l i n u x - u s e r s - g r o u p - o f - d a v i s
Next Meeting:
July 7: Social gathering
Next Installfest:
Latest News:
Jun. 14: June LUGOD meeting cancelled
Page last updated:
2010 Mar 27 19:59

The following is an archive of a post made to our 'vox-tech mailing list' by one of its subscribers.

Report this post as spam:

(Enter your email address)
Re: [vox-tech] vnc highjacked?
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [vox-tech] vnc highjacked?

You can further edit the vncserver script so that sessions only allow
local connections, which is what you make when you connect through the
tunnel that Alex suggested.  To make that step even more explicit, you
create the tunnel by doing:

local $ ssh -L 5901:localhost:5901 remote-host

where remote-host is where the vnc server is running, and "localhost"
is literally the string "localhost" and not some other hostname (this
is assuming that the desired desktop is on the first vnc display).
You then connect with

$ vncviewer localhost:1


On Sat, Mar 27, 2010 at 6:43 PM, Alex Mandel <tech_dev@wildintellect.com> wrote:
> Bill Kendrick wrote:
>> On Sat, Mar 27, 2010 at 08:50:03PM -0400, Hai Yi wrote:
>>> Hello All:
>>> I installed a x11vnc on my home server, and scarily found that someone
>>> is remotely controlling my desktop: when I use vncviewer to see my
>>> server's desktop, i noticed the mouse moving on the browser and typed
>>> in some paypal sites to open them.
>> Have you looked at:
>>   http://en.wikipedia.org/wiki/VNC#Security
>> It starts out with: "By default, VNC is not a secure protocol",
>> so I guess the next question is: were you limiting VNC access in any
>> way?  If not, then your computer is probably wide open for anyone
>> who can see it. :^/
>> -bill!
>> (who admittedly doesn't know much about VNC)
> That's pretty much the story,
> my method to a slightly secure vnc:
> 1. Have a firewall blocking all ports that I don't need to see from the
> outside. Basically only 22, 80,443(the last 2 for web server/https)
> 2. I don't have x11vnc running all the time, I have to manually start it.
> 3. I tunnel in via ssh and foward the vnc port I want to use, start the
> vnc when I want to connect and then shut it down when not in use and
> close my ssh connection.
> That's what I would recommend to prevent unwanted vnc connections. Now
> all you have to worry about it ssh hacks.
> You should be able to see in the vnc logs where the connection is coming
> from if you really want to know.
> Alex
> _______________________________________________
> vox-tech mailing list
> vox-tech@lists.lugod.org
> http://lists.lugod.org/mailman/listinfo/vox-tech
vox-tech mailing list

LUGOD Group on LinkedIn
Sign up for LUGOD event announcements
Your email address:
LUGOD Group on Facebook
'Like' LUGOD on Facebook:

Hosting provided by:
Sunset Systems
Sunset Systems offers preconfigured Linux systems, remote system administration and custom software development.

LUGOD: Linux Users' Group of Davis
PO Box 2082, Davis, CA 95617
Contact Us

LUGOD is a 501(c)7 non-profit organization
based in Davis, California
and serving the Sacramento area.
"Linux" is a trademark of Linus Torvalds.

Sponsored in part by:
EDGE Tech Corp.
For donating some give-aways for our meetings.