Secure VNC with SSL

Posted on April 1, 2008 by ergut

A detailed explanation of how to make VNC work over SSL can be found here. Reading that and the e-mail discussions here, I’d like to summarize the procedure:

SERVER

  • Create the certificate stunnel.pem (Follow the instructions given at the link above)
  • Run VNC server: vncserver :5
  • Create a secure tunnel: stunnel -d 5950 -r 5905 -p /path/to/stunnel.pem
  • Download the source code of x11vnc. Copy the VncViewer.jar and SignedVncViewer.jar into a folder accessible by the webserver, e.g. “/vnc
  • Create an index.html file with the following content (replace YOUR-HOSTNAME with your hostname): 
    <html>
<body>
<applet code="VncViewer.class" archive="VncViewer.jar" width="800" height="600">
<param name="PORT" value="5950" />
<param name="HOST" value="YOUR-HOSTNAME" />
<param name="Open New Window" value="no" />
<!-- the following helps in Opera:
<param name="Cursor shape updates" value="Disable" />
-->
</applet>
</body>
</html>

CLIENT

From a web browser you can access to the following address:

http://YOUR-HOSTNAME/vnc

Even better, if you setup the directory under SSL domain:

https://YOUR-HOSTNAME/vnc

Advertisement

Filed under: linux, remote access, vnc | Leave a comment »

Remote access to your parents’ computer

Posted on April 1, 2008 by ergut

You can’t always be there for your parents when they need your help desperately for their computer problems. I resolved this issue with some basic software that I’d like to share. I’d like to give the basics first and I will provide more details when I have more time.

What is the problem?

  • Remote computer (Possibly Windows PC) do not have a public address.
  • You have a Linux server with a public IP address.
  • You want to be able to securely access the remote computer.

What software?

  • Putty
  • TightVNC

How?

  1. Install TightVNC and launch TightVNC server
    1. Set a password
    2. Optional: Only allow connections from localhost for security
  2. Install Putty
    1. Create a session to connect to your Linux server
    2. In the SSH options click on the tunnel and create a remote port forwarding. (Source: 5900, Destination: localhost:5911, Remote option selected)
    3. Save and connect to your server
    4. Optional: You can create keys to login to your server without a password. One less password to remember for them.
  3. At the Linux server, launch vncviewer to port 5911, i.e. vncviewer localhost:11

Some security tips

  • We are using putty because tunneling VNC over SSH makes it secure. You can also setup VNC over SSL and access their computer from any browser. Check out this post.
  • Allowing only local access makes it more secure against external attacks. TightVNC server only responds if the Putty is running.

Filed under: remote access, vnc | Tagged: , , , | Leave a comment »