imposing security on users

David Smith l-vnc "at" kdace.com
Thu Apr 15 13:18:00 2004


At 10:22 AM -0500 4/14/04, Mike Miller wrote:
>We may have discussed this before, but that seems to be true of most
>issues on this list!  I want to be able to run Xvnc on a Linux box and
>allow users to connect to it, but I would prefer that they use SSH tunnels
>from outside the network.  I see no way to force them to use SSH tunnels.
>If I set up VNC for them, they can connect without the tunnel and I can't
>stop them.
>
>Thus, I would like to know if there is an Xvnc for Linux (or any unix OS)
>that has encryption built in.  Of course, we'd need a viewer that also had
>encryption built in.  That way we could avoid the hassles of setting up
>the SSH tunnels and would not have to worry if user connections are
>encrypted.

The normal way to do this is by adding "-localhost" to the vncserver 
settings, thereby only allowing connections from the local machine 
(or the end of an ssh tunnel).

Tightvnc intergrates into ssh using "-via <hostname>" which then 
calls ssh to the <hostname> (or <user "at" hostname>) with the correct 
port forwarding to tunnel it.