[Discuss] vnc

[dsr at randomstring.org (Dan Ritter)]

On Sun, Aug 24, 2014 at 10:29:13AM -0400, Stephen Adler wrote:
> I'm installing red hat enterprise linux on a server at home and I'm
> tweaking the vnc service setup. I've followed the instructions in
> the system admin guide, but I'm not liking the final set up.
> Basically I've enabled vncserver for a user registered on the
> system. When I reboot, the system spawns off Xvnc for the user. When
> I run vncviewer, I issue my password and then I have a vnc window of
> the desktop of the user on the system.
> 
> My problem with this is that the password I issue to open up the
> vncviewer window to access the desktop of the user is not part of
> the /etc/passwd file, but some clear text password file. There are
> warnings in the documentation about this.
> 
> What I would like is to be able to somehow start an Xvnc session in
> which gdm is started, and then when I run vncviewer and issue the
> password, I'm placed into a gdm login screen, at which point I
> select my user and password and log in. This is the model of the old
> Xterminals of the 1990s.
> 
> does anyone have any tips/tricks on how to set up Xvnc or a
> vncserver set up so that I get a gdm login screen instead of going
> directly into the user's desktop?

So, the reason you're not supposed to do that -- or be happy
with the way vnc comes out of the box -- is that vnc is
unencrypted.

Set Xvnc to not listen on anything except localhost. Then back
that up with a firewall restriction -- really, you shouldn't
have to, because you do default deny, right?

Run an ssh tunnel to your server, LocalForward some port to the vnc port,
and point your vncviewer at localhost:0.

Now that you've got that working, you can do multiuser. 

Most of the info for that is here:
http://linuxreviews.org/howtos/xvnc/
but the short version is, enable xdcmp listening to localhost
for your display manager.

-dsr-