From owner-freebsd-questions Wed Sep 11 20:10:12 2002 Delivered-To: freebsd-questions@freebsd.org Received: from mx1.FreeBSD.org (mx1.FreeBSD.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 96E1237B400 for ; Wed, 11 Sep 2002 20:10:09 -0700 (PDT) Received: from dan.emsphone.com (dan.emsphone.com [199.67.51.101]) by mx1.FreeBSD.org (Postfix) with ESMTP id 0FD3D43E6E for ; Wed, 11 Sep 2002 20:10:09 -0700 (PDT) (envelope-from dan@dan.emsphone.com) Received: (from dan@localhost) by dan.emsphone.com (8.12.6/8.12.5) id g8C3A8JJ061450; Wed, 11 Sep 2002 22:10:08 -0500 (CDT) (envelope-from dan) Date: Wed, 11 Sep 2002 22:10:08 -0500 From: Dan Nelson To: Rob B Cc: erk! , freebsd-questions@FreeBSD.ORG Subject: Re: tridiavnc security info? Message-ID: <20020912031008.GB13261@dan.emsphone.com> References: <20020911090529.C7198@seekingfire.com> <20020911090529.C7198@seekingfire.com> <5.1.0.14.2.20020912123436.03b4dec0@pop.ozemail.com.au> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <5.1.0.14.2.20020912123436.03b4dec0@pop.ozemail.com.au> X-OS: FreeBSD 5.0-CURRENT X-message-flag: Outlook Error User-Agent: Mutt/1.5.1i Sender: owner-freebsd-questions@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.ORG In the last episode (Sep 12), Rob B said: > At 08:55 11/09/2002 -0700, erk! sent this up the stick: > > i'm curious, however, if anyone knows of specific security issues > > to watch for/protect against when doing this. i'm not so worried > > about whether or not the windows box gets compromised, but i'd like > > to keep my freebsd box, which is my main desktop, protected as much > > as possible. i'm not familiar at all with the method that tridia > > uses to connect remotely, so any info here would be appreciated. > > AFAIK, all passwords used to connect to VNC are in the clear, so I > tunnel my VNC client through an ssh session. No, authentication is via a challenge-response method. Question 55 in the VNC faq http://www.uk.research.att.com/vnc/faq.html#q55 . The rest of the stream is unencrypted though, so an ssh tunnel is still a good idea. -- Dan Nelson dnelson@allantgroup.com To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message