![]() The long list of no-xyz statements disallow them from doing just about anything except connect to a VNC server.īecause the Internet is a high speed public network, an attacker anywhere in the world could connect to an unsecured VNC server and start guessing passwords at a rate of thousands per minute. This will allow the specified person to log in to your computer using your username and their public key instead of your password. As discussed in the SSH guide, you can limit the SSH features that each public key can use - typically, a user that should only have VNC access would have a line like the following in authorized_keys:Ĭommand="/bin/sleep 4294967295",no-agent-forwarding,no-pty,no-user-rc,no-X11-forwarding,permitopen="localhost:5900" If a small group of people regularly want to access your desktop, the best solution might be to set up an SSH server, then add their public keys to your authorized_keys file, with very limited rights. When you have set up your SSH and VNC servers, you can use SSH to log in to your computer over the Internet, start your VNC server, and use port-forwarding to securely access the VNC server. ![]() Instead, you should set an SSH server up as discussed in the SSH guide and configure a VNC server that you can start in so-called once mode. Helping someone via VNC over the InternetĪ common usage scenario is helping another Ubuntu user over the internet via screen sharing.Īlthough VNC has some optional security features, you should not run VNC directly over an untrusted network like the Internet. If you're connecting to a client behind a firewall, you may need to use Reverse VNC instead. To use VNC, a VNC server must be run on the computer sharing the desktop, and a VNC client must be run on the computer that will access the shared desktop. VNC is a protocol that allows a desktop to be viewed and controlled remotely over the Internet. ![]()
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |