All true. However, I tried to use SSH as a "server" on Win9x once - it would connect, and then hang. Of course, this was over a year ago, so I don't know if that's improved or not. I use Zebedee for tunneling - easy to set up, has both Win32 and Linux servers/clients.
The other thing which is easy to overlook is once you have a tunnel solution working, lock the vnc server down to only accept connections from localhost - ie, on Windows, when testing set the "AllowLoopback" reg key to 1, and then when you've found a solution that works, either set the "LoopbackOnly" key to 1, or set AuthHosts to "-:+127.0.0.1" or "-:?127.0.0.1" if you want the user to be prompted to accept/reject the connection. Actually, if you search the mailing list from years past, I wrote a little Howto on setting up Winvnc with Zebedee. The versions are a bit dated but the principles are the same. Glenn -----Original Message----- From: Alex Angelopoulos [mailto:[EMAIL PROTECTED]] Sent: Tuesday, February 05, 2002 5:47 PM To: [EMAIL PROTECTED] Subject: Re: Secure Windows Connection I think SSH is the best route to go in general, for a few reasons. (1) If you set up application A to run over SSH, when people start worrying about B through Z it's simple to plug in. (2) From what I understand, you make almost anything run over SSH. (Take that with a chunk of salt, though - I've only done it with about 3 things in the past). (3) As opposed to many other secure connections, it apparently tends to do a good job of compressing data. This is based on the ORL/AT&T comments about SSH, not broad personal experience. I can tell you that I found several console sessions I have runs using SSH to remote systems to be extremely peppy. (4) Usage out there is wide, even though not common. It works for both Unices and Windows, of course. Note that the issue of browser interface is not excluded by using SSH either. You can tunnel that through the SSH connection if someone wants to use a browser on their end; whatever they use, the packets then get passed out in the SSH tunnel. ----- Original Message ----- From: "Jeff Baldwin" <[EMAIL PROTECTED]> To: <[EMAIL PROTECTED]> Sent: Tuesday/2002 February 05 17:08 Subject: Secure Windows Connection : Ok.. I have seen this topic aeveral times on this list, and each time it : seems it has come to a somewhat unclear conclusion (at least in my : mind). Finally, I have run into the same road block as many others, I : have numerous VNC Servers on 'our' network and the idea of insecure : communications across the network is really starting to 'irk' me. : : With the information I gain/apply here, I will write up a complete howto : for securing VNC connections. Ok.. w/ that said, I now have to ask some : questions.. : : What is the 'best' most secure way to communicate w/ VNC Server on a : network? : : Most of my clients are Windows users, however I use ONLY Linux and have : many spare Linux boxen that I could use as 'middle men' if neccesary to : port forward the SSH connection. : : So, basically all I'm looking to do here is find out how to secure a VNC : connection, should I use the browser interface, ssh, etc..?? : : Thanks : : Jeff : --------------------------------------------------------------------- : To unsubscribe, mail [EMAIL PROTECTED] with the line: : 'unsubscribe vnc-list' in the message BODY : See also: http://www.uk.research.att.com/vnc/intouch.html : --------------------------------------------------------------------- --------------------------------------------------------------------- To unsubscribe, mail [EMAIL PROTECTED] with the line: 'unsubscribe vnc-list' in the message BODY See also: http://www.uk.research.att.com/vnc/intouch.html --------------------------------------------------------------------- --------------------------------------------------------------------- To unsubscribe, mail [EMAIL PROTECTED] with the line: 'unsubscribe vnc-list' in the message BODY See also: http://www.uk.research.att.com/vnc/intouch.html ---------------------------------------------------------------------
