Best way to do remote development?
torriem at gmail.com
Sat Jan 12 11:59:03 MST 2013
On 01/12/2013 11:32 AM, S. Dale Morrey wrote:
> Just an FYI, I do have much more than basic sysadmin skills.
> By horribly insecure I was referring to the protocol, running VNC
> without tunneling via SSH is just as bad as telneting in.
Tunneling VNC over SSH is brain-dead easy.
FreeNX is also encrypted by SSL and can pass X11 traffic, VNC, or
Microsoft's RDP protocol. OpenNX is the client portion.
> When I mentioned that I don't know enough to know how to secure it, I
> was just trying to say that the protocol is badly broken and I'm not
> sure what alternatives there are/were.
VNC is no more broken than telnet. You just have to use them correctly
(IE over a trusted LAN or trusted ssh tunnel). VNC is trivial to
secure. Configure it to listen to localhost only (or use iptables), and
do an ssh tunnel, or use FreeNX with it.
> I have been doing some research though and it turns out that terminal
> services via RDP does appear to be encrypted and you can set the
> encryption level in the xrdp config file.
> Why the heck it defaults to low I don't know though, so maybe someone
> can explain that one to me.
Tunneling all these protocols over FreeNX gives you variable compression
and makes them even faster than they already are. Plus FreeNX limits
your exposure to one port, SSH, which you want open anyway.
More information about the PLUG