Thom: The easiest way to secure VNC is to tunnel it over SSH, whether that be PuTTY or something else. There's an easy "how-to" at http://www.benjamin.weiss.name/putty-tunnel.html for PuTTY and VNC. That's what I use to connect to my linux box at home over the internet... And here's the script I use to initiate the VNC server: vncserver -depth 8bpp -geometry 1024x768 -nevershared -localhost
Since I'm doing this over the internet and speed is my main concern I have it set to use 8-bit color instead of "full" color. Also, there's various FAQs on how to get VNC to run as a service under *nix. I'm not familiar with Sun O/S, but I know it's basically unix, so it should be pretty similar to the way it's done in linux. I'm sure someone out there with "real-world" Sun experience can explain how to do it. In any event, the ssh-tunneled VNC session (using the -localhost option on the server) should make your IT people rethink their objections. Good luck! -----Original Message----- From: Thom G Gillis [mailto:[EMAIL PROTECTED] Sent: Thursday, October 21, 2004 11:18 AM To: [EMAIL PROTECTED] Cc: [EMAIL PROTECTED] Subject: Security using VNC behind Firewall Hi Wez I am sending this directly ( and copying not to the forum ) - hope that's OK since I perceived that you may be able to give me some quick/easy references where I can find the information I need. I am the system admin and GIS admin for a section of a provincial govt. dept running a SUN server as a File and App server and accessing it from PC-Windows desktops. I was experimenting with using VNC for accessing the SUN Server from win2k desktops ( we had been using Hummingbird Exceed ). Since we were not using most of the other tools available in the Hummingbird package I decided to investigate VNC. The first advantage which was immediately obvious ( aside from cost ) was that the session was run on the server instead of the desktop so that a desktop failure ( for whatever reason ) did not end the session and destroy work in progress. Second benefit was that we were able to create more than one session ( eg as different users ) and access them sequentially on the desktop. Our Corporate IT group deemed that the security risks were too great and we were told to remove the software and go back to the old approach. That I did but since then I have been browsing the forum mailings even though we are no longer using VNC to get a better idea of what the actual security issues really are. Didn't notice anything which seemed to match our situation but there were a lot to read through. We were using the service internally only - behind a firewall ( or two ) on a LAN consisting of many PCs and several windows servers - as well as a few UNIX boxes serving up data and apps for sections employing GIS. I thought that security should be pretty easily established in such a situation ( I have not been heavily involved in that side of things ) - but the people in charge said that making the setup secure was complicated and expensive (requiring much tweaking by our ISP at the I am a little dubious of their claims and would like to find some good documentaion on procedures to make such a setup viable. Can you refer me to some discussion papers or publications ( paper, electronic or Web based ) which would benefit me in my quest regards Thom Gillis _______________________________________________ VNC-List mailing list [EMAIL PROTECTED] To remove yourself from the list visit: http://www.realvnc.com/mailman/listinfo/vnc-list _______________________________________________ VNC-List mailing list [EMAIL PROTECTED] To remove yourself from the list visit: http://www.realvnc.com/mailman/listinfo/vnc-list
