Post Reply
sean-france
Posts: 10
Joined: Mon Dec 28, 2015 2:39 pm
Location: France

whats wrong with the VNC

Mon Oct 31, 2016 9:01 am

VNC is darn useful, when it works. It works when the client and the server come from the same source. Plus it works if there is no encryption. Using an unencrypted link may be OK in a lab or school. It is not going to be OK in any environment where you have security audits eg a company network environment. The VNC protocal allows the server to propose security schemes, and the client to accept one it can cope with. Saddly RealVNC only proposes schemes 13,5,6,130 which all belong to Real. It does not propose 18,23,24 which are open and based on proven SSH and TSL technology.
Why would you not use the Real client? Reasons like, you may be running Debian which does not offer RealVNC. You may need to run a 32bit version from a pen drive and that does not seem to work. Or more simply, can I trust any closed source encryption schemes? Lots of people look at open schemes, and patchs are produced as flaws are found.
ghans
Posts: 7882
Joined: Mon Dec 12, 2011 8:30 pm
Location: Germany

Re: whats wrong with the VNC

Mon Oct 31, 2016 9:07 am

There are quite a bunch of fully opensource VNC servers and
even more opensource clients. Never had problems
with those , even combining those from different "vendors".
I usually don't bother with VNCs inbuilt encryption , but
tunnel it through SSH. That works for me because i only
connect to VNC servers on Linux boxes which also run
the OpenSSH server in parallel.

ghans
• Don't like the board ? Missing features ? Change to the prosilver theme ! You can find it in your settings.
• Don't like to search the forum BEFORE posting 'cos it's useless ? Try googling : yoursearchtermshere site:raspberrypi.org
Sean.fr
Posts: 10
Joined: Fri Mar 21, 2014 5:35 pm

Re: whats wrong with the VNC

Sat Nov 05, 2016 9:28 am

I am not a cloud user myself, but I believe tunneling VNC over SSH it is a common way to talk to cloud virtual machines. The SSH client and server negociate a common security scheme from the lists they support. SSH is designed so you can easy add schemes, and either the client or the server can refuse schemes when exploites become known. It can also use certificates rather than passwords. However it is just messy to set up. Plenty of tutorials on-line. It is the best security practice.

RDP is encrypted, but a lot less secure, but just works. So if you pi is running a in a school, your good. If you are running a Ukrainain power grid and you have upset the Russian hackers, or your name is Snowdon. don't use RDP.
Post Reply

Return to “Off topic discussion”