From owner-freebsd-questions Wed Aug 23 6:33:19 2000 Delivered-To: freebsd-questions@freebsd.org Received: from c528925-a.plano1.tx.home.com (c528925-a.plano1.tx.home.com [24.21.161.123]) by hub.freebsd.org (Postfix) with ESMTP id B8AB037B423 for ; Wed, 23 Aug 2000 06:33:10 -0700 (PDT) Received: from kreska.org (c528925-a.plano1.tx.home.com [24.21.161.123]) by c528925-a.plano1.tx.home.com (8.9.3/8.9.3) with ESMTP id IAA24396; Wed, 23 Aug 2000 08:33:07 -0500 (CDT) (envelope-from jeff@kreska.org) Message-ID: <39A3D272.54175CB7@kreska.org> Date: Wed, 23 Aug 2000 08:32:34 -0500 From: Jeff X-Mailer: Mozilla 4.73 [en] (WinNT; U) X-Accept-Language: en MIME-Version: 1.0 To: Mike Meyer Cc: John Murphy , questions@FreeBSD.ORG Subject: Re: starting vncserver in /usr/local/etc/rc.d References: <14755.30505.152520.483281@guru.mired.org> Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit Sender: owner-freebsd-questions@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.ORG Mike Meyer wrote: > John Murphy writes: > > I'm trying to get vncserver to start automatically at boot. > > Have you carefully considered the security implications of doing this? > On the face of it, it sounds like you're doing the equivalent of > logging in as root via telnet (with no encryption). Come to think of > it, it's probably worse than that - where does vncserver log bad > password attempts? > > If that's the case, it would be much (much, *much*) better to enable > sshd, then ssh in forwarding the VNC port, and start vncserver from > there. That's what I typically do when I need to do that kind of > thing. > If you block port's in the 5900's from outside access and then use ssh it is pretty secure. This is what I do, but I try and start the vncserver as user blah at startup and the only thing that shows up when I connect to the server is the X background. If I run the same script that starts the server in rc.d after initialization it works fine. To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message