Hi,
I checked using another testing installation, and that asked for a
password upon connecting. I realized the problem was that I have used
the vinagre client in the past to connect to a VNC server on the same
target machine, with the same password. So vinagre had the password
still stored internally in the gnome keyring. After deleting the cached
password i get the password prompt in vinagre.
This is embarrasing. I'm very sorry for having wasted your time with
this, this bug should be closed.
have a nice evening,
Christoph
On 1/3/19 1:11 PM, Ola Lundqvist wrote:
Hi
You should have a log file in ~/.vnc
I think the following configuration files are worth saving and checking:
/etc/vnc.conf
~/.vncrc
/etc/X11/xorg.conf (should only be for font stuff though)
I think the $authType is of most importance. It should be
$authType = "-rfbauth $vncUserDir/passwd";
Also an output of "ps xa" can help as you will then know if -rfbauth
hass been added to the Xtightvncserver command or not run by
tightvncserver script.
// Ola
On Wed, 2 Jan 2019 at 15:46, Christoph Terasa <christ...@kohlio.de
<mailto:christ...@kohlio.de>> wrote:
Hi Ola,
thank you for your answer. I checked:
$ ls -l /etc/alternatives/vnc*
lrwxrwxrwx 1 root root 24 Jul 27 2017
/etc/alternatives/vncconnect -> /usr/bin/tightvncconnect
lrwxrwxrwx 1 root root 40 Jul 27 2017
/etc/alternatives/vncconnect.1.gz ->
/usr/share/man/man1/tightvncconnect.1.gz
lrwxrwxrwx 1 root root 23 Jul 27 2017 /etc/alternatives/vncpasswd
-> /usr/bin/tightvncpasswd
lrwxrwxrwx 1 root root 39 Jul 27 2017
/etc/alternatives/vncpasswd.1.gz ->
/usr/share/man/man1/tightvncpasswd.1.gz
lrwxrwxrwx 1 root root 23 Jul 27 2017 /etc/alternatives/vncserver
-> /usr/bin/tightvncserver
lrwxrwxrwx 1 root root 39 Jul 27 2017
/etc/alternatives/vncserver.1.gz ->
/usr/share/man/man1/tightvncserver.1.gz
Before I will purge my configuration as well, I would try to keep
my system in its current state. Is there are way to get more
debugging info from tightvncserver, or a log file? The man page
does not seem to mention anything in that regard.
kind regards,
Christoph
On 1/2/19 1:26 AM, Ola Lundqvist wrote:
Hi Jan
Thank you for the report.
I have now tested this myself. I purged all vnc software
installed, installed tightvncserver, run tightvncserver and then
run vncpasswd to set a password.
I failed to reproduce the problem. I'm asked for a password.
So the question is what you did differently. Can it be so that
you have some other vncpasswd software as an alternative and that
happen to not be updating the same things?
Best regards
// Ola
On Mon, 31 Dec 2018 at 15:33, Jan Christoph Terasa
<christ...@kohlio.de <mailto:christ...@kohlio.de>> wrote:
Package: tightvncserver
Version: 1:1.3.9-9
Severity: grave
Tags: security
Justification: user security hole
Dear Maintainer,
I installed tightvncserver on my VPS machine via apt. This
did set up
tightvncserver as an alternative for vncserver. Using a
normal user account and
starting vncserver for the first time asks for a 8-letter
password. My assumption
is this password will be used to authenticate users when
connecting to the vnc
server.
After starting the vnc server via vncserver script, it is
served on port 5901.
On the client machine I use vinagre to connect to the server
on port 5901. When
connecting, I am not asked for a password, but rather
directly taken to the X
session. I would have expected the server to ask for the
password I specified
earlier.
As a workaround, to ensure the integrity of the system, I set
up iptable rules to
not allow direct WAN connections to this port, but only allow
local connections
and use an SSH tunnel for connecting to the vnc server.
kind regards,
Christoph
-- System Information:
Debian Release: buster/sid
APT prefers oldstable-updates
APT policy: (500, 'oldstable-updates'), (500, 'testing'),
(500, 'oldstable')
Architecture: amd64 (x86_64)
Kernel: Linux 4.14.17-xxxx-std-ipv6-64 (SMP w/2 CPU cores)
Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8
(charmap=UTF-8), LANGUAGE=en_US:en (charmap=UTF-8)
Shell: /bin/sh linked to /bin/bash
Init: systemd (via /run/systemd/system)
Versions of packages tightvncserver depends on:
ii libc6 2.27-8
ii libjpeg62-turbo 1:1.5.2-2+b1
ii libx11-6 2:1.6.7-1
ii libxext6 2:1.3.3-1+b2
ii perl 5.28.0-3
ii x11-common 1:7.7+19
ii x11-utils 7.7+4
ii xauth 1:1.0.10-1
ii xserver-common 2:1.20.3-1
ii zlib1g 1:1.2.11.dfsg-1
Versions of packages tightvncserver recommends:
ii x11-xserver-utils 7.7+8
ii xfonts-base 1:1.0.4+nmu1
Versions of packages tightvncserver suggests:
pn tightvnc-java <none>
-- no debconf information
--
--- Inguza Technology AB --- MSc in Information Technology ----
/ o...@inguza.com <mailto:o...@inguza.com>
Folkebogatan 26 \
| o...@debian.org <mailto:o...@debian.org> 654
68 KARLSTAD |
| http://inguza.com/ Mobile: +46 (0)70-332 1551 |
\ gpg/f.p.: 7090 A92B 18FE 7994 0C36 4FE4 18A1 B1CF 0FE5 3DD9 /
---------------------------------------------------------------
--
--- Inguza Technology AB --- MSc in Information Technology ----
/ o...@inguza.com <mailto:o...@inguza.com> Folkebogatan 26
\
| o...@debian.org <mailto:o...@debian.org> 654 68 KARLSTAD
|
| http://inguza.com/ Mobile: +46 (0)70-332 1551 |
\ gpg/f.p.: 7090 A92B 18FE 7994 0C36 4FE4 18A1 B1CF 0FE5 3DD9 /
---------------------------------------------------------------
