Site Map - skip to main content - dyslexic font - mobile - text - print

Hacker Public Radio

Your ideas, projects, opinions - podcasted.

New episodes Monday through Friday.


hpr1606 :: Howto VNC

Klaatu talks about how to get to VNC up and running.

<< First, < Previous, Latest >>

Hosted by klaatu on 2014-09-29 is flagged as Clean and is released under a CC-BY-SA license.
Listen in ogg, spx, or mp3 format. | Comments (1)

Klaatu talks about how to get to VNC up and running. It focuses on x11vnc but basically it applies to any variety.

Virtual Network Computing
From Wikipedia, the free encyclopedia

In computing, Virtual Network Computing (VNC) is a graphical desktop sharing system that uses the Remote Frame Buffer protocol (RFB) to remotely control another computer. It transmits the keyboard and mouse events from one computer to another, relaying the graphical screen updates back in the other direction, over a network.
VNC is platform-independent – There are clients and servers for many GUI-based operating systems and for Java. Multiple clients may connect to a VNC server at the same time. Popular uses for this technology include remote technical support and accessing files on one's work computer from one's home computer, or vice versa.
VNC was originally developed at the Olivetti & Oracle Research Lab in Cambridge, United Kingdom. The original VNC source code and many modern derivatives are open source under the GNU General Public License.
There are a number of variants of VNC which offer their own particular functionality; e.g., some optimised for Microsoft Windows, or offering file transfer (not part of VNC proper), etc. Many are compatible (without their added features) with VNC proper in the sense that a viewer of one flavour can connect with a server of another; others are based on VNC code but not compatible with standard VNC.
VNC and RFB are registered trademarks of RealVNC Ltd. in the U.S. and in other countries.


Comments

Subscribe to the comments RSS feed.

Comment #1 posted on 2014-10-05T09:20:51Z by Ken Fallon

VNC is not secure

Hi Klaatu,

You mentioned several times in the show that VNC is secure, that is not the case unless people tunnel the session over ssh or a vpn as you have done. This was not clear and may lead someone to assume that VNC in itself is secure.

http://www.cl.cam.ac.uk/research/dtg/attarchive/vnc/sshvnc.html
"VNC uses a random challenge-response system to provide the basic authentication that allows you to connect to a VNC server. This is reasonably secure; the password is not sent over the network. Once you are connected, however, traffic between the viewer and the server is unencrypted, and could be snooped by someone with access to the intervening network. We therefore recommend that if security is important to you, you 'tunnel' the VNC protocol through some more secure channel such as SSH."

Even the "reasonably secure" statement is challenged here:
http://en.wikipedia.org/wiki/Virtual_Network_Computing#Security
"By default, RFB is not a secure protocol. While passwords are not sent in plain-text (as in telnet), cracking could prove successful if both the encryption key and encoded password are sniffed from a network. For this reason it is recommended that a password of at least 8 characters be used. On the other hand, there is also an 8-character limit on some versions of VNC; if a password is sent exceeding 8 characters, the excess characters are removed and the truncated string is compared to the password."

I have also seen VNC security questioned for not requiring a username and password.

Recommendations:
use the -localhost option so that only local (and tunneled) connections are allowed
use ssh tunneling
use the maximum size password allowed

Leave Comment

Powered by Comment Script