But sshd is encrypting it, surely?
> 
> I think his point was that vnc would have to go unencrypted over a
> network segment *if* there were no ssh running on the Windows host.
> 

I think another point was that only the path between the ssh client
and the sshd host is encrypted. If sshd is forwarding the connection
on to a third machine, that part of the connection is in the clear.
Of course if the third machine (the VNC server) is also running
sshd, it's possible to form another ssh tunnel, but it is very
inconvenient.

-- Joe Knapka
---------------------------------------------------------------------
To unsubscribe, send a message with the line: unsubscribe vnc-list
to majordomo "at" uk.research.att.com
See also: http://www.uk.research.att.com/vnc/intouch.html
---------------------------------------------------------------------