Help Web Instructions for installing RealVNC software on windows is found at http://www.cis.rit.edu/~support/mikey/guides/VNC/
Making VNC more secure using SSH
VNC uses a random challenge-response system to provide the basic authentication that allows you to connect to a VNC server. This is reasonably secure; the password is not sent over the network. Once you are connected, however, traffic between the viewer and the server is unencrypted, and could be snooped by someone with access to the intervening network. We therefore recommend that you 'tunnel' the VNC protocol through some more secure channel such as SSH.Installation
SSH connections require an ssh connection. To get the full functionality that as SSH connection can give you when using VNC, look into using a command based ssh client.- On Windows machines, this usually requires the use of Cygwin
Basic Use
SSH normally just provides you with a 'Secure Shell' - i.e. a login window to a remote machine. All traffic is encrypted between the two machines using public key encryption techniques, making it really very difficult for anyone else to spy on it. Once SSH is installed, you could connect to a machine called 'snoopy' from elsewhere simply by running the SSH client: ssh snoopy- (You may need more options depending on your situation). You would then be prompted for the password of your account on snoopy and you would be logged in, just like a telnet session, but safer. However, SSH has some nice extra tricks up its sleeve. You can also request that it listens on a particular port on your local machine, and forwards that down the secure connection to a port on a machine at the other end.
- For example: ssh -L x:localhost:y snoopy means "Start an SSH connection to snoopy, and also listen on port x on my machine, and forward any connections there to port y on snoopy."
- Remember that if you want to use the Java VNC viewer, you will need to forward the 58xx ports as well as the 59xx ports.
- Note that the above SSH command-line is deliberately meant to accept incoming connections only from the local machine. This means that to use the SSH connection that we have just set up, we must connect to it from the same machine, using the special name 'localhost', rather than using the machine's own unique name.
- A quick note if you're using the Unix VNC viewer to connect via SSH: By default, when the viewer connects to a server on the local machine, it uses VNC's 'raw' pixel encoding because this generally gives better performance for local access. If this 'server' is actually an SSHD redirecting the data to another machine, you probably want to override this using the -hextile option to the viewer, or you will send a lot more data over the network than is necessary. (On the latest versions of the viewer, use -encodings "copyrect hextile").
Compression
SSH has another advantage. It can compress the data as well. This is particularly useful if the link between you and the server is a slow one, such as a modem, but even on a faster network it can help make up for the fact that the encryption takes a certain amount of time and so can slow the link down a little. To add simple compression, use the -C option (or +C in ssh2). For more control, set it up in your ssh configuration files (see the man page for details). To see how much your data is being compressed, use the -v option.
Log In
Help Web
Create New Topic
Index
Search
Changes
Notifications
Statistics
Preferences
Help |
|
Copyright © by the contributing authors. All material on this collaboration platform is the property of the contributing authors. Ideas, requests, problems regarding TWiki? Send feedback