Secure VNC through SSH

[digitalgadfly]

I wasn't sure where to stick this useful piece. It is like a tutorial, just I didn't write it...

Recently having setup many remote Linux based 'security console' throughout the enterprise I needed to find a secure solution for remote administration. VNC is one of the easiest to set up and configure. The only problem was that VNC sends passwords plain text. In our environment this is not feasible. I found this article that will walk you through establishing your VNC connections through SSH. Most helpful.


http://www.uk.research.att.com/archive/vnc/sshvnc.html

I'd suggest this method to anyone using VNC in/on a public network. I am also still interested to know if anyone has any other 'secure' remote administration tactics for *nix boxes. Please let me know.

[kr5kernel]

Another option is tightVNC

http://www.tightvnc.com

How secure is TightVNC?

Although TightVNC encrypts VNC passwords sent over the net, the rest of the traffic is sent as is, unencrypted (for password encryption, VNC uses a DES-encrypted challenge-response scheme, where the password is limited by 8 characters, and the effective DES key length is 56 bits). So using TightVNC over the Internet can be a security risk. To solve this problem, we plan to work on built-in encryption in future versions of TightVNC.

In the mean time, if you need real security, we recommend installing OpenSSH, and using SSH tunneling for all TightVNC connections from untrusted networks.