|reply to jaynick |
Re: How to secure VNC and port 5900
You can make it as complicated as you want using SSH tunneling or a VPN, etc... or you can just use the built in features in UltraVNC. That is of course if your computers run on Windows.
UltraVNC already has a feature that allows you to use their DSM plugin (Data Stream Modification) for 128 bit encryption using an RC4 random key. No additional software needed. It will even let you generate a random RC4 key right within the admin properties.
You generate the key and keep one copy on the server and one on the client. If the key is not present on both computers, the connection fails, period.
If the key is present on both, they connect but you still need to login with a password. To bypass the 8 character password limit simply require MS Logon, in which case you can choose one of the users on the server and give it access. The access could even be limited to view only or interact or full access. It could even be a guest account. Your choice. And of course that account could have a very very long password too as opposed to just 8 characters. Not that it's really necessary when you're using the RC4 key.
You can catch the Devil, but you can't hold him long.
@Wildcatboy -- you are right about Ultr@VNC being able to use encryption plugins. Unfortunately Ultr@VNC is Windows-only, so if you want to use VNC to control a Mac or a Linux or a *BSD box, you must use some other flavour of VNC tunnelled over SSH or through a VPN for security.