How can i encrypt TigerVNC

134 views
Skip to first unread message

Jarhead87x

unread,
May 18, 2023, 3:48:52 PM5/18/23
to TigerVNC User Discussion/Support
Hello, 

does anyone know any guide how i can encrypt the communication and authentication in tigervncserver and client?

I know tigervnc supports some SecurityTypes but i cant find any good guide how to enable this. I dont wanna use tunneling over SSH. I am using Rocky Linux.

Hopefully somebody can help me .

BR
Jarhead 

Patrick Begou

unread,
May 19, 2023, 3:48:22 AM5/19/23
to Jarhead87x, tigervn...@googlegroups.com
Le 18/05/2023 à 21:48, Jarhead87x a écrit :
Hello, 

does anyone know any guide how i can encrypt the communication and authentication in tigervncserver and client?

I know tigervnc supports some SecurityTypes but i cant find any good guide how to enable this. I dont wanna use tunneling over SSH. I am using Rocky Linux.

Why not tunneling over ssh ?

On all my vncservers hosts, I only open the ssh port in the firewall and users are running:

vncviewer -via server :session

where server is the hostname of the vncserver and session the id of the vncserver session.

This is very easy to use and with a small additionnal setup you can go throught a front-end node (when accessing internals servers from outside of the LAN). It works with Linux hosts, Mac and windows+MobaXterm.

Patrick


Hopefully somebody can help me .

BR
Jarhead 
--
You received this message because you are subscribed to the Google Groups "TigerVNC User Discussion/Support" group.
To unsubscribe from this group and stop receiving emails from it, send an email to tigervnc-user...@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/tigervnc-users/2ebe35ec-dcbb-4b84-a3d5-9ab660b9a16cn%40googlegroups.com.


Jarhead87x

unread,
May 19, 2023, 10:18:50 AM5/19/23
to TigerVNC User Discussion/Support
Hello,

i want to use the builtin securityTypes fromTigerVNC.

SSHTunneling is ok for own usage but it's not when you have to deal with foreign people. 

Yesterday i analyzed the network traffic via wireshark and realized that the communication is secured by TLSv1.2, when you change the SecurityType in TigerVNC and client to TLS 
Client and Server only exchange TCP and TLSv1.2 packages

...
 TLSv1.2 Record Layer: Change Cipher Spec Protocol: Change Cipher Spec
            Content Type: Change Cipher Spec (20)
            Version: TLS 1.2 (0x0303)
            Length: 1
            Change Cipher Spec Message
...

But when you change SecurityType for example to NONE then only TCP and VNC Packages are exchanged betweend client and server.

So my conclusion is, that changing the SecurityType to TlsAuth for example should bring enough encryption.

BR 

David Bolton

unread,
May 19, 2023, 10:58:14 AM5/19/23
to tigervn...@googlegroups.com
BR,

I wrote up some instructions on the wiki a few years back that may be helpful: https://github.com/TigerVNC/tigervnc/wiki/Secure-your-connection

David
Reply all
Reply to author
Forward
0 new messages