LinuxQuestions.org
Download your favorite Linux distribution at LQ ISO.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Security
User Name
Password
Linux - Security This forum is for all security related questions.
Questions, tips, system compromises, firewalls, etc. are all included here.

Notices


Reply
  Search this Thread
Old 04-22-2005, 08:45 AM   #1
lacerto
Member
 
Registered: Oct 2003
Location: South London
Distribution: Gentoo.
Posts: 297

Rep: Reputation: 30
VNC and stunnel


Good afternoon all

I've been hacking about with this for ages, so reluctantly, the time has come to ask.

The end game I'm trying to get to is to administer a machine(s) from any internet connected PC using the the vnc java applet. (Please don't tell me to use ssh...I know how to do that).

The problem I'm encountering is as follows:

I have setup the following stunnel.conf
[vnc]
accept = 443
connect = 5801
TIMEOUTclose = 0

and vncserver
vncserver -httpd /usr/share/vnc/classes

This does of course work perfectly well, but as I see it, this only encrypts port 5801 i.e. the java applet(login and password), but not the VNC traffic(key strokes etc) on port 5901. (Port 6001 seems to be used as well, though I'm not sure why). I have to open 443 (encrypted),5901(no encryption) ,6001(no encryption) on the firewall.

So my issue is that I can't see any way to encrypt the other traffic without having stunnel installed on the client - not an option, as I want to use a browser only.

I feel this solution is a dead end, unless I can bear to have 5901/6001 open on the firewall.

Which begs my question....how risky is it to do so? (My networking knowledge is less than basic - but I imagine all the trafffic other than my username/password could be intercepted)

L
 
Old 04-22-2005, 10:36 AM   #2
david_ross
Moderator
 
Registered: Mar 2003
Location: Scotland
Distribution: Slackware, RedHat, Debian
Posts: 12,047

Rep: Reputation: 66
As far as I know your password would also be unencrypted, all you are doing is encrypting an http transfer which delivers the client to you.

You should be able to use sslexplorer to set up a secure connection the way you want:
http://sourceforge.net/projects/sslexplorer
 
Old 04-28-2005, 08:27 AM   #3
lacerto
Member
 
Registered: Oct 2003
Location: South London
Distribution: Gentoo.
Posts: 297

Original Poster
Rep: Reputation: 30
Thanks David- it's even worse than I thought!

I'll have a look sslexplorer.

L
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off



Similar Threads
Thread Thread Starter Forum Replies Last Post
Stunnel over WiFi... need help linuxgeekery Linux - Wireless Networking 1 08-08-2005 04:03 PM
stunnel and netcat?? scoobydude Linux - Networking 0 05-25-2005 02:43 AM
Need Help: new to stunnel Traveler_Q Linux - Security 1 04-21-2004 09:49 PM
Stunnel won't work! Linux6574 Linux - General 0 04-12-2004 05:20 PM
Stunnel and Sendmail mikeyt_333 Linux - Security 3 04-17-2002 07:39 PM

LinuxQuestions.org > Forums > Linux Forums > Linux - Security

All times are GMT -5. The time now is 09:12 PM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration