The only service attackers can even attempt to exploit your system from is SSH, and with public/private keys, that becomes very difficult (without stealing your key anyway). Using the method described in this guide, you don't have to leave your VNC server listening on your external ports, only your internal ones (in other words, your router can block port 5900 and you'll still be able to use it). An attacker has to peel away more layers of security to compromise your system (and SSH is one heck of a layer). So all in all, you probably DON'T need to encrypt VNC traffic (more), but there are a couple good selling points to this method: It's encoded, and many times encrypted anyway, and in order to sniff your traffic an attacker would have to have access to a machine in between the two connecting computers. Realistically, there really isn't a reason to encrypt VNC traffic. You can transport your private key with you (which means you have some sort of portable media, like a USB thumb drive or CD).These instructions were tested on Dapper, but the theory works on all Linux boxes (excluding specific commands, of course).
You have a router/firewall, and know how to open ports (for the ssh daemon) Also, learn how to set up a permanent virtual domain name for your computer (ie ) so you don't have to remember your IP address (which usually changes).īy the end of this Howto, you should be able to connect to your home computer from almost any PC that allows outboud connections (yes, even Windows Boxes, if you have a USB key). You will also learn how to set up a SSH server using ONLY public/private keys, on a non standard port, and how to tunnel all of your VNC traffic over this SSH connection. You will learn how to set up a VNC sever using Ubuntu's built in "Remote Desktop" feature. Thanks to xunil76 for the above suggestions. Condensed commands in step #3 to one line HOWTO: VNC over SSH using Public/Private keys From Windows
0 kommentar(er)
