Lesser of 2 evils in absence of ssh

[Shing-Fat Fred Ma]

>From: David Smith <dsmith67@tampabay.rr.com>
>
>>>Hello,
>>>
>>>Without ssh, is it better to
>>>connect from a PC veiwer to
>>>a solaris server over the
>>>internet, or the following:
>>>start the solaris server
>>>with -localhost, telnet into
>>>the sun box and use vncconnect
>>>to make the server connect to
>>>your remote PC viewer.
>>    
>>
>
>I would say the first is more secure.  Regularly changing your 
>password would also be a good idea since the VNC password chat is not 
>exceptionally strong, but it is much better than passing your login 
>and password in the clear.
>  
>
>From: Dave Dyer <ddyer@real-me.net>
>
> Or you could use zVnc, which incorporates ssh-class encryption
>into the basic vnc communication stream.
> 
> http://home.attbi.com/~davedyer/znc/zvnc.html 
>
Dave:

It looks pretty handy.  But I think I'll rely on
my SysAdmin to look after the security arrangments.
I'm not using stock VNC, I'm using TightVNC.  If I
keep security as a separate layer, I can migrate with
the technology as it changes.

Dave:

About relying on VNC's authentication, what's your
view on the fact that running the server without
-localhost allows repeated attempts at connection?
I know that after a number of tries, it refuses
connection, but I seem to recall that just changing
where you try to connect from will reset that.  I
haven't delved into the code, but is that behaviour
embedded in the viewer?  There was a posting a while
ago showing that the viewer can be modified into an
"attack" machine, but I don't recall seeing too much
discussion  following up.

In the end, I realize that the secure way is through
an ssh tunnel.

Fred