On 01/12/2013 11:32 AM, S. Dale Morrey wrote: > Just an FYI, I do have much more than basic sysadmin skills. > By horribly insecure I was referring to the protocol, running VNC > without tunneling via SSH is just as bad as telneting in.
Tunneling VNC over SSH is brain-dead easy. FreeNX is also encrypted by SSL and can pass X11 traffic, VNC, or Microsoft's RDP protocol. OpenNX is the client portion. > When I mentioned that I don't know enough to know how to secure it, I > was just trying to say that the protocol is badly broken and I'm not > sure what alternatives there are/were. VNC is no more broken than telnet. You just have to use them correctly (IE over a trusted LAN or trusted ssh tunnel). VNC is trivial to secure. Configure it to listen to localhost only (or use iptables), and do an ssh tunnel, or use FreeNX with it. > I have been doing some research though and it turns out that terminal > services via RDP does appear to be encrypted and you can set the > encryption level in the xrdp config file. > Why the heck it defaults to low I don't know though, so maybe someone > can explain that one to me. Tunneling all these protocols over FreeNX gives you variable compression and makes them even faster than they already are. Plus FreeNX limits your exposure to one port, SSH, which you want open anyway. Just FYI. /* PLUG: http://plug.org, #utah on irc.freenode.net Unsubscribe: http://plug.org/mailman/options/plug Don't fear the penguin. */
