How Secure is VNC over the Internet


Results 1 to 4 of 4

Thread: How Secure is VNC over the Internet

  1. #1
    Join Date
    Mar 2002
    Posts
    125

    How Secure is VNC over the Internet

    I am trying to find out if it is secure to use vnc to connect 2 remote stations over the internet.

    So far I understand that if I add ssh to wrap the vnc communication then the transmission is encrypted and secure but I have a hole in my firewall the port that the vnc is listening to?

    Can vnc used to change system settings?
    If I have a strong password is that enough?

  2. #2
    Join Date
    Oct 2000
    Location
    Calgary, Alberta, Canada
    Posts
    8,116
    Per our posting guidelines, please do not hijack old/other people's threads. If you have a question, then it is _your_ question so create a new thread. <thread split from hijacked thread>

    To answer your question, VNC is totally not secure unless you wrap it with SSH. VNC sends both password and screen-update data totally unencrypted. If you wrap it in SSH then it is perfectly fine for anything you may or may not need it for.

    PS: if the stations you need to connect to are linux/unix/bsd boxes (which I don't know if they are or not because you didn't say) then why not just SSH to them and do all your changes from a shell?

  3. #3
    Join Date
    Sep 2002
    Location
    San Antonio, TX
    Posts
    2,607
    Your firewall should only have port 22 (SSH open). If you have to open the port 5901, 5902, etc, you are not routing the VNC session over SSH completely. So, while the VNC client is listening to port 5901, it is behind your firewall. You "tell" ssh, when establishing a connection, "once you get the data at the destination, present it locally to port 5901", hence only port 22 should be open. You should also make sure to use VNC authentication and a decent password.

    So short story longer, it is as secure as ssh is.

    hlrguy
    Were you a Windows expert the VERY first time you looked at a computer with Windows, or did it take a little time.....
    My Linux Blog
    Linux Native Replacements for Windows Programs
    Mandriva One on a "Vista Home Barely" T3640 E-Machine runs great.

  4. #4
    Join Date
    Feb 2002
    Location
    CT
    Posts
    233
    vnc sends the password in cleartext. take a look at tightvnc which provides some basic encryption. While it is not very strong, it is better than nothing. And as has been said already, wrap it in ssh.
    "68 65 63 6B 6C 65"

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •