VNC and SSH tunneling
whooper "at" freeshell.org
Wed Jul 24 02:27:01 2002
----- Original Message -----
From: "Tim McGarry" <tim "at" mcgarry.ch>
To: <vnc-list "at" realvnc.com>
Cc: <whooper "at" freeshell.org>
Sent: Tuesday, July 23, 2002 4:22 PM
Subject: Re Re: VNC and SSH tunneling
> I'm running the server on a solaris boxes, the users home directories are
> not correctly secured (ie no Kerberos or DH security). It's too easy to
> someones ~/.vnc/vncpasswd or even put in your own (vnc reads this file at
> connection time, not server startup time).
> The end result of this is that you have the full benefit of an SSH agant
> connected to the SSH server but the moment the VNC session disconnects for
> whatever reason the path back to the agent is lost, this is far more
> that leaving a VNC server running and also the agent on the same box.
> Tim McGarry
> ----- Original Message -----
> From: "William Hooper" <whooper "at" freeshell.org>
> To: <vnc-list "at" realvnc.com>
> Sent: Tuesday, July 23, 2002 3:58 AM
> Subject: Re: VNC and SSH tunneling
> > ----- Original Message -----
> > From: "Tim McGarry" <tim "at" mcgarry.ch>
> > To: <vnc-list "at" realvnc.com>
> > Sent: Monday, July 22, 2002 1:56 PM
> > Subject: VNC and SSH tunneling
> > > Does anyone have experience of this, what remote ports (5500? 5900?)
> > > need to forward and where do I forward them to
> > > Tim McGarry
> > Disclaimer - I've never tried so I reserve the right to be wrong!
> > You also need a connection for the VNC session to go over once it is
> > started. This would be over the normal port of 5900. So you need a
> > from the PuTTY machine to the OpenSSH server on port 5900.
> > William Hooper
Interesting (or in other words, over my head in terms of Unix knowledge
LOL). Wouldn't it be better to secure the Home directories that way you are
protecting all programs that store things in .files there (I'm sure there
are many)? Maybe in addition to your other plan?
Anyway, the real reason for my message is that I forgot to mention the ports
change for each display (so your script might have to change to reflect
that, definitely the PuTTY port forwarding will). The viewer always listens
on 5500, but the view still increments one port for every display number.
So assuming a local X server on the Solaris box (display :0) the first port
will actually be 5901 for display :1, next 5902 for display :2 and so forth.
Sorry I forgot that the first time.
If Barbie is so popular, why do you have to BUY her friends ?