On Thu, Apr 25, 2002 at 10:54:49AM -0400, Anthony Dean wrote: > Hans Ekbrand wrote: > >XDMCP is insecure by nature since it cannot be tunneled over > >SSH. As I understand it you could use VNC instead, which can be > >tunneled over SSH. > > > XDMCP is only used for querying possible hosts, which VNC just doesn't > do. There's no problem tunneling X, so I can't see what VNC would gain.
My experience with VNC is limited to running a VNC viewer on a Linux box to get a Windows98 (i.e. single-user OS) login prompt and desktop in a window in my X session. From what I have read on VNC, I think you are wrong. Consider a LTSP-terminal running an X server and a VNC viewer locally. That VNC viewer connects to XVNC server running at a LTSP server. That way the user gets a login prompt, but XDMCP is never used. XDMCP uses, AFAIK, passwords in clear text, while VNC does not send the password over the network. So that is one thing you gain with VNC. To SSH-tunnel the VNC connection is not what I would do, since tunneling over SSH requires ssh running locally, and if you have that, you could just as well start the window-manager of choice over the SSH tunnel. There will be no fancy login prompt though. -- Hans Ekbrand
msg04728/pgp00000.pgp
Description: PGP signature
