BLU Discuss list archive
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[Discuss] vnc
- Subject: [Discuss] vnc
- From: markw at mohawksoft.com (markw at mohawksoft.com)
- Date: Sun, 24 Aug 2014 12:22:41 -0400
- In-reply-to: <20140824161132.GE14848@randomstring.org>
- References: <53F9F6B9.4060505@stephenadler.com> <20140824161132.GE14848@randomstring.org>
I would opt to use openvpn instead of an SSH tunnel. You have a better control over security and "ease." > On Sun, Aug 24, 2014 at 10:29:13AM -0400, Stephen Adler wrote: >> I'm installing red hat enterprise linux on a server at home and I'm >> tweaking the vnc service setup. I've followed the instructions in >> the system admin guide, but I'm not liking the final set up. >> Basically I've enabled vncserver for a user registered on the >> system. When I reboot, the system spawns off Xvnc for the user. When >> I run vncviewer, I issue my password and then I have a vnc window of >> the desktop of the user on the system. >> >> My problem with this is that the password I issue to open up the >> vncviewer window to access the desktop of the user is not part of >> the /etc/passwd file, but some clear text password file. There are >> warnings in the documentation about this. >> >> What I would like is to be able to somehow start an Xvnc session in >> which gdm is started, and then when I run vncviewer and issue the >> password, I'm placed into a gdm login screen, at which point I >> select my user and password and log in. This is the model of the old >> Xterminals of the 1990s. >> >> does anyone have any tips/tricks on how to set up Xvnc or a >> vncserver set up so that I get a gdm login screen instead of going >> directly into the user's desktop? > > So, the reason you're not supposed to do that -- or be happy > with the way vnc comes out of the box -- is that vnc is > unencrypted. > > Set Xvnc to not listen on anything except localhost. Then back > that up with a firewall restriction -- really, you shouldn't > have to, because you do default deny, right? > > Run an ssh tunnel to your server, LocalForward some port to the vnc port, > and point your vncviewer at localhost:0. > > Now that you've got that working, you can do multiuser. > > Most of the info for that is here: > http://linuxreviews.org/howtos/xvnc/ > but the short version is, enable xdcmp listening to localhost > for your display manager. > > -dsr- > _______________________________________________ > Discuss mailing list > Discuss at blu.org > http://lists.blu.org/mailman/listinfo/discuss >
- Follow-Ups:
- [Discuss] vnc
- From: richard.pieri at gmail.com (Richard Pieri)
- [Discuss] vnc
- References:
- [Discuss] vnc
- From: adler at stephenadler.com (Stephen Adler)
- [Discuss] vnc
- From: dsr at randomstring.org (Dan Ritter)
- [Discuss] vnc
- Prev by Date: [Discuss] vnc
- Next by Date: [Discuss] vnc
- Previous by thread: [Discuss] vnc
- Next by thread: [Discuss] vnc
- Index(es):