1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
338
339
340
341
342
343
344
345
346
347
348
349
350
351
352
353
354
355
356
357
358
359
360
361
362
363
364
365
366
367
368
369
370
371
372
373
374
375
376
377
378
379
380
381
382
383
384
385
386
387
388
389
390
391
392
393
394
395
396
397
398
399
400
401
402
403
404
405
406
407
408
409
410
411
412
413
414
415
416
417
418
419
420
421
422
423
424
425
426
427
428
429
430
431
432
433
434
435
436
437
438
439
440
441
442
443
444
445
446
447
448
449
450
451
452
453
454
455
456
457
458
459
460
461
462
463
464
465
466
467
468
469
470
471
472
473
474
475
476
477
478
479
480
481
482
483
484
485
486
487
488
489
490
491
492
493
494
495
496
497
498
499
500
501
502
503
504
505
506
507
508
509
510
511
512
513
514
515
516
517
518
519
520
521
522
523
524
525
526
527
528
529
530
531
532
533
534
535
536
537
538
539
540
541
542
543
544
545
546
547
548
549
550
551
552
553
554
555
556
557
558
559
560
561
562
563
564
565
566
567
568
569
570
571
572
573
574
575
576
577
578
579
580
581
582
583
584
585
586
587
588
589
590
591
592
593
594
595
596
597
598
599
600
601
602
603
604
605
606
607
608
609
610
611
612
613
614
615
616
617
618
619
620
621
622
623
624
625
626
627
628
629
630
631
632
633
634
635
636
637
638
639
640
641
642
643
644
645
646
647
648
649
650
651
652
653
654
655
656
657
658
659
660
661
662
663
664
665
666
667
668
669
670
671
672
673
674
675
676
677
678
679
680
681
682
683
684
685
686
687
688
689
690
691
692
693
694
695
696
697
698
699
700
701
702
703
704
705
706
707
708
709
710
711
712
713
714
715
716
717
718
719
720
721
722
723
724
725
726
727
728
729
730
731
732
733
734
735
736
737
738
739
740
741
742
743
744
745
746
747
748
749
750
751
752
753
754
755
756
|
Enhanced TightVNC Viewer (SSVNC: SSL/SSH VNC viewer)
Copyright (c) 2006-2009 Karl J. Runge <runge@karlrunge.com>
All rights reserved.
These bundles provide 1) An enhanced TightVNC Viewer on Unix, 2) Binaries
for many Operating Systems (including Windows and Mac OS X) for your
convenience, 3) Wrapper scripts and a GUI for gluing them all together.
One can straight-forwardly download all of the components and get them
to work together by oneself: this bundle is mostly for your convenience
to combine and wrap together the freely available software.
Bundled software co-shipped is copyright and licensed by others.
See these sites and related ones for more information:
http://www.tightvnc.com
http://www.realvnc.com
http://stunnel.mirt.net
http://www.stunnel.org
http://www.openssl.org
http://www.chiark.greenend.org.uk/~sgtatham/putty/
http://sourceforge.net/projects/cotvnc/
Note: Some of the binaries included contain cryptographic software that
you may not be allowed to download, use, or redistribute. Please check
your situation first before downloading any of these bundles. See the
survey http://rechten.uvt.nl/koops/cryptolaw/index.htm for useful
information.
All work done by Karl J. Runge in this project is
Copyright (c) 2006-2008 Karl J. Runge and is licensed under the GPL as
described in the file COPYING in this directory.
All the files and information in this project are provided "AS IS"
without any warranty of any kind. Use them at your own risk.
=============================================================================
This bundle contains a convenient collection of enhanced TightVNC
viewers and stunnel binaries for different flavors of Unix and wrapper
scripts and a GUI front-end to glue them together. Automatic SSL and
SSH encryption tunnelling is provided.
A Windows SSL wrapper for the bundled TightVNC binary and other utilities
are provided. (Launch ssvnc.exe in the Windows subdirectory).
The short name of the project is "ssvnc" for SSL/SSH VNC Viewer.
It is a self-contained bundle, you could carry it around on, say,
a USB memory stick for secure VNC viewing from almost any machine,
Unix, Mac, or Windows.
Features:
--------
The enhanced TightVNC viewer features are:
- SSL support for connections using the bundled stunnel program.
- Automatic SSH connections from the GUI (ssh must already be
installed on Unix; bundled plink is used on Windows)
- Ability to Save and Load VNC profiles for different hosts.
- You can also use your own VNC Viewer, e.g. UltraVNC or RealVNC,
with the front-end GUI or scripts if you like.
- Create or Import SSL Certificates and Private Keys.
- Reverse (viewer listening) VNC connections via SSL and SSH.
- VeNCrypt SSL/TLS VNC encryption support (used by VeNCrypt,
QEMU, ggi, libvirt/virt-manager/xen, vinagre/gvncviewer/gtk-vnc)
- ANONTLS SSL/TLS VNC encryption support (used by Vino)
- VeNCrypt and ANONTLS are also enabled for any 3rd party VNC
Viewer (e.g. RealVNC, TightVNC, UltraVNC ...) on Unix, MacOSX,
and Windows via the provided SSVNC VeNCrypt Viewer Bridge tool
(use 'Change VNC Viewer' to select the one you want.)
- Support for Web Proxies, SOCKS Proxies, and the UltraVNC
repeater proxy (e.g. repeater://host:port+ID:1234). Multiple
proxies may be chained together (3 max).
- Support for SSH Gateway connections and non-standard SSH ports.
- Automatic Service tunnelling via SSH for CUPS and SMB Printing,
ESD/ARTSD Audio, and SMB (Windows/Samba) filesystem mounting.
- Sets up any additional SSH port redirections that you want.
- Zeroconf (aka Bonjour) is used on Unix and Mac OS X to find
VNC servers on your local network if the avahi-browse or dns-sd
program is available and in your PATH.
- Port Knocking for "closed port" SSH/SSL connections. In addition
to a simple fixed port sequence and one-time-pad implementation,
a hook is also provided to run any port knocking client before a
connecting.
- Support for native MacOS X usage with bundled Chicken of the
VNC viewer (the Unix X11 viewer is also provided for MacOS X,
and is better IMHO).
- Dynamic VNC Server Port determination and redirection (using
ssh's builtin SOCKS proxy, -D) for servers like x11vnc that
print out PORT= at startup.
- Unix Username and Password entry for use with "x11vnc -unixpw"
type login dialogs.
- Simplified mode launched by command "sshvnc" that is SSH Only.
- Simplified mode launched by command "tsvnc" that provides a VNC
"Terminal Services" mode (uses x11vnc on the remote side).
(the following features only apply to the bundled Unix tightvnc viewer
including MacOS X)
- rfbNewFBSize VNC support (screen resizing)
- Client-side Scaling of the Viewer.
- ZRLE VNC encoding support (RealVNC's encoding)
- Support for the ZYWRLE encoding, a wavelet based extension to
ZRLE to improve compression of motion video and photo regions.
- TurboVNC support (VirtualGL's modified TightVNC encoding;
requires TurboJPEG library)
- Pipelined Updates of the framebuffer as in TurboVNC (asks for
the next update before the current one has finished downloading;
this gives some speedup on high latency connections.)
- Cursor alphablending with x11vnc at 32bpp (-alpha option)
- Option "-unixpw ..." for use with "x11vnc -unixpw" login dialogs.
- Support for UltraVNC extensions: Single Window, Disable
Server-side Input, 1/n Server side scaling, Text Chat (shell
terminal UI). Both UltraVNC and x11vnc servers support these
extensions
- UltraVNC File Transfer via an auxiliary Java helper program
(java must be in $PATH). Note that the x11vnc server supports
UltraVNC file transfer.
- Connection support for the UltraVNC repeater proxy (-repeater
option).
- Support for UltraVNC Single Click operation. (both unencrypted:
SC I, and SSL encrypted: SC III)
- Support for UltraVNC DSM Encryption Plugin mode. (ARC4 and
AESV2, MSRC4, and SecureVNC)
- Support for UltraVNC MS-Logon authentication (NOTE: the
UltraVNC MS-Logon key exchange implementation is very weak; an
eavesdropper on the network can recover your Windows password
easily in a few seconds; you need to use an additional encrypted
tunnel with MS-Logon.)
- Support for symmetric encryption (including blowfish and 3des
ciphers) to Non-UltraVNC Servers. Any server using the same
encryption method will work, e.g.: x11vnc -enc blowfish:./my.key
- Instead of hostname:display one can also supply "exec=command
args..." to connect the viewer to the stdio of an external command
(e.g. stunnel or socat) rather than using a TCP/IP socket. Unix
domain sockets, e.g. /path/to/unix/socket, and a previously
opened file descriptor fd=0, work too.
- Local Port Protections for STUNNEL and SSH: avoid having for
long periods of time a listening port on the the local (VNC
viewer) side that redirects to the remote side.
- Reverse (viewer listening) VNC connections can show a
Popup dialog asking whether to accept the connection or not
(-acceptpopup.) The extra info provided by UltraVNC Single Click
reverse connections is also supported (-acceptpopupsc)
- Extremely low color modes: 64 and 8 colors in 8bpp
(-use64/-bgr222, -use8/-bgr111)
- Medium color mode: 16bpp mode even for 32bpp Viewer display
(-16bpp/-bgr565)
- x11vnc's client-side caching -ncache method cropping option
(-ycrop n). This will "hide" the large pixel buffer cache
below the actual display. Set to actual height or use -1 for
autodetection (tall screens are autodetected by default).
- Escape Keys: enable a set of modifier keys so when they
are all pressed down you can invoke Popup menu actions via
keystrokes. I.e., a set of 'Hot Keys'. One can also pan (move)
the desktop inside the viewport via Arrow keys or a mouse drag.
- Scrollbar width setting: -sbwidth n, the default is very thin,
2 pixels, for less distracting -ycrop usage.
- Selection text sending and receiving can be fine-tuned with the
-sendclipboard, -sendalways, and -recvtext options.
- TightVNC compression and quality levels are automatically set
based on observed network latency (n.b. not bandwidth.)
- Improvements to the Popup menu, all of these can now be changed
dynamically via the menu: ViewOnly, Toggle Bell, CursorShape
updates, X11 Cursor, Cursor Alphablending, Toggle Tight/ZRLE,
Toggle JPEG, FullColor/16bpp/8bpp (256/64/8 colors), Greyscale
for low color modes, Scaling the Viewer resolution, Escape Keys,
Pipeline Updates, and others, including UltraVNC extensions.
- Maintains its own BackingStore if the X server does not
- The default for localhost:0 connections is not raw encoding
(local machine). Default assumes you are using SSH tunnel. Use
-rawlocal to revert.
- XGrabServer support for fullscreen mode, for old window managers
(-grab/-graball option).
- Fix for Popup menu positioning for old window managers
(-popupfix option).
- Run vncviewer -help for all options.
The list of software bundled in the archive files:
TightVNC Viewer (windows, unix, macosx)
Chicken of the VNC Viewer (macosx)
Stunnel (windows, unix, macosx)
Putty/Plink/Pageant (windows)
OpenSSL (windows)
esound (windows)
These are all self-contained in the bundle directory: they will not be
installed on your system. Just un-zip or un-tar the file you downloaded
and run it straight from its directory.
Quick Start:
-----------
Unix and Mac OS X:
Inside a Terminal do something like the following.
Unpack the archive:
% gzip -dc ssvnc-1.0.27.tar.gz | tar xvf -
Run the GUI:
% ./ssvnc/Unix/ssvnc (for Unix)
% ./ssvnc/MacOSX/ssvnc (for Mac OS X)
The smaller file "ssvnc_no_windows-1.0.27.tar.gz"
could have been used as well.
On MacOSX you could also click on the SSVNC app icon in the Finder.
On MacOSX if you don't like the Chicken of the VNC (e.g. no local
cursors, no screen size rescaling, and no password prompting), and you
have the XDarwin X server installed, you can set DISPLAY before starting
ssvnc (or type DISPLAY=... in Host:Disp and hit Return). Then our
enhanced TightVNC viewer will be used instead of COTVNC.
Update: there is now a 'Use X11 vncviewer on MacOSX' under Options ...
If you want a SSH-only tool (without the distractions of SSL) run
the command:
sshvnc
instead of "ssvnc". Or click "SSH-Only Mode" under Options.
Control-h will toggle between the two modes.
If you want a simple VNC Terminal Services only mode (requires x11vnc
on the remote server) run the command:
tsvnc
instead of "ssvnc". Or click "Terminal Services" under Options.
Control-t will toggle between the two modes.
"tsvnc profile-name" and "tsvnc user@hostname" work too.
Unix/MacOSX Install:
There is no standard install for the bundles, but you can make
symlinks like so:
cd /a/directory/in/PATH
ln -s /path/to/ssvnc/bin/{s,t}* .
Or put /path/to/ssvnc/bin, /path/to/ssvnc/Unix, or /path/to/ssvnc/MacOSX
in your PATH.
For the conventional source tarball it will compile and install, e.g.:
gzip -dc ssvnc-1.0.27.src.tar.gz | tar xvf -
cd ssvnc-1.0.27
make config
make all
make PREFIX=/my/install/dir install
then have /my/install/dir/bin in your PATH.
Windows:
Unzip, using WinZip or a similar utility, the zip file:
ssvnc-1.0.27.zip
Run the GUI, e.g.:
Start -> Run -> Browse
and then navigate to
.../ssvnc/Windows/ssvnc.exe
select Open, and then OK to launch it.
The smaller file "ssvnc_windows_only-1.0.27.zip"
could have been used as well.
You can make a Windows shortcut to this program if you want to.
See the Windows/README.txt for more info.
If you want a SSH-only tool (without the distractions of SSL) run
the command:
sshvnc.bat
Or click "SSH-Only Mode" under Options.
If you want a simple VNC Terminal Services only mode (requires x11vnc
on the remote server) run the command:
tsvnc.bat
Or click "Terminal Services" under Options. Control-t will toggle
between the two modes. "tsvnc profile-name" and "tsvnc user@hostname"
work too.
Important Note for Windows Vista: One user reports that on Windows Vista
if you move or extract the "ssvnc" folder down to the "Program Files"
folder you will be prompted to do this as the Administrator. But then
when you start up ssvnc, as a regular user, it cannot create files in
that folder and so it fails to run properly. We recommend to not copy
or extract the "ssvnc" folder into "Program Files". Rather, extract
it to somewhere you have write permission (e.g. C:\ or your User dir)
and create a Shortcut to ssvnc.exe on the desktop.
If you must put a launcher file down in "Program Files", perhaps an
"ssvnc.bat" that looks like this:
C:
cd \ssvnc\Windows
ssvnc.exe
SSH-ONLY Mode:
--------------
If you don't care for SSL and the distractions it provides in the GUI,
run "sshvnc" (unix/macosx) or "sshvnc.bat" (windows) to run an SSH only
version of the GUI.
Terminal Services Mode
----------------------
There is an even simpler mode that uses x11vnc on the remote side for the
session finding and management. Run "tsvnc" (unix/macosx) or "tsvnc.bat"
(windows) to run the Terminal Services version of the GUI.
Bundle Info:
------------
The bundle files unpack a directory/folder named: ssvnc
It contains these programs to launch the GUI:
Windows/ssvnc.exe for Windows
MacOSX/ssvnc for Mac OS X
Unix/ssvnc for Unix
(the Mac OS X and Unix launchers are simply links to the bin directory).
Your bundle file should have included binaries for many OS's: Linux,
Solaris, FreeBSD, etc. Unpack your archive and see the subdirectories of
./bin
for the ones that were shipped in this project, e.g. ./bin/Linux.i686
Run "uname -sm" to see your OS+arch combination (n.b. all Linux x86 are
mapped to Linux.i686). (See the ./bin/ssvnc_cmd -h output for how to
override platform autodection via the UNAME env. var).
Memory Stick Usage:
-------------------
If you create a directory named "Home" in that toplevel ssvnc directory
then that will be used as the base for storing VNC profiles and
certificates. Also, for convenience, if you first run the command with
"." as an argument (e.g. "ssvnc .") it will automatically create that
"Home" directory for you. This is handy if you want to place SSVNC
on a USB flash drive that you carry around for mobile use and you want
the profiles you create to stay with the drive (otherwise you'd have to
browse to the drive directory each time you load or save).
One user on Windows created a BAT file to launch SSVNC and needed to
do this to get the Home directory correct:
cd \ssvnc\Windows
start \ssvnc\Windows\ssvnc.exe
(an optional profile name can be supplied to the ssvnc.exe line)
WARNING: if you use ssvnc from an "Internet Cafe", i.e. an untrusted
computer, an intruder may be capturing keystrokes etc.
External Dependencies:
----------------------
On Windows everything is included. Let us know if you find otherwise.
On Unix depending on what you do you need these programs installed:
- basic unix utilities (sh, ls, cat, awk, sed, etc..)
- tcl/tk (wish interpreter)
- xterm
- perl
- ssh
- openssl
Lesser used ones: netcat, esd/artsd, smbclient, smbmount, cups
On Mac OS X depending on what you do you need these programs installed:
- basic unix utilities (sh, ls, cat, awk, sed, etc..)
- tcl/tk (wish interpreter)
- Terminal
- perl
- ssh
- openssl
Lesser used ones: netcat, smbclient, cups
Most Mac OS X and Unix OS come with the main components installed.
See the README.src for a more detailed description of dependencies.
TurboVNC Support:
----------------
TurboVNC is supported in an experimental way. To it build via the
build.unix script described in the next section, do something like:
env TURBOVNC='-L/DIR -Xlinker --rpath=/DIR -lturbojpeg' ./build.unix
where you replace /DIR with the directory where the libturbojpeg.so
(http://sourceforge.net/project/showfiles.php?group_id=117509&package_id=166100)
is installed.
You may not need to set rpath if libturbojpeg.so is installed in a
standard location or you use LD_LIBRARY_PATH to point to it.
See the turbovnc/README in the vnc_unixsrc/vncviewer directory for
more info. You can find it in the ssvnc source tarball and also
in:
src/zips/vnc_unixsrc_vncviewer.patched.tar
More TurboVNC features will be enabled in the future.
If you need to Build:
--------------------
If your OS/arch is not included or the provided binary has the wrong
library dependencies, etc. the script "build.unix" may be able to
successfully build on for you and deposit the binaries down in ./bin/...
using the included source code. It is a hack but usually works.
You MUST run the build.unix script from this directory (that this toplevel
README is in, i.e "ssvnc") and like this:
./build.unix
To use custom locations for libraries see the LDFLAGS_OS and CPPFLAGS_OS
description at the top of the build.unix script.
You can set these env. vars to customize the build:
SSVNC_BUILD_NO_STATIC=1 do not try to statically link libs
SSVNC_BUILD_FORCE_OVERWRITE=1 do not prompt about existing binaries
SSVNC_BUILD_SKIP_VIEWER=1 do not build vncviewer
SSVNC_BUILD_SKIP_STUNNEL=1 do not build stunnel
SSVNC_BUILD_ULTRAFTP=1 only build the file xfer helper jar
here is an example to build only the vncviewer and with normal library
linking (and in a more or less automated way):
env SSVNC_BUILD_NO_STATIC=1 SSVNC_BUILD_FORCE_OVERWRITE=1 SSVNC_BUILD_SKIP_STUNNEL=1 ./build.unix
Feel free to ask us if you need help running ./build.unix
Convential Build:
A more conventional source tarball is provided in ssvnc-x.y.z.src.tar.gz.
It uses a more or less familiar 'make config; make all; make PREFIX=path install'
method. It does not include stunnel, so that must be installed on the
system separately.
The programs:
------------
Unpack your archive, and you will see "bin", "Windows", "src" directories
and other files. The command line wrapper scripts:
./bin/ssvnc_cmd
./bin/tightvncviewer
are the main programs that are run and will try to autodetect your OS+arch
combination and if binaries are present for it automatically use them.
(if not found try the running the build.unix script).
If you prefer a GUI to prompt for parameters and then start ssvnc_cmd
you can run this instead:
./bin/ssvnc
this is the same GUI that is run on Windows (the ssvnc.exe).
There are also:
./bin/sshvnc (SSH-Only)
./bin/tsvnc (Terminal Services Mode)
For convenience, you can make symlinks from a directory in your PATH to
any of the 3 programs above you wish to run. That is all you usually
need to do for it to pick up all of the binaries, utils, etc. E.g.
assuming $HOME/bin is in your $PATH:
cd $HOME/bin
ln -s /path/to/ssvnc/bin/{s,t}* .
(note the "." at the end). The above commands is basically the way to
"install" this on Unix or MacOS X.
Also links to the GUI launcher script are provided in:
MacOSX/ssvnc
Unix/ssvnc
and sshvnc and tsvnc. You could also put the Unix or MacOSX directory
in your PATH.
On Windows unpack your archive and run:
Windows/ssvnc.exe
Examples:
--------
The following assume you are in the toplevel directory of the
archive you unpacked.
Use enhanced TightVNC unix viewer to connect to x11vnc via SSL:
./bin/ssvnc_cmd far-away.east:0
./bin/tightvncviewer -ssl far-away.east:0 (same)
./bin/ssvnc (start GUI launcher)
Use enhanced TightVNC unix viewer without SSL:
./bin/tightvncviewer far-away.east:0
Use SSL to connect to a x11vnc server, and also verify the server's
identity using the SSL Certificate in the file ./x11vnc.pem:
./bin/ssvnc_cmd -alpha -verify ./x11vnc.pem far-away.east:0
(also turns on the viewer-side cursor alphablending hack).
Brief description of the subdirectories:
---------------------------------------
./bin/util some utility scripts, e.g. ss_vncviewer
and ssvnc.tcl
./src source code and patches.
./src/zips zip files of source code and binaries.
./src/vnc_unixsrc unpacked tightvnc source code tree.
./src/stunnel-4.14 unpacked stunnel source code tree.
./src/patches patches to TightVNC viewer for the new
features on Unix (used by build.unix).
./src/tmp temporary build dir for build.unix
(the last four are used by build.unix)
./man man pages for TightVNC viewer and stunnel.
./Windows Stock TightVNC viewer and Stunnel, Openssl
etc Windows binaries. ssvnc.exe is the
program to run.
./MacOSX contains an unpacked Chicken of the VNC
viewer and a symlink to ssvnc.
./Unix contains a symlink to ssvnc.
Depending on which bundle you use not all of the above may be present.
The smallest bundles with binaries are:
ssvnc_windows_only-1.x.y.zip Windows
ssvnc_no_windows-1.x.y.tar.gz Unix and MacOSX
however, the tiny scripts only one (only 60KB) will run properly on Unix
as long as you install external vncviewer and stunnel packages:
ssvnc_unix_minimal-1.x.y.tar.gz
Untrusted Local Users:
---------------------
*IMPORTANT WARNING*: If you run SSVNC on a workstation or computer
that other users can log into and you DO NOT TRUST these users
(it is a shame but sometimes one has to work in an environment like
this), then please note the following warning.
By 'do not trust' we mean they might try to gain access to remote
machines you connect to via SSVNC. Note that an untrusted local
user can often obtain root access in a short amount of time; if a
user has achieved that, then all bets are off for ANYTHING that you
do on the workstation. It is best to get rid of Untrusted Local
Users as soon as possible.
Both the SSL and SSH tunnels set up by SSVNC listen on certain ports
on the 'localhost' address and redirect TCP connections to the remote
machine; usually the VNC server running there (but it could also be
another service, e.g. CUPS printing). These are the stunnel(8) SSL
redirection and the ssh(1) '-L' port redirection. Because 'localhost'
is used only users or programs on the same workstation that is
running SSVNC can connect to these ports, however this includes any
local users (not just the user running SSVNC.)
If the untrusted local user tries to connect to these ports, he may
succeed in varying degrees to gain access to the remote machine.
We now list some safeguards one can put in place to try to make this
more difficult to achieve.
It probably pays to have the VNC server require a password, even
though there has already been SSL or SSH authentication (via
certificates or passwords). In general if the VNC Server requires
SSL authentication of the viewer that helps, unless the untrusted
local user has gained access to your SSVNC certificate keys.
If the VNC server is configured to only allow one viewer connection
at a time, then the window of opportunity that the untrusted local
user can use is greatly reduced: he might only have a second or two
between the tunnel being set up and the SSVNC vncviewer connecting
to it (i.e. if the VNC server only allows a single connection, the
untrusted local user cannot connect once your session is established).
Similarly, when you disconnect the tunnel is torn down quickly and
there is little or no window of opportunity to connect (e.g. x11vnc
in its default mode exits after the first client disconnects).
Also for SSL tunnelling with stunnel(8) on Unix using one of the SSVNC
prebuilt 'bundles', a patched stunnel is provided that denies all
connections after the first one, and exits when the first one closes.
This is not true if the system installed stunnel(8) is used and is
not true when using SSVNC on Windows.
The following are two experimental features that are added to SSVNC
to improve the situation for the SSL/stunnel case. Set them via
Options -> Advanced -> "STUNNEL Local Port Protections".
1) For SSL tunnelling with stunnel(8) on Unix there is a setting
'Use stunnel EXEC mode' (experimental) that will try to exec(2)
stunnel instead of using a listening socket. This will require
using the specially modified vncviewer unix viewer provided
by SSVNC. If this mode proves stable it will become the default.
2) For SSL tunnelling with stunnel(8) on Unix there is a setting
'Use stunnel IDENT check' (experimental) to limit socket
connections to be from you (this assumes the untrusted local
user has not become root on your workstation and has modified
your local IDENT check service; if he has you have much bigger
problems to worry about...)
There is also one simple LD_PRELOAD trick for SSH to limit the number
of accepted port redirection connections. This makes the window of
time the untrusted local user can connect to the tunnel much smaller.
Enable it via Options -> Advanced -> "SSH Local Port Protections".
You will need to have the lim_accept.so file in your SSVNC package.
The main message is to 'Watch your Back' when you connect via the
SSVNC tunnels and there are users you don't trust on your workstation.
The same applies to ANY use of SSH '-L' port redirections or outgoing
stunnel SSL redirection services.
Help and Info:
-------------
For more help on other options and usage patterns run these:
./bin/ssvnc_cmd -h
./bin/util/ss_vncviewer -h
See also:
http://www.karlrunge.com/x11vnc
http://www.karlrunge.com/x11vnc/faq.html
x11vnc -h | more
http://stunnel.mirt.net
http://www.stunnel.org
http://www.openssl.org
http://www.tightvnc.com
http://www.realvnc.com
http://www.chiark.greenend.org.uk/~sgtatham/putty/
http://sourceforge.net/projects/cotvnc/
|