imposing security on users listbox_8811 "at"
Wed Apr 14 21:13:00 2004

----- Original Message ----- 
From: "Mike Miller" <mbmiller "at">
To: "VNC List" <vnc-list "at">
Sent: Wednesday, April 14, 2004 8:22 AM
Subject: imposing security on users

> We may have discussed this before, but that seems to be true of most
> issues on this list!  I want to be able to run Xvnc on a Linux box and
> allow users to connect to it, but I would prefer that they use SSH tunnels
> from outside the network.  I see no way to force them to use SSH tunnels.
> If I set up VNC for them, they can connect without the tunnel and I can't
> stop them.
> Thus, I would like to know if there is an Xvnc for Linux (or any unix OS)
> that has encryption built in.  Of course, we'd need a viewer that also had
> encryption built in.  That way we could avoid the hassles of setting up
> the SSH tunnels and would not have to worry if user connections are
> encrypted.
> Of course, if such a thing does not exist, I recommend it as a project!
> Mike

People have been asking for built in encryption for years, and they have yet
to implement it. For Linux/Unix there is even less reason to implement it as
virtually all those machines have SSHd running already. For Windows it makes
more sense to have built in encryption.

I feel the best way of restricting your users from making direct connections
would be to setup your firewall to not allow connections to vnc, and allow
from SSH.

And a good project I have thought about would be a vnc viewer with a SSH
client built in and transparent - though I would have no way to know how to
make such a thing.