[Gloucs] VNC Apps?

Mark gloucs at mailman.lug.org.uk
Fri Aug 29 18:08:01 2003


On 29 Aug 2003, Matthew Macdonald-Wallace wrote:

> On Fri, 2003-08-29 at 11:43, Mark wrote:
> > On 29 Aug 2003, Matthew Macdonald-Wallace wrote:
> > 
> > > All,
> > > 
> > > A new semester is beckoning for me at university, and I'd quite like to
> > > be able to use my computer from uni.  I've got dynDNS setup on my
> > > firewall, I'm just wondering what the best VNC app is in peoples view. 
> > 
> > *shudder*
> > 
> > > I was using tightvnc over a lan, but obviously if this is gonna be going
> > > over the net, it needs to be v. secure.  Also, a webfront end via JAVA
> > > would be nice, coz the uni firewall is so 
> > > strict.
> >  
> > 
> > If you REALLY have to do the above.
> > 
> > I would suggest that you tunnel the vnc connection over ssh.
> > 
> > create a locally bound listening ssh session which has bound to your vnc 
> > server. (man ssh and it's the -L option)
> > 
> > so then you will be able to connect to "localhost" with the vnclient of 
> > your choice which will then be redirected to the remote box via ssh.
> > 
> > this enables you to not have to leave the worrying application which is 
> > vnc open to the world. just have iptables deny access to it from anyone 
> > but localhost. as when you are connected using ssh you will be localhost 
> > as far as iptables is concerned.
> > 
> > Ofcourse you may also want to change the default sshd port.
> > 
> > thats my 2p worth.
> 
> OK, the problem is that the net at uni is *shudder* Win2K, no ssh,
> telnet only, hence the fact that I wanted a web-access.  Ideally, I'd
> like to do the whole thing over HTTP with a java app running on the
> computer that VNC is running on, and VNC denying acces to anyone who
> trys to connect via any other method than http.  I would also,
> obviously, deny root priveleges and would probably setup a special user
> purely for vnc connections that cannot su or write any of my files, just
> read them and save them to its own home dir.  it certainly would not be
> in the "wheel" group!
> 
> Would this work?



Yes there is no reason why, in theory it wouldnt work, rather you than me.

However if we actually look at the free, non-commecial windows version of 
ssh from ssh.com we see that the ssh2.exe binary also has the support for 
tunneling that I mentioned.

just take the binary from the installation if it will work solo.


> 
> Cheers,
> 
> Matt 
> 
> --
> +---------------------------------+
> |Matthew Macdonald-Wallace        |
> |The Truth Will Set you Free      |
> |http://www.truthisfreedom.org.uk/|
> +---------------------------------+
> BOFH Excuse #104: backup tape overwritten with copy of system manager's
> favourite CD
> 
> _______________________________________________
> gloucs mailing list
> gloucs@mailman.lug.org.uk
> http://mailman.lug.org.uk/mailman/listinfo/gloucs
> 

-- 
	       		   Mark
         	   www.wwjh.net/~mark
 "If you know yourself, knowing the enemy does not matter."