Welcome to the most active Linux Forum on the web.
Go Back > Forums > Linux Forums > Linux - Security
User Name
Linux - Security This forum is for all security related questions.
Questions, tips, system compromises, firewalls, etc. are all included here.


  Search this Thread
Old 04-14-2011, 05:07 AM   #1
LQ Newbie
Registered: Jun 2010
Posts: 6

Rep: Reputation: 0
Secure VNC Server

Hi everyone,

I'm struggling to understand what is the best way to harding a VNC connection.
I have a fedora machine within a local WiFi network (WPA2 encryption), and I installed a RealVNC server on it. On the one hand, I looking for high speed connection within the lan. On the other hand, I willing to secure to outcome connection from the wan (brute force and sniffing).

I thought about 2 solutions:
1. Relay on the VNC internal encryption, and publish the vnc's ports to the outer world - 5800 5900. Also, configure iptables rules for dropping brute force attacks on the ports.

2. Disable all the VNC internal encryption. The outer world beyond the router will be able to connect my VNC only with a SSH tunnel, which accept only public keys authentication. Within the lan, the iptables will allow connection to the vnc's ports.

what you propose me to do?

Click here to see the post LQ members have rated as the most helpful post in this thread.
Old 04-14-2011, 05:15 AM   #2
Registered: Jun 2001
Location: UK
Distribution: Gentoo, RHEL, Fedora, Centos
Posts: 43,417

Rep: Reputation: 1984Reputation: 1984Reputation: 1984Reputation: 1984Reputation: 1984Reputation: 1984Reputation: 1984Reputation: 1984Reputation: 1984Reputation: 1984Reputation: 1984
vnc by itself is awful, I'd *really* suggest using nx instead from - free for 2 concurrent users and tunnelled properly over ssh. Much Much better.
Old 04-14-2011, 07:25 AM   #3
LQ Veteran
Registered: Feb 2003
Location: Maryland
Distribution: Slackware
Posts: 7,803
Blog Entries: 1

Rep: Reputation: 422Reputation: 422Reputation: 422Reputation: 422Reputation: 422
I agree that nx is an excellent solution. However, if you need to stick with a more vanilla VNC server, look into using an SSH tunnel to allow access. A quick google will bring up tons of how-tos. Under no circumstances do you want to expose VNC to the Internet.
2 members found this post helpful.


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off

Similar Threads
Thread Thread Starter Forum Replies Last Post
Secure VNC over SSH Error (RHEL 5.5) ajslinux Linux - General 4 03-07-2011 01:17 PM
secure restricted VNC steve_s Linux - Security 3 05-07-2010 07:52 AM
Issue with vnc server "tightVNC: VNC server closed connection", due to Screensaver frenchn00b General 1 07-30-2009 06:55 AM
how can I secure my nis server ?can I use openSSL to secure it form sniffing ? abhi_raj Linux - Networking 1 07-10-2006 06:19 AM
Making VNC more secure using SSH - More advanced use tcma Linux - Networking 1 01-14-2005 05:25 PM > Forums > Linux Forums > Linux - Security

All times are GMT -5. The time now is 06:25 AM.

Main Menu
Write for LQ is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Open Source Consulting | Domain Registration