On 2/11/11 9:30 PM, Eric Stadtherr wrote: > I see GnuTLS and libssh as providing fundamentally different > capabilities. GnuTLS provides transport-level encryption of application > data, which in TigerVNC's case provides encrypted RFB protocol over a > direct socket connection. libssh provides an authenticated login session > with a secure channel (tunnel) riding on top of it. The > application-level protocol does not change. > > My users use the SSH tunneling option of vncviewer out of necessity, > because many of the systems we support and use are configured to require > a user-specific operating system login (SSH) to connect, and the VNC > desktops are only available for local connection. The tunneling and > OS-level authentication are the important features, not the encryption. > In fact, I'm contemplating turning on "None" encryption support in the > SSH server... > > Like you say below, a manual ssh session with local port forwarding > would work, followed by a vncviewer pointed at "localhost::<port>." > However, using libssh within vncviewer would improve the performance by > eliminating the extra process and extra socket transfer (and would keep > my users from having to understand all the relevant port numbers in > great detail!!).
That's just it, though. If libssh is using GnuTLS, then it will not improve performance vs. OpenSSH. It will decrease performance by 70%. And it seems that we would have to use GnuTLS with libssh in order to avoid the licensing snafus of OpenSSL. That, to me, is a non-starter. ------------------------------------------------------------------------------ The ultimate all-in-one performance toolkit: Intel(R) Parallel Studio XE: Pinpoint memory and threading errors before they happen. Find and fix more than 250 security defects in the development cycle. Locate bottlenecks in serial and parallel code that limit performance. http://p.sf.net/sfu/intel-dev2devfeb _______________________________________________ Tigervnc-devel mailing list Tigervnc-devel@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/tigervnc-devel
