vnc and security

James ''Wez'' Weatherall jnw22 "at" cam.ac.uk
Thu, 14 Jun 2001 14:15:36 +0000


Make sure you supply the parameter:

-encodings "hextile copyrect"

to the vncviewer command at the client.  Otherwise, it'll try to use raw.
If you just say "hextile", then scrolling stuff and dragging will be really
slow.

Cheers,

James "Wez" Weatherall
--
          "The path to enlightenment is /usr/bin/enlightenment"
Laboratory for Communications Engineering, Cambridge - Tel : 766513
AT&T Labs Cambridge, UK                              - Tel : 343000

----- Original Message -----
From: "Jeff Walker" <jwalker "at" matchlogic.com>
To: <vnc-list "at" uk.research.att.com>
Sent: Wednesday, June 13, 2001 6:03 PM
Subject: vnc and security


> Sorry if this has been covered before, but I searched the archives, and
> didn't find anything really relevant.
>
> My company is doing a security audit and installing a security policy.
Vnc
> isn't going to be allowed, because the traffic isn't encrypted.  I
> understand how to fix this, using ssh to do port forwarding to tunnel the
> traffic through a secure channel.  That seems to work okay, but the
problem
> is the speed.  It is pretty much unusable to me.  I have the server on a
> OSF1/alpha box that is pretty fast. I have the viewer running on a very
fast
> Pentium III windows 2000 machine.  The network between the viewer and
server
> is very fast.  The only ciphers available is idea, 3des, and blowfish.
All
> three seem very slow. (and I can't try "none" to see if the encryption
> overhead is really the problem)  I have tried various levels of
compression,
> but it doesn't help.
>
> I have read the info on the vnc site about how to do this, including the
> info about getting out of "raw" mode, I use "hextile", as that seems to be
> the fastest over non-ssh.
>
> Is there something I'm missing, something I can do to make this anywhere
> near the speed of non-ssh?
>
> Thanks.
>
> --
> Jeff Walker                   MatchLogic, Inc.
> jwalker "at" matchlogic.com        7233 Church Ranch Blvd.
> Voice 1 (303) 222-2105        Westminster, CO  80021
> Fax   1 (303) 222-2001        www.matchlogic.com
> ---------------------------------------------------------------------
> To unsubscribe, send a message with the line: unsubscribe vnc-list
> to majordomo "at" uk.research.att.com
> See also: http://www.uk.research.att.com/vnc/intouch.html
> ---------------------------------------------------------------------
---------------------------------------------------------------------
To unsubscribe, send a message with the line: unsubscribe vnc-list
to majordomo "at" uk.research.att.com
See also: http://www.uk.research.att.com/vnc/intouch.html
---------------------------------------------------------------------