[OLUG] VNC Security

Vincent vraffensberger at home.com
Fri Dec 3 06:12:34 UTC 1999


I sent this last week.  I don't think it reached the list.

I promised to send out some security-related info on VNC.  Here it is
(and more):

You can tunnel it through SSH, but it looks a little more complicated
than it's worth compared to the other options like gnome-vnc, SSLeay and
vnc-wrappers.  VNC already has an authentication process, but after
that, it can be spied upon.

"Gnome-vnc contains some simple DES encryption routines, which are
necessary to perform the password authentication. I replaced the
original encryption routines that came with the VNC distribution with a
modified version of the DES code in Samba (in fact I crippled the code
further, so it has even fewer entry points, and is incapable of
generating reverse key schedules used in decryption). So gnome-vnc is as
legal as samba. Make up your own mind about whether you are allowed to
use it. "

I have most of it on my ftp:

X11-vnc    ftp://bofh.csm.edu/pub/linux/apps/RPM/
gnome-vnc  ftp://bofh.csm.edu/pub/linux/apps/tar/
win-vnc    ftp://bofh.csm.edu/pub/win32/apps/

SSH Guide for VNC:
http://www.uk.research.att.com/vnc/sshvnc.html

Also look at the contrib page for a version that uses SSLeay and a
wrapper utility:
http://www.uk.research.att.com/vnc/extras.html

Here's a list of all the platforms it runs on (I'd love to see the
PalmOS version in action):

http://www.uk.research.att.com/vnc/platforms.html

-- 
"Go away before I replace you with a very small shell script!"

-------------------------------------------------------------------------
Sent by OLUG Mailing list Manager, run by ezmlm.  http://olug.bstc.net/ 
To unsubscribe: `echo unsubsribe | mail olug-unsubscribe at bstc.net` 



More information about the OLUG mailing list