Hi list, let me thank you first of all for this wonderful fast software. This is quite a relief compared to other VNC systems. It also installed quite well on RHEL and Ubuntu.
I'd like to accomplish the following but could not get through the manuals: We'd like to have one machine (RHEL) running one or more TurboVNC servers here. Three users should have their individual port and password to connect from a Ubuntu terminal or some other system running only a TurboVNC viewer. As soon as this runs, I will secure the thing via ssh tunnels as recommended. First, I've modified /etc/tvncservers to host three users: VNCSERVERS="1:first 2:second 3:third" VNCSERVERARGS[1]="-geometry 1280x1024 -nohttpd" VNCSERVERARGS[2]="-geometry 1680x1050 -nohttpd" VNCSERVERARGS[3]="-geometry 1900x1200 -nohttpd" first, second and third are valid Unix shell accounts. Next, I've logged in via shell as each of these users and started /opt/TurboVNC/bin/vncserver Looked like it did the right thing, BUT: 1. I would like to have all three server instances started automatically whenever booting the machine: How can this be accomplished? Is there a script to start / stop / reboot the servers as root? Can the three logins be served from one server or must there be 3 for 3 users? 2. Next, I want to add the ssh tunnel: How can I block users getting shell access BUT be able to login via VNC plus ssh tunnel? I want to make sure that the users have their desktop but may not move code from or to the session on the server (I know, except making screenshots) 3. Looks like the option -nohttpd within /etc/tvncservers has no effect. It seemed that setting $enableHTTP = 0 helped. 4. I thought I defined the screen ID number (:1, :2, :3) inside /etc/tvncservers (e.g. third = :3). When starting the tvncserver for used "third" after "first" it appears that port 5802 is opened for "third" and not 5803 as I expected. Where did I go wrong? 5. A word about security: As I understand, the VNC protocoll transports only bitmap information, thus no text that might be captured on the client machine or elsewhere. Can that be bypassed? Could an attacker manage to read or copy, lets say, sourcecode from the server machine when he/she only has TurboVNC access to it? We accept the risk of someone taking screenshots. Talking about the TurboVNC viewers on the client machines: 5. I'd like the clients to use the grabKeyboard and the fullScreen options: Where do I have to put that? Thanks in advance - Andreas
<<attachment: delleske.vcf>>
------------------------------------------------------------------------------ Protect Your Site and Customers from Malware Attacks Learn about various malware tactics and how to avoid them. Understand malware threats, the impact they can have on your business, and how you can protect your company and customers by using code signing. http://p.sf.net/sfu/oracle-sfdevnl
_______________________________________________ VirtualGL-Users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/virtualgl-users
