[Gloucs] VNC Apps?

Matthew Macdonald-Wallace gloucs at mailman.lug.org.uk
Fri Aug 29 12:14:00 2003 

On Fri, 2003-08-29 at 11:43, Mark wrote:
> On 29 Aug 2003, Matthew Macdonald-Wallace wrote:
> 
> > All,
> > 
> > A new semester is beckoning for me at university, and I'd quite like to
> > be able to use my computer from uni.  I've got dynDNS setup on my
> > firewall, I'm just wondering what the best VNC app is in peoples view. 
> 
> *shudder*
> 
> > I was using tightvnc over a lan, but obviously if this is gonna be going
> > over the net, it needs to be v. secure.  Also, a webfront end via JAVA
> > would be nice, coz the uni firewall is so 
> > strict.
>  
> 
> If you REALLY have to do the above.
> 
> I would suggest that you tunnel the vnc connection over ssh.
> 
> create a locally bound listening ssh session which has bound to your vnc 
> server. (man ssh and it's the -L option)
> 
> so then you will be able to connect to "localhost" with the vnclient of 
> your choice which will then be redirected to the remote box via ssh.
> 
> this enables you to not have to leave the worrying application which is 
> vnc open to the world. just have iptables deny access to it from anyone 
> but localhost. as when you are connected using ssh you will be localhost 
> as far as iptables is concerned.
> 
> Ofcourse you may also want to change the default sshd port.
> 
> thats my 2p worth.

OK, the problem is that the net at uni is *shudder* Win2K, no ssh,
telnet only, hence the fact that I wanted a web-access.  Ideally, I'd
like to do the whole thing over HTTP with a java app running on the
computer that VNC is running on, and VNC denying acces to anyone who
trys to connect via any other method than http.  I would also,
obviously, deny root priveleges and would probably setup a special user
purely for vnc connections that cannot su or write any of my files, just
read them and save them to its own home dir.  it certainly would not be
in the "wheel" group!

Would this work?

Cheers,

Matt 

--
+---------------------------------+
|Matthew Macdonald-Wallace        |
|The Truth Will Set you Free      |
|http://www.truthisfreedom.org.uk/|
+---------------------------------+
BOFH Excuse #104: backup tape overwritten with copy of system manager's
favourite CD