I can tell you exactly how this is different, but first I want to thank Mike Miller who pointed out that you need to disable vnc connection from hosts other than local host. I skipped that part as being an obvious one but it probably is not that obvious.
The difference of running ssh vs running plain vnc is that you can secure ssh in various ways and you can't secure vnc alone. For instance if you are a bit paranoid you can disable password authentication and use public/private key to authenticate. This method while a bit inconvenient is extremely hard to break. That is what should be used on any half way important system. VNC free edition is using simple challenge response with password length up to 8 characters (according to security faq). ssh can support much larger password. ssh also prevents "man in the middle" attacks where session can be intercepted. Free edition of vnc has no protection other than password authentication. Given that most peoples' computers not worth this kind of attacks you still are susceptible ssh also supports tcp wrappers and I am not sure if vnc does. This allows you to further limit systems that attack you. You can run something like DenyHosts or a utility that I wrote for myself called BanHosts. You can lookup both of them on google. Ether utility will limit number of unsuccessful connection attempts from any given host blocking any further attempts. I am sure if I try I can provide more examples for you but just these should be sufficient answer to your question. Regards, Alex Jaroslaw Rafa wrote: > Alex Pelts napisal(a): > [Charset iso-8859-1 unsupported, filtering to ASCII...] >> IMHO running VNC server exposed to the Internet is a bad idea in the >> first place. > > Why? > What is different in running a VNC server exposed to the Internet from > running a SSH (or even a telnet!) server exposed to the Internet, for > example? And there are many such servers out there... > It's like any remote access service - you run it, if you need it. Of course, > if you run such a service, you should be fully aware what you're doing. > Regards, > Jaroslaw Rafa > [EMAIL PROTECTED] _______________________________________________ VNC-List mailing list [email protected] To remove yourself from the list visit: http://www.realvnc.com/mailman/listinfo/vnc-list
