Liunx SSH and vncview Security "line"

SSH is short for Secure Shell, developed by the Network Working Group of IETF. SSH is a security protocol built on the application layer and transport layer. SSH is a reliable protocol designed for remote logon sessions and other network services. The SSH protocol can effectively prevent information leakage during Remote Management.

VNC (Virtual Network Computer) is short for virtual network computer. VNC is an excellent remote control tool software developed by the famous at&t European research laboratory. VNC is a free open-source software based on UNIX and Linux operating systems. It has powerful remote control capabilities and is highly efficient and practical. Its performance can be comparable to any remote control software in Windows and Mac. In Linux, VNC includes the following commands: vncserver, vncviewer, vncpasswd, and vncconnect. In most cases, you only need two Commands: vncserver and vncviewer. However, the VNC is in plain text and insecure. The connection process may be eavesdropped and interfered. You can use the SSH channel to encrypt the connection and then use the loopback address of the remote host to communicate with each other, increasing the security.

The following is an example of SSH and vncview access. The following is an example of SSH and vncview access. This example is suitable for Redhat | centos | oel6 and later versions. The RedHat | centos | oel5 configurations are different.

1. Install VNC on the server side (192.168.1.102) 1.1

[[email protected] ~]# yum -y install tigervnc tigervnc-serverLoaded plugins: fastestmirror, refresh-packagekit, security…………………..…………………Complete![[email protected] ~]# rpm -qa tigervnctigervnc-1.1.0-8.el6_5.x86_64[[email protected] ~]#

1.2 modify parameter files

[[email protected] ~]# cat /etc/sysconfig/vncservers # The VNCSERVERS variable is a list of display:user pairs.## Uncomment the lines below to start a VNC server on display :2# as my 'myusername' (adjust this to your own).  You will also# need to set a VNC password; run 'man vncpasswd' to see how# to do that.  ## DO NOT RUN THIS SERVICE if your local area network is# untrusted!  For a secure way of using VNC, see this URL:# http://kbase.redhat.com/faq/docs/DOC-7028# Use "-nolisten tcp" to prevent X connections to your VNC server via TCP.# Use "-localhost" to prevent remote VNC clients connecting except when# doing so through a secure tunnel.  See the "-via" option in the# `man vncviewer' manual page.# VNCSERVERS="2:myusername"# VNCSERVERARGS[2]="-geometry 800x600 -nolisten tcp -localhost"VNCSERVERS="1:oracle 2:grid"VNCSERVERARGS[1]="-geometry 1024x768 -nolisten tcp"VNCSERVERARGS[2]="-geometry 1024x768 -nolisten tcp -SecurityTypes None"[[email protected] ~]#

Two VNC users, oracle users and grid users are added. vncserverargs [1] indicates the Oracle user resolution and protocol. However, vncserverargs [2] indicates that the grid user can connect without entering a password. 1.3 design a VNC password for the user

[[email protected] ~]# su - oracle[[email protected] ~]$ [[email protected] ~]$ vncpasswdPassword:Verify:[[email protected] ~]$ [[email protected] ~]$ exitlogout[[email protected] ~]# [[email protected] ~]# su - grid[[email protected] ~]$ [[email protected] ~]$ vncpasswdPassword:Verify:[[email protected] ~]$

The advantage of this is that the System user password is separated from the VNC user password. 1.4 start VNC

[[email protected] ~]# service vncserver startStarting VNC server: 1:oracle xauth:  creating new authority file /home/oracle/.XauthorityNew 'cent2:1 (oracle)' desktop is cent2:1Creating default startup script /home/oracle/.vnc/xstartupStarting applications specified in /home/oracle/.vnc/xstartupLog file is /home/oracle/.vnc/cent2:1.log2:grid xauth:  creating new authority file /home/grid/.XauthorityNew 'cent2:2 (grid)' desktop is cent2:2Creating default startup script /home/grid/.vnc/xstartupStarting applications specified in /home/grid/.vnc/xstartupLog file is /home/grid/.vnc/cent2:2.log[  OK  ][[email protected] ~]#

1.5 Test
If you want to connect to an oracle user, it will be 5901. Here, we will test whether tigervnc is configured. The following figure shows how to configure an SSH connection. 2. Client settings (192.168.1.103) 2.1 window client authentication method. The tool we use is CRT.
If the image is right-clicked and the image URL is opened, the split ratio is quite high. Through the above settings, the port 5901 of the server is mapped to the local port 5901. When using the VNC tool, it is necessary to connect to the local device.
No, the connection is the local 127.0.0.1: 5901. 2.2 The liunx client uses SSH to map port 5901 of the server (192.168.1.102) to the local port 5901.

[[email protected] Desktop]# ssh -L 5901:localhost:5901 192.168.1.102The authenticity of host '192.168.1.102 (192.168.1.102)' can't be established.RSA key fingerprint is ea:d9:cd:1e:5a:51:79:07:19:d2:e3:50:99:3f:35:a6.Are you sure you want to continue connecting (yes/no)? yesWarning: Permanently added '192.168.1.102' (RSA) to the list of known hosts.Address 192.168.1.102 maps to localhost, but this does not map back to the address - POSSIBLE BREAK-IN ATTEMPT![email protected]'s password: Last login: Sun Sep  7 18:55:25 2014 from 192.168.1.101[[email protected] ~]#

Enable vncviewer

[email protected] Desktop]# vncviewer 127.0.0.1:5901TigerVNC Viewer for X version 1.1.0 - built Feb  4 2014 05:24:41Copyright (C) 1999-2011 TigerVNC Team and many others (see README.txt)See http://www.tigervnc.org for information on TigerVNC.Sun Sep  7 11:24:11 2014 CConn:       connected to host 127.0.0.1 port 5901 CConnection: Server supports RFB protocol version 3.8 CConnection: Using RFB protocol version 3.8Sun Sep  7 11:24:17 2014 TXImage:     Using default colormap and visual, TrueColor, depth 24. CConn:       Using pixel format depth 24 (32bpp) little-endian rgb888 CConn:       Using Tight encoding

In this way, you can log on to liunx.

Liunx SSH and vncview Security "line"