VNC Remote Management Linux Server Security Guide

Article Title: VNC remote management of Linux server security guide. Linux is a technology channel of the IT lab in China. Including desktop applications, Linux system management, kernel research, embedded systems and open source, and other basic categories in the Open Source Field, remote control technology is represented by VNC. VNC (Virtual Network Computer) is a set of software developed by AT&T lab that can control remote computers. The VNC software can be divided into two parts: VNC Server and VNC viewer. The former is installed on the controlled terminal, and the latter is installed on the master terminal. VNC software is not only open-source, but also cross-platform. Many system administrators prefer to use this VNC on Windows as a tool for remote Linux server or client management.

The workflow for running the entire VNC is as follows:

(1) connect the VNC client to the VNC Server through a browser or VNC Viewer.

(2) The VNC Server sends a dialog window to the client, requiring that you enter the connection password and access the VNC Server display device.

(3) After the client enters the online password, the VNC Server verifies that the client has access permissions.

(4) If the client passes the VNC Server verification, the client requires the VNC Server to display the desktop environment.

(5) The VNC Server uses X Protocol to require X Server to assign control of the display to the VNC Server.

(6) The VNC Server will be sent to the client using the VNC communication protocol in the desktop environment of X Server in the future, and allow the client to control the desktop environment and input device of the VNC Server.

This article describes how to use VNC for remote management of Linux servers, and highlights the security issues that need attention during the process.

1. Start the VNC Server

The basic principle of Remote Control Using VNC software is that the master node initiates a connection request using the VNC client and establishes remote control after the control end agrees. In this case, the master can remotely control the control end. To remotely control the Linux operating system using the VNC software, you must first start the VNC server software on the Linux operating system. Otherwise, you cannot establish a VNC connection. However, in most Linux operating systems, such as Red Hat Linux systems, VNC servers are usually installed by default. However, it is usually disabled for security reasons. If the system administrator wants to use VNC for remote control, the system administrator needs to start the VNC server on the Linux operating system.

In the Linux operating system command line, the system administrator can enter the vncserver command to start the VNC server. During the startup process, the operating system prompts the system administrator to enter the VNC connection password for security reasons. It is better for the system administrator to enter a complicated password here, such as a combination of English characters and numbers, to increase the difficulty of supplier deciphering. After a VNC connection is established, the master can operate on the control end as you would on your computer. Therefore, this password will be the final barrier to ensure its security. 1 after successful startup:

498) this. width = 498; "height = 346>
Start VNC Server

After the password is configured, the Linux operating system returns the VNC connection address. As shown above, the system administrator can use localhost. localdomain to remotely manipulate the Linux operating system. After entering this network address on the VNC client, you can connect to the VNC server. If you need to change the VNC connection password later, you need to use vncpasswd to change it. Note that it is not passwd. This is different from the command for changing the user password. Generally, as long as the network address is displayed normally, the VNC service starts normally.

In addition, to ensure security, it is best to disable the VNC application server on the server after the VNC Server is interrupted. To close the command, run the following command:

    #vncserver ?kill :1

The last 1 indicates the number of the window that was previously started. The system administrator should develop a habit of shutting down a service immediately after it is started.One more service is an opportunity for multiple hackers to attack.Especially when using the operating system as a server, this habit can greatly improve the security of the server system. In general, the Linux operating system does not start services by default. After the system administrator starts them, the system administrator must close them in time.

However, in an enterprise, the layout of the enterprise is relatively large. For example, it takes about half an hour to go from the office of the system administrator to the client of the Linux operating system. For convenience of management, if the other operating system is only used as a common client, you can enable the Linux operating system to automatically start the VNC server at startup. Because the client's security requirements are not very strict, you can make a certain degree of compromise in terms of management convenience. However, if the operating system is used as a server, the system administrator must be cautious when starting the VNC server automatically.

If the system administrator determines that the VNC Server is automatically started when the system needs to start up, you can use the ntsysv service to define it. That is, you only need to enter the command ntsysv in the command line state, and then select the vncserver entry (select by space). That is, if the VNC Server is set to start upon startup. Modify the/etc/sysconfig/vncservers configuration file. Find the VNCSERVER = "1: root" entry in this file. By default, the operating system comment out this line. The system administrator only needs to remove the annotator. After this setting, The VNC Server is automatically enabled after the operating system is started next time.

[1] [2] Next page