[Discuss] vnc

markw at mohawksoft.com markw at mohawksoft.com
Sun Aug 24 12:22:41 EDT 2014 

I would opt to use openvpn instead of an SSH tunnel. You have a better
control over security and "ease."

> On Sun, Aug 24, 2014 at 10:29:13AM -0400, Stephen Adler wrote:
>> I'm installing red hat enterprise linux on a server at home and I'm
>> tweaking the vnc service setup. I've followed the instructions in
>> the system admin guide, but I'm not liking the final set up.
>> Basically I've enabled vncserver for a user registered on the
>> system. When I reboot, the system spawns off Xvnc for the user. When
>> I run vncviewer, I issue my password and then I have a vnc window of
>> the desktop of the user on the system.
>>
>> My problem with this is that the password I issue to open up the
>> vncviewer window to access the desktop of the user is not part of
>> the /etc/passwd file, but some clear text password file. There are
>> warnings in the documentation about this.
>>
>> What I would like is to be able to somehow start an Xvnc session in
>> which gdm is started, and then when I run vncviewer and issue the
>> password, I'm placed into a gdm login screen, at which point I
>> select my user and password and log in. This is the model of the old
>> Xterminals of the 1990s.
>>
>> does anyone have any tips/tricks on how to set up Xvnc or a
>> vncserver set up so that I get a gdm login screen instead of going
>> directly into the user's desktop?
>
> So, the reason you're not supposed to do that -- or be happy
> with the way vnc comes out of the box -- is that vnc is
> unencrypted.
>
> Set Xvnc to not listen on anything except localhost. Then back
> that up with a firewall restriction -- really, you shouldn't
> have to, because you do default deny, right?
>
> Run an ssh tunnel to your server, LocalForward some port to the vnc port,
> and point your vncviewer at localhost:0.
>
> Now that you've got that working, you can do multiuser.
>
> Most of the info for that is here:
> http://linuxreviews.org/howtos/xvnc/
> but the short version is, enable xdcmp listening to localhost
> for your display manager.
>
> -dsr-
> _______________________________________________
> Discuss mailing list
> Discuss at blu.org
> http://lists.blu.org/mailman/listinfo/discuss
>

More information about the Discuss mailing list