Controlling a remote VNC Server accessing a VPN
Fri Jun 6 17:34:00 2003
Glenn Lovitz said:
> Ooooops on port 22 not 23-- my bad!
> For the rest - JEEEEZ! - I was really answering a VPN question - not
> trying to
> also add a full discourse on SSH.
Which is good because this is a VNC list. SSH does come up often though
(and I do have one nit to pick below).
> Yes, I also allow SSH2 only. I originally used PK Auth only, but switched
> to password (NEVER stored in putty) because I carry a disk around to use
> remote computers. If my disk falls into unwanted hands and contains the
> with my public key it can be just as bad if the passphrase is guessed or
> by others which may give one a false sense of security. BTW, our
> FW-1 also requires firewall authentication to allow port traversal.
Security of the passphrase (itself) and your password are about the same.
The difference is that to be able to used a guessed passphrase they also
need the key file. On top of that, they need that key file without my
But if you pick a good passphrase the will have trouble guessing it. If
the disk does fall in the wrong hands you can just remove that key from
the ~/.ssh/authorized_keys file and it won't matter if they can figure out
the passphrase or not.