imposing security on users
l-vnc "at" kdace.com
Thu Apr 15 13:18:00 2004
At 10:22 AM -0500 4/14/04, Mike Miller wrote:
>We may have discussed this before, but that seems to be true of most
>issues on this list! I want to be able to run Xvnc on a Linux box and
>allow users to connect to it, but I would prefer that they use SSH tunnels
>from outside the network. I see no way to force them to use SSH tunnels.
>If I set up VNC for them, they can connect without the tunnel and I can't
>Thus, I would like to know if there is an Xvnc for Linux (or any unix OS)
>that has encryption built in. Of course, we'd need a viewer that also had
>encryption built in. That way we could avoid the hassles of setting up
>the SSH tunnels and would not have to worry if user connections are
The normal way to do this is by adding "-localhost" to the vncserver
settings, thereby only allowing connections from the local machine
(or the end of an ssh tunnel).
Tightvnc intergrates into ssh using "-via <hostname>" which then
calls ssh to the <hostname> (or <user "at" hostname>) with the correct
port forwarding to tunnel it.