> > >Dear All, > >We installed VNC successfully and using it in centOS.By default VNC is > >unencrypted.How do we change it into encrypted VNC service.thanks in > advance >
The easiest, but most effective, way to secure our connection to the VNC server is to connect through an encrypted*SSH tunnel*. This way the whole session will be encrypted. The rest assume that you have the SSH server up and running on your remote machine (server.example.com) and you know what SSH tunnels are. So, what we are going to do is to create an encrypted tunnel, and connect to our VNC server through it. We also want this tunnel to be *automatically closed* as soon as we shut down vncviewer. All this is done with the following command: # ssh -f -L 25903:127.0.0.1:5903 [email protected] sleep 10; vncviewer 127.0.0.1:25903:3 This is what it does: - *-L 25903:127.0.0.1:5903* forwards our local port 25903 to port 5903 on the remote machine. In other words, it creates the tunnel. - *-f* forks the SSH session to the background, while *sleep* is being executed on the remote machine. This ssh option is needed because we want to execute the following command (vncviewer) in the same *local* machine’s terminal. - *vncviewer* connects to the forwarded local port 25903 in order to connect to the VNC server through the encrypted tunnel. The *sleep* command is of major importance in the above line as it keeps the encrypted tunnel open for 10 seconds. If no application uses it during this period of time, then it’s closed. Contrariwise, if an application uses it during the 10 sec period, then the tunnel remains open until this application is shut down. This way the tunnel is *automatically closed* at the time we close vncviewer’s window, without leaving any SSH processes running on our workstation. This is pure convenience! More information can be found at the Auto-closing SSH Tunnels<http://www.g-loaded.eu/2006/11/24/auto-closing-ssh-tunnels/> article. Using SSH tunnels to conect to your VNC server has two advantages: 1. The whole session is encrypted. 2. Keeping port 5903 open on your remote machine *is no longer needed*, since all take place through the SSH tunnel. So, noone will know that you run a VNC server on the remote machine. For more detail info, check these links:- http://www.g-loaded.eu/2005/11/10/configure-vnc-server-in-fedora/ http://www.g-loaded.eu/2006/11/24/auto-closing-ssh-tunnels/ Regards subhojit ojha _______________________________________________ ILUGC Mailing List: http://www.ae.iitm.ac.in/mailman/listinfo/ilugc
