[K12OSN] Looking for wisdom of the masses
Rob Owens
rowens at ptd.net
Fri Feb 1 23:17:16 UTC 2008
On Fri, Feb 01, 2008 at 11:46:19AM -0400, John Lucas wrote:
> Doug Simpson wrote:
> >Just let them use vncviewer and connect that way. . . Works for me. . .
> >
> >They'll have to come in through the public IP unless they are inside. . .
> >
> >Doug
> >
>
> VNC passes session traffic "in the clear" (without encryption). While you
> can tunnel VNC in SSH, it is clumsy to set up and not very efficient.
>
> NX/freenx uses SSH for transport (strong encryption) and is uses bandwidth
> more efficiently as well, using aggressive compresstion and caching to make
> the sesstion more responsive.
>
> Opening (port forwarding) the SSH service to the Internet can be a security
> problem. If possible I would restrict which users can use SSH and make sure
> those users have "good" passwords; not vulnerable to dictionary attacks.
> Also make sure that SSH is up-to-date and keep it that way, plus turn off
> VNC version 1 capability.
>
FreeNX allows you to use a separate password file for authentication, so you can have easy-to-remember passwords for local access, but harder ones for NX authentication. I forget where you set it, but I've used it successfully on a machine that does not allow ssh password authentication.
-Rob
More information about the K12OSN
mailing list