Providing (Windows) VNC support to clients that have strict corporate firewalls

Michael Ossmann michael.ossmann "at" alttech.com
Wed, 16 Jan 2002 20:40:06 +0000


On Wed, Jan 16, 2002 at 02:40:16PM -0500, Chuck Renner wrote:
> 
> Since VNCviewer states, "Internal loopback connections are not allowed", the
> implication is that there is a setting that WILL allow them, either in the
> source, or in the GUI settings.  Is this the case?

I wasn't expecting this.  I have no idea why loopback connections
wouldn't be allowed, and I suspect a source code change would be
required to change it.  Anyone?

>       2.  Opening the SSH connection from the client to the SSHD your Linux
> firewall is effectively like creating a VPN connection from the client to
> your network.  This opens a huge security hole in your network, and gives
> someone on the client's network the ability to snoop around your network
> when the connection is made.

One of the advantages of using public key authentication is that OpenSSH
can limit port forwarding to particular host:port combinations specified
by the permitonly option in the authorized_keys file.

-- 
Mike Ossmann, Tarantella/UNIX Engineer/Instructor
Alternative Technology, Inc.  http://www.alttech.com/
---------------------------------------------------------------------
To unsubscribe, mail majordomo "at" uk.research.att.com with the line:
'unsubscribe vnc-list' in the message BODY
See also: http://www.uk.research.att.com/vnc/intouch.html
---------------------------------------------------------------------