Controlling a remote VNC Server accessing a VPN

[William Hooper]

Glenn Lovitz said:
> Ooooops on port 22 not 23-- my bad!
>
> For the rest - JEEEEZ! - I was really answering a VPN question - not
> trying to
> also add a full discourse on SSH.

Which is good because this is a VNC list.  SSH does come up often though
(and I do have one nit to pick below).

> Yes, I also allow SSH2 only. I originally used PK Auth only, but switched
> back
> to password (NEVER stored in putty) because I carry a disk around to use
> from
> remote computers.  If my disk falls into unwanted hands and contains the
> file
> with my public key it can be just as bad if the passphrase is guessed or
> known
> by others which may give one a false sense of security.  BTW, our
> CheckPoint
> FW-1 also requires firewall authentication to allow port traversal.

Security of the passphrase (itself) and your password are about the same. 
The difference is that to be able to used a guessed passphrase they also
need the key file.  On top of that, they need that key file without my
knowledge.

But if you pick a good passphrase the will have trouble guessing it.  If
the disk does fall in the wrong hands you can just remove that key from
the ~/.ssh/authorized_keys file and it won't matter if they can figure out
the passphrase or not.

[snip]

-- 
William Hooper