View Single Post
  #2   (View Single Post)  
Old 19th November 2008
jggimi's Avatar
jggimi jggimi is offline
More noise than signal
 
Join Date: May 2008
Location: USA
Posts: 7,977
Default

Step 1: Read the TightVNC FAQ. It states:
Quote:
..If you need real security, we recommend ... using SSH tunneling for all TightVNC connections from untrusted networks...
If you plan on opening your VNC server to the Internet, you can stop here, and learn how to use SSH tunneling.

Step 2: Read the vncserver(1) man page. You will discover that it is a wrapper script for the Xvnc X11 server.

Step 3: Read the man page for w(1). You will learn that it merely reads the information in /var/run/utmp, and produces output from it in human readable form.

Step 4: In w(1), note the SEE ALSO section recommends the utmp(5) man page. Read it, and learn that it tracks log in and log out of users. It should become clear that users connecting to the tightvnc server are not logging in, they are merely connecting to the Xvnc daemon.

Step 5: Read the Xvnc(1) man page. Note, under the BUGS section, that it says (higlight mine):
Quote:
...There are many security problems in current Xvnc implementation. It's recommended to restrict network access to Xvnc servers from untrusted network adresses. Probably, the best way to secure Xvnc server is to allow only loopback connections from the server machine (the -localhost option) and to use SSH tunneling for remote access to the Xvnc server.
Reply With Quote