How can i encrypt TigerVNC
107 views
Skip to first unread message
Jarhead87x
May 18, 2023, 3:48:52 PM5/18/23
to TigerVNC User Discussion/Support
Hello,
does anyone know any guide how i can encrypt the communication and authentication in tigervncserver and client?
I know tigervnc supports some SecurityTypes but i cant find any good guide how to enable this. I dont wanna use tunneling over SSH. I am using Rocky Linux.
Hopefully somebody can help me .
BR
Jarhead
Patrick Begou
May 19, 2023, 3:48:22 AM5/19/23
to Jarhead87x, tigervn...@googlegroups.com
Le 18/05/2023 à 21:48, Jarhead87x a
écrit :
Hello,
does anyone know any guide how i can encrypt the communication and authentication in tigervncserver and client?
I know tigervnc supports some SecurityTypes but i cant find any good guide how to enable this. I dont wanna use tunneling over SSH. I am using Rocky Linux.
Why not tunneling over ssh ?
On all my vncservers hosts, I only open the ssh port in the firewall and users are running:
vncviewer -via server :session
where server is the hostname of the vncserver and session the id of the vncserver session.
This is very easy to use and with a small additionnal setup you
can go throught a front-end node (when accessing internals servers
from outside of the LAN). It works with Linux hosts, Mac and
windows+MobaXterm.
Patrick
Hopefully somebody can help me .
BRJarhead
--
You received this message because you are subscribed to the Google Groups "TigerVNC User Discussion/Support" group.
To unsubscribe from this group and stop receiving emails from it, send an email to tigervnc-user...@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/tigervnc-users/2ebe35ec-dcbb-4b84-a3d5-9ab660b9a16cn%40googlegroups.com.
Jarhead87x
May 19, 2023, 10:18:50 AM5/19/23
to TigerVNC User Discussion/Support
Hello,
i want to use the builtin securityTypes fromTigerVNC.
SSHTunneling is ok for own usage but it's not when you have to deal with foreign people.
Yesterday i analyzed the network traffic via wireshark and realized that the communication is secured by TLSv1.2, when you change the SecurityType in TigerVNC and client to TLS
Client and Server only exchange TCP and TLSv1.2 packages
...
TLSv1.2 Record Layer: Change Cipher Spec Protocol: Change Cipher Spec
Content Type: Change Cipher Spec (20)
Version: TLS 1.2 (0x0303)
Length: 1
Change Cipher Spec Message
Content Type: Change Cipher Spec (20)
Version: TLS 1.2 (0x0303)
Length: 1
Change Cipher Spec Message
...
But when you change SecurityType for example to NONE then only TCP and VNC Packages are exchanged betweend client and server.
So my conclusion is, that changing the SecurityType to TlsAuth for example should bring enough encryption.
BR
David Bolton
May 19, 2023, 10:58:14 AM5/19/23
to tigervn...@googlegroups.com
BR,
I wrote up some instructions on the
wiki a few years back that may be helpful:
https://github.com/TigerVNC/tigervnc/wiki/Secure-your-connection
David
To view this discussion on the web visit https://groups.google.com/d/msgid/tigervnc-users/aeba1487-abd0-4046-9857-a72a067078dcn%40googlegroups.com.
Reply all
Reply to author
Forward
0 new messages