[Gloucs] VNC Apps?
Mark
gloucs at mailman.lug.org.uk
Fri Aug 29 18:08:01 2003
On 29 Aug 2003, Matthew Macdonald-Wallace wrote:
> On Fri, 2003-08-29 at 11:43, Mark wrote:
> > On 29 Aug 2003, Matthew Macdonald-Wallace wrote:
> >
> > > All,
> > >
> > > A new semester is beckoning for me at university, and I'd quite like to
> > > be able to use my computer from uni. I've got dynDNS setup on my
> > > firewall, I'm just wondering what the best VNC app is in peoples view.
> >
> > *shudder*
> >
> > > I was using tightvnc over a lan, but obviously if this is gonna be going
> > > over the net, it needs to be v. secure. Also, a webfront end via JAVA
> > > would be nice, coz the uni firewall is so
> > > strict.
> >
> >
> > If you REALLY have to do the above.
> >
> > I would suggest that you tunnel the vnc connection over ssh.
> >
> > create a locally bound listening ssh session which has bound to your vnc
> > server. (man ssh and it's the -L option)
> >
> > so then you will be able to connect to "localhost" with the vnclient of
> > your choice which will then be redirected to the remote box via ssh.
> >
> > this enables you to not have to leave the worrying application which is
> > vnc open to the world. just have iptables deny access to it from anyone
> > but localhost. as when you are connected using ssh you will be localhost
> > as far as iptables is concerned.
> >
> > Ofcourse you may also want to change the default sshd port.
> >
> > thats my 2p worth.
>
> OK, the problem is that the net at uni is *shudder* Win2K, no ssh,
> telnet only, hence the fact that I wanted a web-access. Ideally, I'd
> like to do the whole thing over HTTP with a java app running on the
> computer that VNC is running on, and VNC denying acces to anyone who
> trys to connect via any other method than http. I would also,
> obviously, deny root priveleges and would probably setup a special user
> purely for vnc connections that cannot su or write any of my files, just
> read them and save them to its own home dir. it certainly would not be
> in the "wheel" group!
>
> Would this work?
Yes there is no reason why, in theory it wouldnt work, rather you than me.
However if we actually look at the free, non-commecial windows version of
ssh from ssh.com we see that the ssh2.exe binary also has the support for
tunneling that I mentioned.
just take the binary from the installation if it will work solo.
>
> Cheers,
>
> Matt
>
> --
> +---------------------------------+
> |Matthew Macdonald-Wallace |
> |The Truth Will Set you Free |
> |http://www.truthisfreedom.org.uk/|
> +---------------------------------+
> BOFH Excuse #104: backup tape overwritten with copy of system manager's
> favourite CD
>
> _______________________________________________
> gloucs mailing list
> gloucs@mailman.lug.org.uk
> http://mailman.lug.org.uk/mailman/listinfo/gloucs
>
--
Mark
www.wwjh.net/~mark
"If you know yourself, knowing the enemy does not matter."