Step 1: Read the
TightVNC FAQ. It states:
Quote:
..If you need real security, we recommend ... using SSH tunneling for all TightVNC connections from untrusted networks...
|
If you plan on opening your VNC server to the Internet, you can stop here, and learn how to use SSH tunneling.
Step 2: Read the
vncserver(1) man page. You will discover that it is a wrapper script for the Xvnc X11 server.
Step 3: Read the man page for
w(1). You will learn that it merely reads the information in /var/run/utmp, and produces output from it in human readable form.
Step 4: In w(1), note the SEE ALSO section recommends the
utmp(5) man page. Read it, and learn that it tracks log in and log out of users. It should become clear that users connecting to the tightvnc server are not logging in, they are merely connecting to the Xvnc daemon.
Step 5: Read the
Xvnc(1) man page. Note, under the BUGS section, that it says (higlight mine):
Quote:
...There are many security problems in current Xvnc implementation. It's recommended to restrict network access to Xvnc servers from untrusted network adresses. Probably, the best way to secure Xvnc server is to allow only loopback connections from the server machine (the -localhost option) and to use SSH tunneling for remote access to the Xvnc server.
|