----- Original Message ----- From: "Tim McGarry" <[EMAIL PROTECTED]> To: <[EMAIL PROTECTED]> Cc: <[EMAIL PROTECTED]> Sent: Tuesday, July 23, 2002 4:22 PM Subject: Re Re: VNC and SSH tunneling
> I'm running the server on a solaris boxes, the users home directories are > not correctly secured (ie no Kerberos or DH security). It's too easy to grab > someones ~/.vnc/vncpasswd or even put in your own (vnc reads this file at > connection time, not server startup time). [snip] > The end result of this is that you have the full benefit of an SSH agant > connected to the SSH server but the moment the VNC session disconnects for > whatever reason the path back to the agent is lost, this is far more secure > that leaving a VNC server running and also the agent on the same box. > > Tim McGarry > > ----- Original Message ----- > From: "William Hooper" <[EMAIL PROTECTED]> > To: <[EMAIL PROTECTED]> > Sent: Tuesday, July 23, 2002 3:58 AM > Subject: Re: VNC and SSH tunneling > > > > ----- Original Message ----- > > From: "Tim McGarry" <[EMAIL PROTECTED]> > > To: <[EMAIL PROTECTED]> > > Sent: Monday, July 22, 2002 1:56 PM > > Subject: VNC and SSH tunneling [snip] > > > Does anyone have experience of this, what remote ports (5500? 5900?) do > I > > > need to forward and where do I forward them to [snip] > > > Tim McGarry > > Disclaimer - I've never tried so I reserve the right to be wrong! [snip] > > You also need a connection for the VNC session to go over once it is > > started. This would be over the normal port of 5900. So you need a > tunnel > > from the PuTTY machine to the OpenSSH server on port 5900. [snip] > > William Hooper Interesting (or in other words, over my head in terms of Unix knowledge LOL). Wouldn't it be better to secure the Home directories that way you are protecting all programs that store things in .files there (I'm sure there are many)? Maybe in addition to your other plan? Anyway, the real reason for my message is that I forgot to mention the ports change for each display (so your script might have to change to reflect that, definitely the PuTTY port forwarding will). The viewer always listens on 5500, but the view still increments one port for every display number. So assuming a local X server on the Solaris box (display :0) the first port will actually be 5901 for display :1, next 5902 for display :2 and so forth. Sorry I forgot that the first time. -- William Hooper If Barbie is so popular, why do you have to BUY her friends ? _______________________________________________ VNC-List mailing list [EMAIL PROTECTED] http://www.realvnc.com/mailman/listinfo/vnc-list
