Firewall with snorf, guardian,acid squid but all that goes down the drain using vnc
Linux - SecurityThis forum is for all security related questions.
Questions, tips, system compromises, firewalls, etc. are all included here.
Notices
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Get a virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells! With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use.
Exclusive for LQ members, get up to 45% off per month. Click here for more info.
Firewall with snorf, guardian,acid squid but all that goes down the drain using vnc
Firewall with snorf, guardian,acid squid but all that goes down the drain using vnc
Greatings!
I have just finished a firewall with snorf, guardian,acid,squid,md5checksum,high secure firewall script and etc.
But here is the thing, the Presidente of the company uses VNC to access his windows computer, and the vice-president uses VNC on linux, but vnc does not have encryption. There are other vnc alternatives with low encryption, but still unsafe. I know that you can use ssh to tunel the vnc conection. But it there how to make the firewall redirect this conection to a windows machine?
And even so, to use this ssh tunel, I have to leave the vnc port open in the firewall.
I'm open to sugetions on other kind of remote conections, I'm really open to any kind of sugestions since all my work will be lost if the hacker tries to conect on the vnc port.
VNC over ssh works by establishing an ssh connection between the two machines and then transmitting the VNC data through the tunnel. Once the data reaches the end-point, it's redirected locally to the VNC port. So you actually don't need to have VNC ports open on the external firewall, just the ssh ports. In most cases you will need to modify the windows ssh client settings in order to establish the ssh tunnel, but I'd imagine you could create a batch script to launch the tunnel on startup so that it would be pretty much transparent to the client.
But how would I make the vnc client point to the network machine with the vncserver?
You don't. VNC listens on localhost (meaning it's listening for local traffic), ssh then forwards the VNC traffic to the VNC ports on localhost. The only thing connecting machine A to machine B is the ssh tunnel.
Because windows does not have a ssh server...
You don't need an ssh server on windows to do this, just an ssh client. I've done this with the ssh client software from ssh.com, but I'd imagine PuTTY can do this too. The windows client then establishes a secure tunnel to the ssh server on the linux box. The VNC traffic gets piped through the tunnel and then ssh forwards the traffic locally to the VNC viewer (so you can think of VNC as being connected to the local ssh software rather than to a remote machine).
Take a look at this guide. The hardest part is figuring out which ports and display numbers to use. I'd also recommend starting out by getting VNC working by itself first and then adding in the ssh tunnel.
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.
