staying secure while allowing vnc... - Security

This is a discussion on staying secure while allowing vnc... - Security ; I used parts of the following guides to set my box up so that I can vnc to it thru an ssh tunnel. http://pigtail.net/LRP/vnc/ http://www.prosig.com/protor/kbase/vnc-install.html I'm not a security guru so I thought I'd ask here if what I've done ...

+ Reply to Thread
Results 1 to 2 of 2

Thread: staying secure while allowing vnc...

  1. staying secure while allowing vnc...

    I used parts of the following guides to set my box up so that I can vnc
    to it thru an ssh tunnel.

    http://pigtail.net/LRP/vnc/
    http://www.prosig.com/protor/kbase/vnc-install.html

    I'm not a security guru so I thought I'd ask here if what I've done is
    a good idea.

    My box started out as a RH9 box, however it has been upgraded many
    times. Most upgrades I compile from source and have been things like
    SSH, mozilla, iptables, and a few other things. Some legacy rpms from
    the legacy project have also been installed. I'll upgrade to another
    OS when I buy or build a new box.

    Anyway it has become necessary that I access this system while I'm on
    the road. My job has given me a laptop (yeah!) but won't let me put
    any flavor of Linux on it. Dragging my personal laptop, which
    dualboots to WinXP and Debian, along as a 2nd one is just not going to
    happen. So the solution I've decided to use is VNC thru an ssh tunnel.

    This seems fine, but a few things I had to do to get the VNC stuff
    working, worries me. I don't at all understand the implications and
    hope this group can let me know.

    The main things I did was:

    edit /etc/X11/xdm/xdm-config
    commented out DisplayManager.requestPort: 0

    edit /etc/X11/xdm/Xaccess
    uncomment !* # any host can get a login window

    run gdmconfig
    enable XDMCP

    To connect from the laptop, I start up Putty, SSH to the box. Putty is
    configured to do port forwarding for 5900 to 127.0.0.1:5900 and for
    5901 in a similar way. I then vnc to 127.0.0.1:1 It seems to work,
    but like I said I don't know what that stuff with xdm and gdm really
    allows to happen to my system. Should I worry? What should I watch for
    to see if anyone is attempting or has succeeded in hacking my box.

    I also tried without running Putty, to vnc to xxx.xxx.xxx.xxx:1 and
    that also seems to work. So how secure is vnc's password protection?
    I'm using a "good" password, well "good" but something I don't have to
    write down.

    Thanks in advance.

    Jistan


  2. Re: staying secure while allowing vnc...

    jistanidiot@gmail.com schreef:
    > I used parts of the following guides to set my box up so that I can vnc
    > to it thru an ssh tunnel.
    >
    > http://pigtail.net/LRP/vnc/
    > http://www.prosig.com/protor/kbase/vnc-install.html
    >
    > I'm not a security guru so I thought I'd ask here if what I've done is
    > a good idea.
    >
    > My box started out as a RH9 box, however it has been upgraded many
    > times. Most upgrades I compile from source and have been things like
    > SSH, mozilla, iptables, and a few other things. Some legacy rpms from
    > the legacy project have also been installed. I'll upgrade to another
    > OS when I buy or build a new box.
    >
    > Anyway it has become necessary that I access this system while I'm on
    > the road. My job has given me a laptop (yeah!) but won't let me put
    > any flavor of Linux on it. Dragging my personal laptop, which
    > dualboots to WinXP and Debian, along as a 2nd one is just not going to
    > happen. So the solution I've decided to use is VNC thru an ssh tunnel.
    >
    > This seems fine, but a few things I had to do to get the VNC stuff
    > working, worries me. I don't at all understand the implications and
    > hope this group can let me know.
    >
    > The main things I did was:
    >
    > edit /etc/X11/xdm/xdm-config
    > commented out DisplayManager.requestPort: 0
    >
    > edit /etc/X11/xdm/Xaccess
    > uncomment !* # any host can get a login window
    >
    > run gdmconfig
    > enable XDMCP
    >
    > To connect from the laptop, I start up Putty, SSH to the box. Putty is
    > configured to do port forwarding for 5900 to 127.0.0.1:5900 and for
    > 5901 in a similar way. I then vnc to 127.0.0.1:1 It seems to work,
    > but like I said I don't know what that stuff with xdm and gdm really
    > allows to happen to my system. Should I worry? What should I watch for
    > to see if anyone is attempting or has succeeded in hacking my box.
    >
    > I also tried without running Putty, to vnc to xxx.xxx.xxx.xxx:1 and
    > that also seems to work. So how secure is vnc's password protection?
    > I'm using a "good" password, well "good" but something I don't have to
    > write down.
    >
    > Thanks in advance.
    >
    > Jistan
    >


    I used to use vnc over ssh all the time until I read something about
    FreeNX, it based on NX technology from nomachine (www.nomachine.com).
    Its works much faster than vnc and it use ssh to provide some encryption.

    Dre

+ Reply to Thread