>> Consider the following scenario:
>>
>> A tech support worker, behind a corporate firewall, accesses a user's PC
>> which is behind another corporate firewall. These firewalls are pretty
>> tight, and the only way the tech support worker has access to the user's
>> machine is through a single, dedicated VNC port or tunnel set up
>> semi-automatically via scripts running on the bastion hosts.
>
>If you're going to only have one protocol available through a firewall, you
>should make it SSH, not VNC. VNC is not only too special-purpose to be the
>single protoccol available, it's also not any more secure than telnet, for
>example and should therefore be tunnelled over SSH wherever possible.
Yes, and the intermediate tunnel would probably be SSH in this example.
This does *not* imply, however, that the tech support worker in question is
able to make that SSH tunnel point where he wants it to. Also, have you
ever tried to run FTP over SSH?
--------------------------------------------------------------
from: Jonathan "Chromatix" Morton
mail: [EMAIL PROTECTED] (not for attachments)
big-mail: [EMAIL PROTECTED]
uni-mail: [EMAIL PROTECTED]
The key to knowledge is not to rely on people to teach you it.
Get VNC Server for Macintosh from http://www.chromatix.uklinux.net/vnc/
-----BEGIN GEEK CODE BLOCK-----
Version 3.12
GCS$/E/S dpu(!) s:- a20 C+++ UL++ P L+++ E W+ N- o? K? w--- O-- M++$ V? PS
PE- Y+ PGP++ t- 5- X- R !tv b++ DI+++ D G e+ h+ r++ y+(*)
-----END GEEK CODE BLOCK-----
---------------------------------------------------------------------
To unsubscribe, send a message with the line: unsubscribe vnc-list
to [EMAIL PROTECTED]
See also: http://www.uk.research.att.com/vnc/intouch.html
---------------------------------------------------------------------
