Restrict access to vnc.so in a X server
jerry "at" westrick.com
Fri Nov 5 09:56:01 2004
On Friday 05 November 2004 09:32, Olaf Joerk wrote:
> I'm using vnc in two ways. Via a ssh tunnel to do normal
> maintenance on remote linux boxes and now as a remote
> :0 display using the vnc.so-module of the X-server,
> for showing local administrators things they should do
> later on their own.
> When I use the second method I first setup a ssh tunnel
> and connect after that to the vnc-module using encryption
> (with password).
> (ssh2 -S -l user -L 1111:localhost:5900 host +
> vncviewer --> localhost:1111)
> But there is still the possibility to connect directly
> to the machine using vncviewer. I have a password file, so
> there is athentication but unencrypted and just a password.
> I think enough tests and sometimes my passwords will
> be broken.
> (vncviewer --> host:0)
> Is it possible to restrict the vncviewer access to display:0
> to localhost? So I could use my ssh-tunnel method further on
> but the direct access would be denied. May be it's more a
> question of X-windows than of vnc. But I'm unexperienced
> with X so any hints are welcomed.
> VNC-List mailing list
> VNC-List "at" realvnc.com
> To remove yourself from the list visit:
If I remember right, the configuration of the server allows for "localhost
only" option, so...
The answer to your question is yes....
But I don't remember where/how.
As a workaround you could close the port on your firewall...