Yvan Masson writes: [...]
I glanced over /etc/vnc.conf and it seems communication can be easily secured with self-signed X509 certificate: this might be simpler to setup than SSH tunneling, especially with a Windows client. Has someone already tried that? Anyway, I will let you know.
I do not have any personal experience with the X509 certificates in the case of VNC. From my experience, TLS is more difficult to configure than SSH, mostly because of (1) the necessity for a PKI and (2) time-based certificate expiration by default. The other point is the more difficult process of generating all the necessary files (host certificate). The manpage for `vnc.conf` seems to indicate that this is automated for the VNC usage to some extent -- possibly worth trying :)
My cheatsheet for openssl commands to prepare all the necessary TLS keys (for stunnel, but VNC may be similar) is here:
https://masysma.lima-city.de/37/dashboards_with_docker.xhtmlAt a glance, the `vnc.conf` manpage does not hint towards private-key-based client authentication, whereas SSH private key files serve this purpose.
The new SSH client on Windows is straight-forward to configure: Just store the id_rsa file and configure the Windows equivalent of "chmod 600" for it. Afterwards, use command `ssh` (or optionally
%USERPROFILE%/.ssh/config) as you would on Linux. HTH and YMMV Linux-Fan öö
Attachment:
pgppUjEKXGD9S.pgp
Description: PGP signature