imposing security on users

listbox_8811@hotmail.com listbox_8811 "at" hotmail.com
Wed Apr 14 21:13:00 2004


----- Original Message ----- 
From: "Mike Miller" <mbmiller "at" taxa.epi.umn.edu>
To: "VNC List" <vnc-list "at" realvnc.com>
Sent: Wednesday, April 14, 2004 8:22 AM
Subject: imposing security on users


> We may have discussed this before, but that seems to be true of most
> issues on this list!  I want to be able to run Xvnc on a Linux box and
> allow users to connect to it, but I would prefer that they use SSH tunnels
> from outside the network.  I see no way to force them to use SSH tunnels.
> If I set up VNC for them, they can connect without the tunnel and I can't
> stop them.
>
> Thus, I would like to know if there is an Xvnc for Linux (or any unix OS)
> that has encryption built in.  Of course, we'd need a viewer that also had
> encryption built in.  That way we could avoid the hassles of setting up
> the SSH tunnels and would not have to worry if user connections are
> encrypted.
>
> Of course, if such a thing does not exist, I recommend it as a project!
>
> Mike
>

People have been asking for built in encryption for years, and they have yet
to implement it. For Linux/Unix there is even less reason to implement it as
virtually all those machines have SSHd running already. For Windows it makes
more sense to have built in encryption.

I feel the best way of restricting your users from making direct connections
would be to setup your firewall to not allow connections to vnc, and allow
from SSH.

And a good project I have thought about would be a vnc viewer with a SSH
client built in and transparent - though I would have no way to know how to
make such a thing.

Rach