> Message: 1 > Date: Wed, 11 Jun 2003 23:26:16 +0200 > From: Patrick Benson <[EMAIL PROTECTED]> > To: [EMAIL PROTECTED] > Subject: Re: [leaf-user] Shorewall Rules and TightVNC > > I would also suggest the same option Lars proposed, use ssh and > portforwarding with ssh acting as the tunnel. Some of the advantages are > disabling passwords and using RSAauthentication which can be configured > in your sshd_config file, averting the password cracking problem. A > properly configured sshd_config file is a powerful complement for your > security setup. Another advantage is that you will only be using the ssh > port for the connection, instead of opening the standard vnc 5800,5900 > ports..and you can use the compression option as well. There's a pretty > good tutorial at the realvnc site on how to go about it: > > http://www.uk.research.att.com/vnc/sshvnc.html > > Regards, > -- > Patrick Benson > Stockholm, Sweden
Good day Patrick and Lars, As I am fairly new to this, I would appreciate a bit more help. I did read the article above and a few others but I am not 100% sure that I am doing everything correct. I have sshd 3.4p1 OpenSSH sshd daemon installed and I have created the keys. I can access the fw using putty from both loc and from net Something that bothered me was the fact that when I connected from the net all I had to do was trust the connection to be accepted then I logged on as root provided my password and I was at the lrcfg screen. I looked at the sshd server system wide configuration file but did not know what to change to prevent just anyone from logging on. Also for rules in shorewall I have ACCEPT loc fw tcp 22 ACCEPT net fw tcp 22 do I add ACCEPT net loc tcp 22 I want to use the web based TightVNC client on the net to connect to the TightVNC server on loc. Can this be accomplished using port forwarding ? I would normally type http://xxx.xxx.xxx.xxx:5800 in a web browser to connect to the TightVNC server. Would I specify port 22 here instead of port 5800? Any help is appreciated. Best Regards, Darcy Parker ------------------------------------------------------- This SF.NET email is sponsored by: eBay Great deals on office technology -- on eBay now! Click here: http://adfarm.mediaplex.com/ad/ck/711-11697-6916-5 ------------------------------------------------------------------------ leaf-user mailing list: [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html