VNC Security ?

Rob Kenyon robdkenyon "at" attbi.com
Tue, 05 Mar 2002 01:58:38 +0000


ConnectPriority is only 1/2 of the answer. (in fact, I too am looking
for the other half).

ConnectPriority prevents the current user from getting kicked (this is a
good thing - and it does work) but it doesn't address the issue of
someone else coming in with a shared connection and joining the original
user.  From what I can see in the docs, -nevershared on Xvnc prevents
the connection of shared clients.  This option does not appear to be
available to WinVNC.  Does anyone know of a version of WinVNC that
supports this restriction?  In my case, I have multiple remote users
that need to connect to a machine and enter some sensitive information
that a "guest" shouldn't be allowed to see.  This will be used by many
people in many places so a commercial solution isn't realy a solution
for me.

I really need a single user to be the only one allowed on that
connection.  I've overheard some things about VNCProxy and I'd like to
know if anyone has any experience with the type of connection I'm
looking for and if VNCProxy will get me where I need to be.

Rob
robdkenyon "at" attbi.com



-----Original Message-----
From: owner-vnc-list "at" uk.research.att.com
[mailto:owner-vnc-list "at" uk.research.att.com] On Behalf Of Alex
Angelopoulos
Sent: Monday, March 04, 2002 11:44 AM
To: vnc-list "at" uk.research.att.com
Subject: Re: VNC Security ?


What is the OS of the server? Assuming it's a Windows system, the answer
is in the documentation (although I had to have it shoved in my face
before I
noticed...)

This is from the WinVNC server documentation page -
http://www.uk.research.att.com/vnc/winvnc.html

(1) Find this registry key on the server:
HKEY_LOCAL_MACHINE\Software\ORL\WinVNC3\

(2) Underneath it, create a DWORD value named ConnectPriority

(3) Set it to 2

The original documentation section follows -

=============================================
ConnectPriority
By default, all WinVNC servers will disconnect any existing connections
when an incoming, non-shared connection is authenticated.  This behavior
is undesirable when the server machine is being used as a shared
workstation by several users or when remoting a single display to
multiple clients for viewing, as in a classroom situation.

ConnectPriority indicates what WinVNC should do when a non-shared
connection is received: 0 = Disconnect all existing connections. 1 =
Don't disconnect any existing connections. 2 = Refuse the new
connection.

This is a Local machine-specific setting.

=====================================================
----- Original Message -----
From: "Franck Chevalier" <franck.chevalier "at" addeo.com>
To: <vnc-list "at" uk.research.att.com>
Sent: Monday/2002 March 04 12.41
Subject: VNC Security ?


: Hi
:
: I'm new on this mailing list then please forgive me if I ask anything
: already discussed here... I'm french and I'm working as an ingineer
for
: addeo.com
: Well, my problem is that when I'm connected to a server throught VNC,
anyone
: can come and kick me just by opening a new VNC session.
: I'd like to allow only one session at a time, but I'd also like (do I
ask
: too much ? :) to allow or not the other log while I'm connected (I
don't
: know if I'm clear enough...) to make my connexion safer (I don't want
anyone
: getting connected to use my windows session I opened via VNC)
:
: Do you think it's possible ?
:
: Thanx
: Franck CHEVALIER
: ---------------------------------------------------------------------
: To unsubscribe, mail majordomo "at" uk.research.att.com with the line:
: 'unsubscribe vnc-list' in the message BODY
: See also: http://www.uk.research.att.com/vnc/intouch.html
: ---------------------------------------------------------------------
---------------------------------------------------------------------
To unsubscribe, mail majordomo "at" uk.research.att.com with the line:
'unsubscribe vnc-list' in the message BODY See also:
http://www.uk.research.att.com/vnc/intouch.html
---------------------------------------------------------------------
---------------------------------------------------------------------
To unsubscribe, mail majordomo "at" uk.research.att.com with the line:
'unsubscribe vnc-list' in the message BODY
See also: http://www.uk.research.att.com/vnc/intouch.html
---------------------------------------------------------------------