How to connect securely to VNC server? (x11vnc)
You can use ssh
and port forwarding to set up a tunnel. You log into the remote host (example.com) with a command like this:
ssh -L 5903:localhost:5900 [email protected]
Then, you connect vncserver
to localhost:3
The -L swich forwards the local port 5903 to the remote host, that will then forward it (from its side) to localhost:0.
`vncserver thinks it is talking to localhost:3 and that is not encrypted, but the ssh traffic from localhost:3 to remotehost:0 (the tunnel over the internet) is encrypted, so you are all set.
Since ssh
also compresses your traffic, you might get a (small) boost from that too.
Comments
-
Mikel Granero over 1 year
I'm using Manjaro / Arch Linux distribution. I'm trying to connect securely to my VNC server, but I'm not able to configure it.
I'm using x11vnc, because It's much optimal than TigerVNC for streaming the current user session.
Using this command I'm able to start my VNC server:
x11vnc -nap -wait 50 -noxdamage -rfbauth /home/mikel/.vnc/passwd -display :0 -nocursor -forever
But when I use (Real) VNC Viewer it says that the connection is not secure.
I want to connect to the VNC Server from outside the LAN, so the connection must be encrypted.
I tried using the
-ssl
flag. This flag generates a ssl cert and uses it. VNC Viewer is NOT compatible with this kind of VNC Connections, so I had to download this one (ssvnc).After trying to connect using this program, I get this error on my server console:
20/11/2019 21:44:55 SSL: ssl_helper[1688]: SSL_accept() *FATAL: -1 SSL FAILED 20/11/2019 21:44:55 SSL: error:1420918C:SSL routines:tls_early_post_process_client_hello:version too low
And this error on my Windows VNC Viewer:
I don't know if x11vnc is not working or if the VNC Viewer(ssvnc) has an outdated library.
¿Any suggestion?