I don't have all the info on this handy, and I'm working from memory of how the process works in theory, but I can supply you with something to get started on I think.
I believe what actually has to happen is that the remote client will connect to the Linux host using the standard SSH port, then loop back into the local VNC port. I'm not certain how that process gets handled within SSH, but for the VNC server there is only one modification: You need to set the LoopbackOnly parameter. This is handled on Windows systems in the registry and over-rides settings for two other values which could be used to do the same thing: the AllowLoopback setting (nromally disallowed) and the AuthHosts list which is used to restrict access to a limited set of hosts. There is a related QuerySetting parameter which defines a paranoia level for AuthHosts; I don't think it affects the situation if LoopbackOnly is set, but it *might*. If you've downloaded the docs, you want to look at sshvnc.html and xvnc.html. On the AT&T server, they are http://www.uk.research.att.com/vnc/xvnc.html and http://www.uk.research.att.com/vnc/sshvnc.html I did glance at them, and it looks like they include pretty good detail on how to do it. ----- Original Message ----- From: "Jerry L. Kazdan" <[EMAIL PROTECTED]> To: <[EMAIL PROTECTED]> Sent: Saturday/2002 February 02 12:46 Subject: How can I require ssh? : Background: : Our VNC server is a Linux computer. Most users come from Windows : using SecureCRT for ssh connections. While users can easily get a : secure connection using SecureCRT (we already configured this), they : can also connect and use VNC using an insecure connection. : : ==> How can we restrict clients running Windows to ONLY secure : connections? : : We should also solve this for clients on Macs. Note that I think this : sort of restriction is already possible to enforce for clients on : other Unix computers. : : The issue is critical since beginning in September, we will have a : campus-wide policy of not allowing insecure connections to our : servers. Thus, unless we solve the problem, VNC will become : disallowed. : : Thanks, : Jerry : --------------------------------------------------------------------- : To unsubscribe, mail [EMAIL PROTECTED] with the line: : 'unsubscribe vnc-list' in the message BODY : See also: http://www.uk.research.att.com/vnc/intouch.html : --------------------------------------------------------------------- --------------------------------------------------------------------- To unsubscribe, mail [EMAIL PROTECTED] with the line: 'unsubscribe vnc-list' in the message BODY See also: http://www.uk.research.att.com/vnc/intouch.html ---------------------------------------------------------------------
