[K12OSN] Looking for wisdom of the masses

Rob Owens rowens at ptd.net
Fri Feb 1 23:17:16 UTC 2008

On Fri, Feb 01, 2008 at 11:46:19AM -0400, John Lucas wrote:
> Doug Simpson wrote:
> >Just let them use vncviewer and connect that way. . . Works for me. . .
> >
> >They'll have to come in through the public IP unless they are inside. . .
> >
> >Doug
> >
> VNC passes session traffic "in the clear" (without encryption). While you 
> can tunnel VNC in SSH, it is clumsy to set up and not very efficient.
> NX/freenx uses SSH for transport (strong encryption) and is uses bandwidth 
> more efficiently as well, using aggressive compresstion and caching to make 
> the sesstion more responsive.
> Opening (port forwarding) the SSH service to the Internet can be a security 
> problem. If possible I would restrict which users can use SSH and make sure 
> those users have "good" passwords; not vulnerable to dictionary attacks. 
> Also make sure that SSH is up-to-date and keep it that way, plus turn off 
> VNC version 1 capability.
FreeNX allows you to use a separate password file for authentication, so you can have easy-to-remember passwords for local access, but harder ones for NX authentication.  I forget where you set it, but I've used it successfully on a machine that does not allow ssh password authentication.


More information about the K12OSN mailing list