Re: [tlug] VNC and security

["Stephen J. Turnbull" <stephen@example.com>]

Scott Robbins writes:

 > I leave it open by ssh, on a non-standard port.  (Security by
 > obscurity, but every little bit helps and it helps avoid automated
 > attempts to log in on port 22.)  I add to that by only giving one
 > username ssh access.

[[ Style Guide: Don't discuss the security here, even though he did
ask about it.  At this stage, it confuses the issue, which is the
operations needed to get VNC running with SSH.  Put security later
after the operational model is clear. ]]

 > Then, if you need to use X, you can manually start vncserver.
 > Now, you can use tightvncviewer--another binary that doesn't install
 > anything--to work with X.  

What I would do is have a separate SSH key for vnc use.  Put that key
in your .ssh/authorized_keys with the command to start VNC (it can be
a script with any of the stuff you need to do).  Tunnel the VNC
connection over the SSH connection.

Warning: if VNC is a TCP connection, you may need to be careful about
tuning maximum transfer size to get reasonable performance.  Try it
and see.