diff options
author | Christian Beier <dontmind@freeshell.org> | 2014-09-03 20:54:39 +0200 |
---|---|---|
committer | Christian Beier <dontmind@freeshell.org> | 2014-09-03 20:54:39 +0200 |
commit | 498d222976975f53dea885cfe43ef0f805abd412 (patch) | |
tree | bac684fbde46fdc3e4cc3817616816b71bb67f9f /x11vnc/misc/enhanced_tightvnc_viewer/README | |
parent | 8d2db0486dcc167f1b02d4454ebf4624ce03e1de (diff) | |
download | libtdevnc-498d222976975f53dea885cfe43ef0f805abd412.tar.gz libtdevnc-498d222976975f53dea885cfe43ef0f805abd412.zip |
Remove x11vnc subdir.
The new x11vnc repo is at https://github.com/LibVNC/x11vnc.
Diffstat (limited to 'x11vnc/misc/enhanced_tightvnc_viewer/README')
-rw-r--r-- | x11vnc/misc/enhanced_tightvnc_viewer/README | 756 |
1 files changed, 0 insertions, 756 deletions
diff --git a/x11vnc/misc/enhanced_tightvnc_viewer/README b/x11vnc/misc/enhanced_tightvnc_viewer/README deleted file mode 100644 index 52eb93a..0000000 --- a/x11vnc/misc/enhanced_tightvnc_viewer/README +++ /dev/null @@ -1,756 +0,0 @@ - Enhanced TightVNC Viewer (SSVNC: SSL/SSH VNC viewer) - -Copyright (c) 2006-2009 Karl J. Runge <runge@karlrunge.com> -All rights reserved. - -These bundles provide 1) An enhanced TightVNC Viewer on Unix, 2) Binaries -for many Operating Systems (including Windows and Mac OS X) for your -convenience, 3) Wrapper scripts and a GUI for gluing them all together. - -One can straight-forwardly download all of the components and get them -to work together by oneself: this bundle is mostly for your convenience -to combine and wrap together the freely available software. - -Bundled software co-shipped is copyright and licensed by others. -See these sites and related ones for more information: - - http://www.tightvnc.com - http://www.realvnc.com - http://stunnel.mirt.net - http://www.stunnel.org - http://www.openssl.org - http://www.chiark.greenend.org.uk/~sgtatham/putty/ - http://sourceforge.net/projects/cotvnc/ - -Note: Some of the binaries included contain cryptographic software that -you may not be allowed to download, use, or redistribute. Please check -your situation first before downloading any of these bundles. See the -survey http://rechten.uvt.nl/koops/cryptolaw/index.htm for useful -information. - -All work done by Karl J. Runge in this project is -Copyright (c) 2006-2008 Karl J. Runge and is licensed under the GPL as -described in the file COPYING in this directory. - -All the files and information in this project are provided "AS IS" -without any warranty of any kind. Use them at your own risk. - - -============================================================================= - -This bundle contains a convenient collection of enhanced TightVNC -viewers and stunnel binaries for different flavors of Unix and wrapper -scripts and a GUI front-end to glue them together. Automatic SSL and -SSH encryption tunnelling is provided. - -A Windows SSL wrapper for the bundled TightVNC binary and other utilities -are provided. (Launch ssvnc.exe in the Windows subdirectory). - -The short name of the project is "ssvnc" for SSL/SSH VNC Viewer. - -It is a self-contained bundle, you could carry it around on, say, -a USB memory stick for secure VNC viewing from almost any machine, -Unix, Mac, or Windows. - -Features: --------- - -The enhanced TightVNC viewer features are: - - - SSL support for connections using the bundled stunnel program. - - - Automatic SSH connections from the GUI (ssh must already be - installed on Unix; bundled plink is used on Windows) - - - Ability to Save and Load VNC profiles for different hosts. - - - You can also use your own VNC Viewer, e.g. UltraVNC or RealVNC, - with the front-end GUI or scripts if you like. - - - Create or Import SSL Certificates and Private Keys. - - - Reverse (viewer listening) VNC connections via SSL and SSH. - - - VeNCrypt SSL/TLS VNC encryption support (used by VeNCrypt, - QEMU, ggi, libvirt/virt-manager/xen, vinagre/gvncviewer/gtk-vnc) - - - ANONTLS SSL/TLS VNC encryption support (used by Vino) - - - VeNCrypt and ANONTLS are also enabled for any 3rd party VNC - Viewer (e.g. RealVNC, TightVNC, UltraVNC ...) on Unix, MacOSX, - and Windows via the provided SSVNC VeNCrypt Viewer Bridge tool - (use 'Change VNC Viewer' to select the one you want.) - - - Support for Web Proxies, SOCKS Proxies, and the UltraVNC - repeater proxy (e.g. repeater://host:port+ID:1234). Multiple - proxies may be chained together (3 max). - - - Support for SSH Gateway connections and non-standard SSH ports. - - - Automatic Service tunnelling via SSH for CUPS and SMB Printing, - ESD/ARTSD Audio, and SMB (Windows/Samba) filesystem mounting. - - - Sets up any additional SSH port redirections that you want. - - - Zeroconf (aka Bonjour) is used on Unix and Mac OS X to find - VNC servers on your local network if the avahi-browse or dns-sd - program is available and in your PATH. - - - Port Knocking for "closed port" SSH/SSL connections. In addition - to a simple fixed port sequence and one-time-pad implementation, - a hook is also provided to run any port knocking client before a - connecting. - - - Support for native MacOS X usage with bundled Chicken of the - VNC viewer (the Unix X11 viewer is also provided for MacOS X, - and is better IMHO). - - - Dynamic VNC Server Port determination and redirection (using - ssh's builtin SOCKS proxy, -D) for servers like x11vnc that - print out PORT= at startup. - - - Unix Username and Password entry for use with "x11vnc -unixpw" - type login dialogs. - - - Simplified mode launched by command "sshvnc" that is SSH Only. - - - Simplified mode launched by command "tsvnc" that provides a VNC - "Terminal Services" mode (uses x11vnc on the remote side). - - - (the following features only apply to the bundled Unix tightvnc viewer - including MacOS X) - - - rfbNewFBSize VNC support (screen resizing) - - - Client-side Scaling of the Viewer. - - - ZRLE VNC encoding support (RealVNC's encoding) - - - Support for the ZYWRLE encoding, a wavelet based extension to - ZRLE to improve compression of motion video and photo regions. - - - TurboVNC support (VirtualGL's modified TightVNC encoding; - requires TurboJPEG library) - - - Pipelined Updates of the framebuffer as in TurboVNC (asks for - the next update before the current one has finished downloading; - this gives some speedup on high latency connections.) - - - Cursor alphablending with x11vnc at 32bpp (-alpha option) - - - Option "-unixpw ..." for use with "x11vnc -unixpw" login dialogs. - - - Support for UltraVNC extensions: Single Window, Disable - Server-side Input, 1/n Server side scaling, Text Chat (shell - terminal UI). Both UltraVNC and x11vnc servers support these - extensions - - - UltraVNC File Transfer via an auxiliary Java helper program - (java must be in $PATH). Note that the x11vnc server supports - UltraVNC file transfer. - - - Connection support for the UltraVNC repeater proxy (-repeater - option). - - - Support for UltraVNC Single Click operation. (both unencrypted: - SC I, and SSL encrypted: SC III) - - - Support for UltraVNC DSM Encryption Plugin mode. (ARC4 and - AESV2, MSRC4, and SecureVNC) - - - Support for UltraVNC MS-Logon authentication (NOTE: the - UltraVNC MS-Logon key exchange implementation is very weak; an - eavesdropper on the network can recover your Windows password - easily in a few seconds; you need to use an additional encrypted - tunnel with MS-Logon.) - - - Support for symmetric encryption (including blowfish and 3des - ciphers) to Non-UltraVNC Servers. Any server using the same - encryption method will work, e.g.: x11vnc -enc blowfish:./my.key - - - Instead of hostname:display one can also supply "exec=command - args..." to connect the viewer to the stdio of an external command - (e.g. stunnel or socat) rather than using a TCP/IP socket. Unix - domain sockets, e.g. /path/to/unix/socket, and a previously - opened file descriptor fd=0, work too. - - - Local Port Protections for STUNNEL and SSH: avoid having for - long periods of time a listening port on the the local (VNC - viewer) side that redirects to the remote side. - - - Reverse (viewer listening) VNC connections can show a - Popup dialog asking whether to accept the connection or not - (-acceptpopup.) The extra info provided by UltraVNC Single Click - reverse connections is also supported (-acceptpopupsc) - - - Extremely low color modes: 64 and 8 colors in 8bpp - (-use64/-bgr222, -use8/-bgr111) - - - Medium color mode: 16bpp mode even for 32bpp Viewer display - (-16bpp/-bgr565) - - - x11vnc's client-side caching -ncache method cropping option - (-ycrop n). This will "hide" the large pixel buffer cache - below the actual display. Set to actual height or use -1 for - autodetection (tall screens are autodetected by default). - - - Escape Keys: enable a set of modifier keys so when they - are all pressed down you can invoke Popup menu actions via - keystrokes. I.e., a set of 'Hot Keys'. One can also pan (move) - the desktop inside the viewport via Arrow keys or a mouse drag. - - - Scrollbar width setting: -sbwidth n, the default is very thin, - 2 pixels, for less distracting -ycrop usage. - - - Selection text sending and receiving can be fine-tuned with the - -sendclipboard, -sendalways, and -recvtext options. - - - TightVNC compression and quality levels are automatically set - based on observed network latency (n.b. not bandwidth.) - - - Improvements to the Popup menu, all of these can now be changed - dynamically via the menu: ViewOnly, Toggle Bell, CursorShape - updates, X11 Cursor, Cursor Alphablending, Toggle Tight/ZRLE, - Toggle JPEG, FullColor/16bpp/8bpp (256/64/8 colors), Greyscale - for low color modes, Scaling the Viewer resolution, Escape Keys, - Pipeline Updates, and others, including UltraVNC extensions. - - - Maintains its own BackingStore if the X server does not - - - The default for localhost:0 connections is not raw encoding - (local machine). Default assumes you are using SSH tunnel. Use - -rawlocal to revert. - - - XGrabServer support for fullscreen mode, for old window managers - (-grab/-graball option). - - - Fix for Popup menu positioning for old window managers - (-popupfix option). - - - Run vncviewer -help for all options. - - - -The list of software bundled in the archive files: - - TightVNC Viewer (windows, unix, macosx) - Chicken of the VNC Viewer (macosx) - Stunnel (windows, unix, macosx) - Putty/Plink/Pageant (windows) - OpenSSL (windows) - esound (windows) - -These are all self-contained in the bundle directory: they will not be -installed on your system. Just un-zip or un-tar the file you downloaded -and run it straight from its directory. - - -Quick Start: ------------ - -Unix and Mac OS X: - - Inside a Terminal do something like the following. - - Unpack the archive: - - % gzip -dc ssvnc-1.0.28.tar.gz | tar xvf - - - Run the GUI: - - % ./ssvnc/Unix/ssvnc (for Unix) - - % ./ssvnc/MacOSX/ssvnc (for Mac OS X) - - The smaller file "ssvnc_no_windows-1.0.28.tar.gz" - could have been used as well. - - On MacOSX you could also click on the SSVNC app icon in the Finder. - - On MacOSX if you don't like the Chicken of the VNC (e.g. no local - cursors, no screen size rescaling, and no password prompting), and you - have the XDarwin X server installed, you can set DISPLAY before starting - ssvnc (or type DISPLAY=... in Host:Disp and hit Return). Then our - enhanced TightVNC viewer will be used instead of COTVNC. - Update: there is now a 'Use X11 vncviewer on MacOSX' under Options ... - - - If you want a SSH-only tool (without the distractions of SSL) run - the command: - - sshvnc - - instead of "ssvnc". Or click "SSH-Only Mode" under Options. - Control-h will toggle between the two modes. - - - If you want a simple VNC Terminal Services only mode (requires x11vnc - on the remote server) run the command: - - tsvnc - - instead of "ssvnc". Or click "Terminal Services" under Options. - Control-t will toggle between the two modes. - - "tsvnc profile-name" and "tsvnc user@hostname" work too. - - -Unix/MacOSX Install: - - There is no standard install for the bundles, but you can make - symlinks like so: - - cd /a/directory/in/PATH - ln -s /path/to/ssvnc/bin/{s,t}* . - - Or put /path/to/ssvnc/bin, /path/to/ssvnc/Unix, or /path/to/ssvnc/MacOSX - in your PATH. - - For the conventional source tarball it will compile and install, e.g.: - - gzip -dc ssvnc-1.0.28.src.tar.gz | tar xvf - - cd ssvnc-1.0.28 - make config - make all - make PREFIX=/my/install/dir install - - then have /my/install/dir/bin in your PATH. - - -Windows: - - Unzip, using WinZip or a similar utility, the zip file: - - ssvnc-1.0.28.zip - - Run the GUI, e.g.: - - Start -> Run -> Browse - - and then navigate to - - .../ssvnc/Windows/ssvnc.exe - - select Open, and then OK to launch it. - - The smaller file "ssvnc_windows_only-1.0.28.zip" - could have been used as well. - - You can make a Windows shortcut to this program if you want to. - - See the Windows/README.txt for more info. - - - If you want a SSH-only tool (without the distractions of SSL) run - the command: - - sshvnc.bat - - Or click "SSH-Only Mode" under Options. - - - If you want a simple VNC Terminal Services only mode (requires x11vnc - on the remote server) run the command: - - tsvnc.bat - - Or click "Terminal Services" under Options. Control-t will toggle - between the two modes. "tsvnc profile-name" and "tsvnc user@hostname" - work too. - - - -Important Note for Windows Vista: One user reports that on Windows Vista -if you move or extract the "ssvnc" folder down to the "Program Files" -folder you will be prompted to do this as the Administrator. But then -when you start up ssvnc, as a regular user, it cannot create files in -that folder and so it fails to run properly. We recommend to not copy -or extract the "ssvnc" folder into "Program Files". Rather, extract -it to somewhere you have write permission (e.g. C:\ or your User dir) -and create a Shortcut to ssvnc.exe on the desktop. - -If you must put a launcher file down in "Program Files", perhaps an -"ssvnc.bat" that looks like this: - -C: -cd \ssvnc\Windows -ssvnc.exe - - -SSH-ONLY Mode: --------------- - -If you don't care for SSL and the distractions it provides in the GUI, -run "sshvnc" (unix/macosx) or "sshvnc.bat" (windows) to run an SSH only -version of the GUI. - -Terminal Services Mode ----------------------- - -There is an even simpler mode that uses x11vnc on the remote side for the -session finding and management. Run "tsvnc" (unix/macosx) or "tsvnc.bat" -(windows) to run the Terminal Services version of the GUI. - - -Bundle Info: ------------- - -The bundle files unpack a directory/folder named: ssvnc - -It contains these programs to launch the GUI: - - Windows/ssvnc.exe for Windows - MacOSX/ssvnc for Mac OS X - Unix/ssvnc for Unix - -(the Mac OS X and Unix launchers are simply links to the bin directory). - - -Your bundle file should have included binaries for many OS's: Linux, -Solaris, FreeBSD, etc. Unpack your archive and see the subdirectories of - - ./bin - -for the ones that were shipped in this project, e.g. ./bin/Linux.i686 -Run "uname -sm" to see your OS+arch combination (n.b. all Linux x86 are -mapped to Linux.i686). (See the ./bin/ssvnc_cmd -h output for how to -override platform autodection via the UNAME env. var). - - -Memory Stick Usage: -------------------- - -If you create a directory named "Home" in that toplevel ssvnc directory -then that will be used as the base for storing VNC profiles and -certificates. Also, for convenience, if you first run the command with -"." as an argument (e.g. "ssvnc .") it will automatically create that -"Home" directory for you. This is handy if you want to place SSVNC -on a USB flash drive that you carry around for mobile use and you want -the profiles you create to stay with the drive (otherwise you'd have to -browse to the drive directory each time you load or save). - -One user on Windows created a BAT file to launch SSVNC and needed to -do this to get the Home directory correct: - -cd \ssvnc\Windows -start \ssvnc\Windows\ssvnc.exe - -(an optional profile name can be supplied to the ssvnc.exe line) - -WARNING: if you use ssvnc from an "Internet Cafe", i.e. an untrusted -computer, an intruder may be capturing keystrokes etc. - - -External Dependencies: ----------------------- - -On Windows everything is included. Let us know if you find otherwise. - -On Unix depending on what you do you need these programs installed: - - - basic unix utilities (sh, ls, cat, awk, sed, etc..) - - tcl/tk (wish interpreter) - - xterm - - perl - - ssh - - openssl - - Lesser used ones: netcat, esd/artsd, smbclient, smbmount, cups - -On Mac OS X depending on what you do you need these programs installed: - - - basic unix utilities (sh, ls, cat, awk, sed, etc..) - - tcl/tk (wish interpreter) - - Terminal - - perl - - ssh - - openssl - - Lesser used ones: netcat, smbclient, cups - -Most Mac OS X and Unix OS come with the main components installed. - -See the README.src for a more detailed description of dependencies. - - -TurboVNC Support: ----------------- - -TurboVNC is supported in an experimental way. To it build via the -build.unix script described in the next section, do something like: - - env TURBOVNC='-L/DIR -Xlinker --rpath=/DIR -lturbojpeg' ./build.unix - -where you replace /DIR with the directory where the libturbojpeg.so -(http://sourceforge.net/project/showfiles.php?group_id=117509&package_id=166100) -is installed. - -You may not need to set rpath if libturbojpeg.so is installed in a -standard location or you use LD_LIBRARY_PATH to point to it. - -See the turbovnc/README in the vnc_unixsrc/vncviewer directory for -more info. You can find it in the ssvnc source tarball and also -in: - - src/zips/vnc_unixsrc_vncviewer.patched.tar - -More TurboVNC features will be enabled in the future. - - -If you need to Build: --------------------- - -If your OS/arch is not included or the provided binary has the wrong -library dependencies, etc. the script "build.unix" may be able to -successfully build on for you and deposit the binaries down in ./bin/... -using the included source code. It is a hack but usually works. - -You MUST run the build.unix script from this directory (that this toplevel -README is in, i.e "ssvnc") and like this: - - ./build.unix - -To use custom locations for libraries see the LDFLAGS_OS and CPPFLAGS_OS -description at the top of the build.unix script. - -You can set these env. vars to customize the build: - - SSVNC_BUILD_NO_STATIC=1 do not try to statically link libs - SSVNC_BUILD_FORCE_OVERWRITE=1 do not prompt about existing binaries - SSVNC_BUILD_SKIP_VIEWER=1 do not build vncviewer - SSVNC_BUILD_SKIP_STUNNEL=1 do not build stunnel - SSVNC_BUILD_ULTRAFTP=1 only build the file xfer helper jar - -here is an example to build only the vncviewer and with normal library -linking (and in a more or less automated way): - - env SSVNC_BUILD_NO_STATIC=1 SSVNC_BUILD_FORCE_OVERWRITE=1 SSVNC_BUILD_SKIP_STUNNEL=1 ./build.unix - -Feel free to ask us if you need help running ./build.unix - - -Convential Build: - -A more conventional source tarball is provided in ssvnc-x.y.z.src.tar.gz. -It uses a more or less familiar 'make config; make all; make PREFIX=path install' -method. It does not include stunnel, so that must be installed on the -system separately. - - -The programs: ------------- - -Unpack your archive, and you will see "bin", "Windows", "src" directories -and other files. The command line wrapper scripts: - - ./bin/ssvnc_cmd - ./bin/tightvncviewer - -are the main programs that are run and will try to autodetect your OS+arch -combination and if binaries are present for it automatically use them. -(if not found try the running the build.unix script). - -If you prefer a GUI to prompt for parameters and then start ssvnc_cmd -you can run this instead: - - ./bin/ssvnc - -this is the same GUI that is run on Windows (the ssvnc.exe). -There are also: - - ./bin/sshvnc (SSH-Only) - ./bin/tsvnc (Terminal Services Mode) - -For convenience, you can make symlinks from a directory in your PATH to -any of the 3 programs above you wish to run. That is all you usually -need to do for it to pick up all of the binaries, utils, etc. E.g. -assuming $HOME/bin is in your $PATH: - - cd $HOME/bin - ln -s /path/to/ssvnc/bin/{s,t}* . - -(note the "." at the end). The above commands is basically the way to -"install" this on Unix or MacOS X. - -Also links to the GUI launcher script are provided in: - - MacOSX/ssvnc - Unix/ssvnc - -and sshvnc and tsvnc. You could also put the Unix or MacOSX directory -in your PATH. - - -On Windows unpack your archive and run: - - Windows/ssvnc.exe - - -Examples: --------- - -The following assume you are in the toplevel directory of the -archive you unpacked. - -Use enhanced TightVNC unix viewer to connect to x11vnc via SSL: - - ./bin/ssvnc_cmd far-away.east:0 - - ./bin/tightvncviewer -ssl far-away.east:0 (same) - - ./bin/ssvnc (start GUI launcher) - -Use enhanced TightVNC unix viewer without SSL: - - ./bin/tightvncviewer far-away.east:0 - -Use SSL to connect to a x11vnc server, and also verify the server's -identity using the SSL Certificate in the file ./x11vnc.pem: - - ./bin/ssvnc_cmd -alpha -verify ./x11vnc.pem far-away.east:0 - -(also turns on the viewer-side cursor alphablending hack). - - -Brief description of the subdirectories: ---------------------------------------- - - ./bin/util some utility scripts, e.g. ss_vncviewer - and ssvnc.tcl - - ./src source code and patches. - ./src/zips zip files of source code and binaries. - - ./src/vnc_unixsrc unpacked tightvnc source code tree. - ./src/stunnel-4.14 unpacked stunnel source code tree. - ./src/patches patches to TightVNC viewer for the new - features on Unix (used by build.unix). - ./src/tmp temporary build dir for build.unix - (the last four are used by build.unix) - - - ./man man pages for TightVNC viewer and stunnel. - - ./Windows Stock TightVNC viewer and Stunnel, Openssl - etc Windows binaries. ssvnc.exe is the - program to run. - - ./MacOSX contains an unpacked Chicken of the VNC - viewer and a symlink to ssvnc. - - ./Unix contains a symlink to ssvnc. - -Depending on which bundle you use not all of the above may be present. -The smallest bundles with binaries are: - - ssvnc_windows_only-1.x.y.zip Windows - ssvnc_no_windows-1.x.y.tar.gz Unix and MacOSX - -however, the tiny scripts only one (only 60KB) will run properly on Unix -as long as you install external vncviewer and stunnel packages: - - ssvnc_unix_minimal-1.x.y.tar.gz - - -Untrusted Local Users: ---------------------- - - *IMPORTANT WARNING*: If you run SSVNC on a workstation or computer - that other users can log into and you DO NOT TRUST these users - (it is a shame but sometimes one has to work in an environment like - this), then please note the following warning. - - By 'do not trust' we mean they might try to gain access to remote - machines you connect to via SSVNC. Note that an untrusted local - user can often obtain root access in a short amount of time; if a - user has achieved that, then all bets are off for ANYTHING that you - do on the workstation. It is best to get rid of Untrusted Local - Users as soon as possible. - - Both the SSL and SSH tunnels set up by SSVNC listen on certain ports - on the 'localhost' address and redirect TCP connections to the remote - machine; usually the VNC server running there (but it could also be - another service, e.g. CUPS printing). These are the stunnel(8) SSL - redirection and the ssh(1) '-L' port redirection. Because 'localhost' - is used only users or programs on the same workstation that is - running SSVNC can connect to these ports, however this includes any - local users (not just the user running SSVNC.) - - If the untrusted local user tries to connect to these ports, he may - succeed in varying degrees to gain access to the remote machine. - We now list some safeguards one can put in place to try to make this - more difficult to achieve. - - It probably pays to have the VNC server require a password, even - though there has already been SSL or SSH authentication (via - certificates or passwords). In general if the VNC Server requires - SSL authentication of the viewer that helps, unless the untrusted - local user has gained access to your SSVNC certificate keys. - - If the VNC server is configured to only allow one viewer connection - at a time, then the window of opportunity that the untrusted local - user can use is greatly reduced: he might only have a second or two - between the tunnel being set up and the SSVNC vncviewer connecting - to it (i.e. if the VNC server only allows a single connection, the - untrusted local user cannot connect once your session is established). - Similarly, when you disconnect the tunnel is torn down quickly and - there is little or no window of opportunity to connect (e.g. x11vnc - in its default mode exits after the first client disconnects). - - Also for SSL tunnelling with stunnel(8) on Unix using one of the SSVNC - prebuilt 'bundles', a patched stunnel is provided that denies all - connections after the first one, and exits when the first one closes. - This is not true if the system installed stunnel(8) is used and is - not true when using SSVNC on Windows. - - The following are two experimental features that are added to SSVNC - to improve the situation for the SSL/stunnel case. Set them via - Options -> Advanced -> "STUNNEL Local Port Protections". - - 1) For SSL tunnelling with stunnel(8) on Unix there is a setting - 'Use stunnel EXEC mode' (experimental) that will try to exec(2) - stunnel instead of using a listening socket. This will require - using the specially modified vncviewer unix viewer provided - by SSVNC. If this mode proves stable it will become the default. - - 2) For SSL tunnelling with stunnel(8) on Unix there is a setting - 'Use stunnel IDENT check' (experimental) to limit socket - connections to be from you (this assumes the untrusted local - user has not become root on your workstation and has modified - your local IDENT check service; if he has you have much bigger - problems to worry about...) - - There is also one simple LD_PRELOAD trick for SSH to limit the number - of accepted port redirection connections. This makes the window of - time the untrusted local user can connect to the tunnel much smaller. - Enable it via Options -> Advanced -> "SSH Local Port Protections". - You will need to have the lim_accept.so file in your SSVNC package. - - The main message is to 'Watch your Back' when you connect via the - SSVNC tunnels and there are users you don't trust on your workstation. - The same applies to ANY use of SSH '-L' port redirections or outgoing - stunnel SSL redirection services. - - -Help and Info: -------------- - -For more help on other options and usage patterns run these: - - ./bin/ssvnc_cmd -h - ./bin/util/ss_vncviewer -h - -See also: - - http://www.karlrunge.com/x11vnc - http://www.karlrunge.com/x11vnc/faq.html - x11vnc -h | more - - http://stunnel.mirt.net - http://www.stunnel.org - http://www.openssl.org - http://www.tightvnc.com - http://www.realvnc.com - http://www.chiark.greenend.org.uk/~sgtatham/putty/ - http://sourceforge.net/projects/cotvnc/ |