Hi You should have a log file in ~/.vnc
I think the following configuration files are worth saving and checking: /etc/vnc.conf ~/.vncrc /etc/X11/xorg.conf (should only be for font stuff though) I think the $authType is of most importance. It should be $authType = "-rfbauth $vncUserDir/passwd"; Also an output of "ps xa" can help as you will then know if -rfbauth hass been added to the Xtightvncserver command or not run by tightvncserver script. // Ola On Wed, 2 Jan 2019 at 15:46, Christoph Terasa <christ...@kohlio.de> wrote: > Hi Ola, > > thank you for your answer. I checked: > > $ ls -l /etc/alternatives/vnc* > lrwxrwxrwx 1 root root 24 Jul 27 2017 /etc/alternatives/vncconnect -> > /usr/bin/tightvncconnect > lrwxrwxrwx 1 root root 40 Jul 27 2017 /etc/alternatives/vncconnect.1.gz > -> /usr/share/man/man1/tightvncconnect.1.gz > lrwxrwxrwx 1 root root 23 Jul 27 2017 /etc/alternatives/vncpasswd -> > /usr/bin/tightvncpasswd > lrwxrwxrwx 1 root root 39 Jul 27 2017 /etc/alternatives/vncpasswd.1.gz -> > /usr/share/man/man1/tightvncpasswd.1.gz > lrwxrwxrwx 1 root root 23 Jul 27 2017 /etc/alternatives/vncserver -> > /usr/bin/tightvncserver > lrwxrwxrwx 1 root root 39 Jul 27 2017 /etc/alternatives/vncserver.1.gz -> > /usr/share/man/man1/tightvncserver.1.gz > > > Before I will purge my configuration as well, I would try to keep my > system in its current state. Is there are way to get more debugging info > from tightvncserver, or a log file? The man page does not seem to mention > anything in that regard. > > > kind regards, > Christoph > > > On 1/2/19 1:26 AM, Ola Lundqvist wrote: > > Hi Jan > > Thank you for the report. > I have now tested this myself. I purged all vnc software installed, > installed tightvncserver, run tightvncserver and then run vncpasswd to set > a password. > I failed to reproduce the problem. I'm asked for a password. > > So the question is what you did differently. Can it be so that you have > some other vncpasswd software as an alternative and that happen to not be > updating the same things? > > Best regards > > // Ola > > On Mon, 31 Dec 2018 at 15:33, Jan Christoph Terasa <christ...@kohlio.de> > wrote: > >> Package: tightvncserver >> Version: 1:1.3.9-9 >> Severity: grave >> Tags: security >> Justification: user security hole >> >> Dear Maintainer, >> >> I installed tightvncserver on my VPS machine via apt. This did set up >> tightvncserver as an alternative for vncserver. Using a normal user >> account and >> starting vncserver for the first time asks for a 8-letter password. My >> assumption >> is this password will be used to authenticate users when connecting to >> the vnc >> server. >> >> After starting the vnc server via vncserver script, it is served on port >> 5901. >> On the client machine I use vinagre to connect to the server on port >> 5901. When >> connecting, I am not asked for a password, but rather directly taken to >> the X >> session. I would have expected the server to ask for the password I >> specified >> earlier. >> >> As a workaround, to ensure the integrity of the system, I set up iptable >> rules to >> not allow direct WAN connections to this port, but only allow local >> connections >> and use an SSH tunnel for connecting to the vnc server. >> >> >> kind regards, >> Christoph >> >> >> -- System Information: >> Debian Release: buster/sid >> APT prefers oldstable-updates >> APT policy: (500, 'oldstable-updates'), (500, 'testing'), (500, >> 'oldstable') >> Architecture: amd64 (x86_64) >> >> Kernel: Linux 4.14.17-xxxx-std-ipv6-64 (SMP w/2 CPU cores) >> Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8), >> LANGUAGE=en_US:en (charmap=UTF-8) >> Shell: /bin/sh linked to /bin/bash >> Init: systemd (via /run/systemd/system) >> >> Versions of packages tightvncserver depends on: >> ii libc6 2.27-8 >> ii libjpeg62-turbo 1:1.5.2-2+b1 >> ii libx11-6 2:1.6.7-1 >> ii libxext6 2:1.3.3-1+b2 >> ii perl 5.28.0-3 >> ii x11-common 1:7.7+19 >> ii x11-utils 7.7+4 >> ii xauth 1:1.0.10-1 >> ii xserver-common 2:1.20.3-1 >> ii zlib1g 1:1.2.11.dfsg-1 >> >> Versions of packages tightvncserver recommends: >> ii x11-xserver-utils 7.7+8 >> ii xfonts-base 1:1.0.4+nmu1 >> >> Versions of packages tightvncserver suggests: >> pn tightvnc-java <none> >> >> -- no debconf information >> > > > -- > --- Inguza Technology AB --- MSc in Information Technology ---- > / o...@inguza.com Folkebogatan 26 \ > | o...@debian.org 654 68 KARLSTAD | > | http://inguza.com/ Mobile: +46 (0)70-332 1551 | > \ gpg/f.p.: 7090 A92B 18FE 7994 0C36 4FE4 18A1 B1CF 0FE5 3DD9 / > --------------------------------------------------------------- > > > -- --- Inguza Technology AB --- MSc in Information Technology ---- / o...@inguza.com Folkebogatan 26 \ | o...@debian.org 654 68 KARLSTAD | | http://inguza.com/ Mobile: +46 (0)70-332 1551 | \ gpg/f.p.: 7090 A92B 18FE 7994 0C36 4FE4 18A1 B1CF 0FE5 3DD9 / ---------------------------------------------------------------
