4 VNC security

Because a VNC connection is essentially remote control channel between two computers, its security is quite essential. Although VNC has its own built-in initial password authentication mechanism, it is hardly sufficient. This is because a packet sniffer can intercept the transmission between the computers, can figure out screen displays as well as key strokes.

This is why many VNC connections are tunneled through an SSH connection. This is how it is done.

• Pick a machine that can connect to the machine that runs the VNC server (can be the same machine), run SSH (secure shell). Make sure port forwarding is permitted.
• Run VNC server on the machine that needs to be controled by VNC server.
• On the machine to remotely control the VNC server, run the following command ssh -L 5901:<hostname>:5900 <usename>@<sshserver>
  • <hostname> is the name or IP address of the machine running the VNC server from the perspective of the machine running the SSH server.
  • If the same machine runs the VNC server and the SSH server, then <hostname> should be localhost.
  • This command makes a connection to the machine running the SSH server, but it also uses it to relay port 5900 (a default VNC port) on the machine running the VNC server to port 5901 (a popular alternate VNC port) of the machine running the SSH client.
• On the machine to remotely control the VNC server, run vncviewer localhost:1.

For example, let’s say I want to remotely control my office computer from home. My office computer is not internet visible, but it is visible from another server on campus, let’s say it is honeypot.arc.losrios.edu. Furthermore, I have an account on that machine, and it has SSH enabled. My own office machine is known as 192.168.23.16 from the perspective of honeypot.arc.losrios.edu.

At home, I first run the ssh command ssh -L 5901:192.168.23.16:5900 tak@honeypot.arc.losrios.edu. This connect me to the internet visible computer on campus. Next, from the SSH prompt, I log in to 192.168.23.16 and make sure some kind of VNC server is running at port 5600. Most VNC servers by default use port 5600.

With the SSH session active, then I run a VNC client, such as vncviewer localhost:1. Although this command seems to connect to the local host itself, port 5601 of the local host is already “wormholed” to port 5600 of 192.168.23.16 from the perpective of honeypot.arc.losrios.edu. If all goes well, I should optionally get a password prompt (for the VNC password), then be able to remote control using VNC.