How do I secure vnc/desktop sharing?
Ssh allows you to start a new (separate) text login, but that's not the only thing you can do with it. It also allows you to do things like tunnel internet, tunnel a port, and start a graphical program in that new text login and have that program show up on the local computer but run on the remote one. All of this is encrypted, so it it safe to send confidential things like passwords over it.
Also, do realize that on a Linux machine, it is possible for a user to be logged in multiple times. (This seemed so cool when I first came from Windows).
VNC sends passwords unsafely, which means that it is possible that someone could listen in on your connection and then use the password they hear to login themselves!
So, the general idea is to use ssh to securely connect and start a new text login that you basically don't use. Then you tell ssh to also tunnel the port for VNC, which means that the VNC is wrapped in the ssh encryption so no one will hear your password. When you connect to the remote VNC server, it show the graphical login, not the text one.
How to do this:
you run something like
ssh <monitoredusername>@<monitoredcomputeripaddress> -L <randomportabove1024>:localhost:<monitoredcomputer'svncserverport>
This will magically make the monitored computer's VNC server "appear" on your local computer at . Then you can do
vncviewer localhost:<randomportabove1024>
to login.
Related videos on Youtube
sostacked
Updated on September 18, 2022Comments
-
sostacked over 1 year
I have a bunch of laptops I need to set up for our support dept and I need to be able to access/monitor them at all times. The laptops run ubuntu 11.10 gnome shell 3.2 and all have the desktop sharing thing enabled along with a password. This all works, I can connect to the laptops and view them and interact with them.
Now, from what I've read, that password thing ain't the most sophisticated security measure out there so I'm looking for a secure upgrade for this setup, preferably one that doesn't need too much changes on their end. I've read up on implementing ssh, but that is if I want to log on to a dormant account not when I want to just bomb the existing user session.
-
user4124 over 12 yearsYou should try to initiate the VNC session through Empathy. Though I did not verify, I believe that the telepathy tube (that gets created for the VNC session) has some form of security. You can read more at telepathy.freedesktop.org/wiki and ask at the telepathy mailing lists.
-
sostacked over 12 yearstyvm I'll look into it
-
Panther about 9 yearsTake a look at FreeNX , fast and secure ;)
-
-
sostacked over 12 yearstyvm, that nailed it.