LinuxQuestions.org
Latest LQ Deal: Linux Power User Bundle
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Newbie
User Name
Password
Linux - Newbie This Linux forum is for members that are new to Linux.
Just starting out and have a question? If it is not in the man pages or the how-to's this is the place!

Notices


Reply
  Search this Thread
Old 10-16-2007, 04:21 AM   #1
nymusicman
Member
 
Registered: Jun 2004
Location: Aurora, IL
Distribution: Slackware Current
Posts: 162

Rep: Reputation: 30
To understand vnc through ssh.


This may seem like a dumb question, but I would really like to know. On my local network I'm very happy using vnc, but whenever I travel away from my own network I use ssh. Now I've downloaded software that allows me to tunnel vnc through ssh in a nice and friendly gui. The software is called ssvnc.

Anyway my question is does all the secure connections happen on the viewer's side or should I set up extra "security" on the computer running vncserver?

I'm really not sure if I'm asking this question right, so before it becomes a long thread where no one is answering my question let me try to rephrase it.

On the client maching it goes something like "ssh -L port:server:5901 user@machine.com". Something like that. Normally on the server one would have ssh running and vnc server would be somthing like this: vncserver -geometry 800x600 :1. Are these commands all that is needed to make a secure connection or should I be trying to connect vncserver with ssh on the server machine?

I hope the question makes sense, sorry if it doesn't.

Last edited by nymusicman; 10-16-2007 at 04:22 AM.
 
Old 10-16-2007, 09:18 AM   #2
Pearlseattle
Member
 
Registered: Aug 2007
Location: Zurich, Switzerland
Distribution: Gentoo
Posts: 939

Rep: Reputation: 104Reputation: 104
As far as I know vncserver is not really considered secure meaning that yes, your connection is probably (never tried out the way you do it) protected but other people might try to directly access your vncserver from outside.
You might take under consideration not to start any vncserver on your server (not even X) and connecting to it using SSH with X forwarding switched on (ssh -X yourremoteserver). On the server you'll have to enable X-forwarding by changing in /etc/ssh/sshd_config the parameter "X11Forwarding no" to "X11Forwarding yes" and restart sshd.
Afer that you'll be able to start your usual application, e.g. xclock, in the ssh-shell. They'll be executed on the remote server but the X-Server that will be used will be the one of your local machine - xclock should then appear in front of you somewhere on the desktop.
Have as well a look at the "-C" (compression) and "-Y" (some applications, especially java stuff won't work with -X) flags when connecting using ssh.
I really like this as not the whole desktop has to be sent over the network, but only the graphical output of your application, which might save bandwidth depending on the application you execute.
 
Old 10-16-2007, 04:24 PM   #3
nymusicman
Member
 
Registered: Jun 2004
Location: Aurora, IL
Distribution: Slackware Current
Posts: 162

Original Poster
Rep: Reputation: 30
Thank you for your response. I did know about ssh -X, and I would still prefer vnc in the situation I'm talking about. I also know that vncserver by itself is not secure that is why I block 5900-5901 from outside my router. So the only port to get into my computer from outside my routers connection is 22 for ssh.

The question I was trying to ask is, do I get a full secure ssh connection by just tunneling the viewer through ssh on the client side, or is there a way to tunnel vncserver through ssh on the server side? I'm not really worried about people breaking into my machine (there is really nothing to see on it and I reinstall linux more often than most people anyway), I'm more worried about the connection being encrypted. I know vnc only encrypts the password but everything else is out in the open, and ssh encrypts everything.

Last edited by nymusicman; 10-16-2007 at 04:25 PM.
 
Old 10-16-2007, 09:29 PM   #4
gilead
Senior Member
 
Registered: Dec 2005
Location: Brisbane, Australia
Distribution: Slackware64 14.0
Posts: 4,125

Rep: Reputation: 164Reputation: 164
Quote:
Originally Posted by nymusicman View Post
The question I was trying to ask is, do I get a full secure ssh connection by just tunneling the viewer through ssh on the client side, or is there a way to tunnel vncserver through ssh on the server side? I'm not really worried about people breaking into my machine (there is really nothing to see on it and I reinstall linux more often than most people anyway), I'm more worried about the connection being encrypted. I know vnc only encrypts the password but everything else is out in the open, and ssh encrypts everything.
Yes you do get a secure tunnel for VNC to pass through. I'm assuming you have SSH and VNC daemons running on your server and that you connect to your server by setting up the following on your client PC:
- An ssh client connection with port forwarding;
- A VNC client connection to the client's locally forwarded port (e.g. vncviewer 127.0.0.1:2)
You don't connect directly to your server with your VNC client and you should block the server's VNC ports as you only need the SSH daemon port (usually, but not always 22) open.
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off



Similar Threads
Thread Thread Starter Forum Replies Last Post
ssh with vnc Dillius Linux - Security 1 03-11-2005 05:53 PM
SSH and VNC bandersen Linux - Newbie 5 03-29-2004 06:53 AM
vnc with ssh lawkh Linux - Newbie 1 02-10-2004 02:12 AM
ssh and VNC linuxnube Linux - Security 4 01-28-2004 11:12 PM
SKEYAuth on a SSH-Server...please I'd like to understand that..... pablovschby Linux - Networking 1 10-14-2003 07:16 PM


All times are GMT -5. The time now is 03:10 PM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration