From: Sebastiaan Breedveld Sent: Monday, September 12, 2016 00:19 To: i iordanov; bVNC, aRDP, aSPICE, Opaque Android and BB10 Remote Desktop Clients Subject: Re: TigerVNC and x509 to deal with Diffie-Hellman issue |
iordanHi Sebastiaan,I decided to retrace your steps, but on Ubuntu 14.04. I grabbed a binary distribution of tigervnc, unpacked it, ran it with the options we have been discussing and it worked just fine with PAM authentication.
wget https://bintray.com/tigervnc/beta/download_file?file_path=tigervnc-1.6.90.x86_64.tar.gz
tar xf tigervnc-1.6.90.x86_64.tar.gz
openssl req -new -newkey rsa:2048 -days 3650 -nodes -x509 -keyout x509_ca.pem -out x509_crl.pem #accepted all defaults
./tigervnc-1.6.90.x86_64/usr/bin/vncserver -SecurityTypes=VeNCrypt,X509Plain -PlainUsers=MYUSERNAMEHERE -x509key=x509_ca.pem -x509cert=x509_crl.pemYou may need a newer version of TigerVNC? I am not sure.Cheers!On Tue, Sep 13, 2016 at 8:57 AM, Sebastiaan Breedveld <sebas...@zwartoog.nl> wrote:Yes, I assumed that.The Desktop TigerVNC (version 1.3) client fails in this case with: "No valid VeNCrypt sub-type"On Tue, 2016-09-13 at 02:21 +0300, iior...@gmail.com wrote:Just to confirm, i was talking about doing:vncserver -SecurityTypes=VeNCrypt,Plain -PlainUsers=ME -x509key=x509_ca.pem -x509cert=x509_crl.pemso also specifying the key and cert files.
iordan--
The conscious mind has only one thread of execution.
Subject: Re: TigerVNC and x509 to deal with Diffie-Hellman issue
Hi,No, it just connects, without asking for any certificate.
From: Sebastiaan Breedveld Sent: Wednesday, September 14, 2016 13:13 To: i iordanov Cc: bVNC, aRDP, aSPICE, Opaque Android and BB10 Remote Desktop Clients |