Sherman, Michael (GE Energy) wrote:
Not sure how helpful I can be here. I've just been reading the Linux Security Admin's Guide/Linux Security HOW-TO this evening. I've also just setup ssh on a small LAN. Basically, ssh provides the security, especially if you're actually using the key system. The remote host will need your public key to authenticate you. You can then run remote X apps securely. In fact, the Linux Security How-To recommends using ssh as the way to connect to a remote X server. Thus your VNC-over-ssh coonection should be pretty darned secure. I know there are a few ssh implementations, but OpenSSH is probably your best bet - based on what little I know.Hi all. I have a quick question. I know that a machine is much less secure when X Windows is running. Does it apply in the same way when X stuff is installed, but the desktop is not actually running? How secure are vncserver sessions and X over ssh? Thanks in advance
As for the security of X, I believe it mainly only applies when X is running. The issue is that X logins are easy for intruders to watch/catch. The How-To recommends using XDM. It doesn't mention why, but the implication seems to be that using XDM is more secure than X by itself. I'm sure a more experienced security guru would be more helpful. I'm also glad you brought this up. I would like to know if WDM, KDM, GDM, or any other *DM provides the same security enhancement as XDM. I'm assuming that these do accomplish the same task, but would like to be sure.
Hope I've been helpful here. -- DC Parris http://matheteuo.org/ http://chaddb.sourceforge.net/ "Free software is like God's love - you can share it with anyone anytime anywhere."