Error when trying to VNC through SSH tunnel to Centos Server on Chromebook

335 views
Skip to first unread message

Douglas Kerr

unread,
Oct 1, 2021, 9:58:38 PM10/1/21
to bVNC, aRDP, aSPICE, Opaque Remote Desktop Clients
Realvnc client is no longer available (apparently) and I have  been using it for years along with Secure Shell in my Chromebook to VNC into my Centos 7 server through an SSH tunnel using a certificate.  Your bVNC seems like maybe the only viable substitute since I am using Chromebook and not Android.  It seems I should be able to create the tunnel and then connect over port 5901 to my VNC server all in the same application but after much testing I'm getting the following error: 

"The VNC Server is trying to use Anonymous Diffie-Hellman ciphers which are not supported on your Android device.  If using GNOME's Vino VNC server, you can disable anonTLS by running the following command in a terminal ant the restarting: "gsettings set org.gnome.Vino require-encryption false".  If running x11vnc, you can add the following options: "-vencrypt.nodh:only -ssl".

It's possible that I am still mis-configured I guess.  I'm using connection type: "Secure VNC over SSH" pointing to my SSH server on port 22, then generating a certificate and copying the public cert to authorized_keys on my server, then pointing to localhost port 5901, which at least gets me to the server.  I'm running TigerVNC server on my Centos box and it's been faultless for many years.  Do you have any idea how I can get around this using bVNC?  I must be missing something obvious since I would expect this is a simple operation done frequently from a Chromebook.   

iior...@gmail.com

unread,
Nov 13, 2021, 12:23:15 PM11/13/21
to bVNC, aRDP, aSPICE, Opaque Remote Desktop Clients
This is an issue with the configuration of the server you are running on your Centos 7 server.

If that server is Vino, all you should need to do is to configure it to disable the AnonTLS Diffie-Hellman ciphers.

Example:

Command you should run as "yourself" on the server:
gsettings set org.gnome.Vino require-encryption false

If you're not using Vino (built-in gnome VNC server), let us know what server you do use.

Thanks!
iordan
Reply all
Reply to author
Forward
0 new messages