LinuxQuestions.org
Go Job Hunting at the LQ Job Marketplace
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Security
User Name
Password
Linux - Security This forum is for all security related questions.
Questions, tips, system compromises, firewalls, etc. are all included here.

Notices

Reply
 
LinkBack Search this Thread
Old 05-05-2010, 09:39 PM   #1
steve_s
LQ Newbie
 
Registered: Sep 2007
Posts: 9

Rep: Reputation: 1
secure restricted VNC


I am running fc12/xfce with outward facing SSH & VNC to provide login and graphical applications to remote users. Competent users can run VNC through an SSH tunnel, but I need a simpler solution for inexperienced and guest users.

I would like to provide a common password login to a secure restricted VNC session. I have created 'vncuser' and 'vncgroup', with vncserver starting from bootup in this account. I would like to add an encryption layer to the session, like ssh, but set from the server end, so the user does not have to think about it. I would also like to chroot the vncserver so the guests can't crap all over my system.

In the end, I see secure restricted VNC being a single landing strip for all remote users, allowing limited resources to guests and allowing established remote users to ssh -X onwards into their accounts.

Help please, how do I do it?
 
Old 05-06-2010, 08:12 AM   #2
scheidel21
Senior Member
 
Registered: Feb 2003
Location: CT
Distribution: Debian PPC/i386/AMD64 6/7, Vista, XP , WIN7, Server 03/08
Posts: 1,278

Rep: Reputation: 91
As far as I am aware there is no way to encrypt a VNC session that way. I suppose you could try running the VNC through a web page that is SSL encrypted, I am not 100% positive that will work but I think it is the closest you are going to get to what you want. If you did not know tightvnc at least have a Java application that can be embedded in a web page to allow VNC. But even then I am not sure if the actual VNC traffic is encrypted by the SSL connection. Oh one other thought, you could consider a routed VPN solution ala OpenVPN, that has one certificate that allows multiple users to connect, you send out openVPN installer with the certificate and a pre-made configuration file some quick instructions for where to place the configuration files after they install openVPN (If they can install itunes why not openVPN) then they can connect with open vpn and use the internal DNS name to conenct and all the traffic is encrypted over the openVPN VPN connection. These are likly the easiest ways to accomplish this if it is even possible. With the openVPN solution and the I know you can close any open VNC ports on the firewall and only allow through the openVPN port, plus SSH of course.
 
1 members found this post helpful.
Old 05-06-2010, 05:20 PM   #3
steve_s
LQ Newbie
 
Registered: Sep 2007
Posts: 9

Original Poster
Rep: Reputation: 1
Thanks, that sorta' makes sense. I think a solution might be to serve the TightVNC Java client from an SSL Web server. Transport layer encryption should fully envelop an application layer protocol like VNC. Any user could land on that with just a mouse click, and I am sure I will have a bagful of options for authentication after that. If I get that sorted, the only problem I am left with is chrooting VNCServer so that guests are contained. Is it feasible to create a thin installation tree with services and apps mirrored below the chroot directory and exposed to view?
 
Old 05-07-2010, 07:52 AM   #4
scheidel21
Senior Member
 
Registered: Feb 2003
Location: CT
Distribution: Debian PPC/i386/AMD64 6/7, Vista, XP , WIN7, Server 03/08
Posts: 1,278

Rep: Reputation: 91
Glad I kinda helped you, as far as the other one goes, you got me whether it is feasible or how to do it.
 
  


Reply

Tags
chroot, ssh, vnc


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off
Trackbacks are Off
Pingbacks are On
Refbacks are Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
LXer: How to secure VNC remote access with two-factor authentication LXer Syndicated Linux News 0 05-23-2007 02:46 PM
openssh & vnc (secure remote access) O(V)eGA_l2el) Fedora 1 10-18-2006 05:08 AM
how can I secure my nis server ?can I use openSSL to secure it form sniffing ? abhi_raj Linux - Networking 1 07-10-2006 06:19 AM
Secure remote desktop with Linux? VNC? SSH? VPN? sauce Linux - Security 3 12-16-2005 01:24 PM
Making VNC more secure using SSH - More advanced use tcma Linux - Networking 1 01-14-2005 05:25 PM


All times are GMT -5. The time now is 05:34 PM.

Main Menu
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
identi.ca: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration