Security and Vnc server

From: Michael Kohl (kohlm@mit.edu)
Date: Tue Dec 05 2006 - 23:27:06 EST

Next message: Michael Kohl: "Minutes of the Blast analysis meeting on Thursday 12/07/2006"
Previous message: Michael Kohl: "Blast analysis meeting"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Dear Blasters,

in order to improve security on the Bates/Blast machines, only ssh
connections through blast05 will be permitted in the future.
One of the "problems" are unsecured vnc servers on blast05 visible to the
outside world.
VNC users are asked to use VNC in the following way in the future:

To start a VNC server on blast05, it is mandatory to use the option
"-localhost". This makes sure that only local users can connect to the
port (with ssh, see below). VNC server on any other blast machine behind
the blast05 gateway should be started without the "-localhost" option.

E.g. starting a VNC server on bud24:
user@bud24:
$ vncserver :2 -geometry 1375x875 -depth 24 -name bud24

However, starting a VNC server on blast05:
user@blast05:
$ vncserver :2 -geometry 1375x875 -depth 24 -localhost -name blast05

To connect to a vnc server running on blast05, or on any blast machine
running a vnc server behind the blast05 gateway, one must use the "-via"
option in the vncviewer command (which spawns a ssh tunneling connection):

To connect to a vnc server on blast05:
user@remotehost:
vncviewer -passwd .vnc/passwd -compresslevel 9 -quality 9 -depth 24 -via
blast05.lns.mit.edu localhost:2

To connect to a vnc server on bud24:
user@remotehost:
vncviewer -passwd .vnc/passwd -compresslevel 9 -quality 9 -depth 24 -via
blast05.lns.mit.edu bud24.bates.daq:2

For any questions, comments or problem reports,
please contact Brian McAllister <mcallister@MIT.EDU>.

Best regards

Michael

+-------------------------------------+--------------------------+
| Office: | Home: |
|-------------------------------------|--------------------------|
| Dr. Michael Kohl | Michael Kohl |
| Laboratory for Nuclear Science | 5 Ibbetson Street |
| MIT-Bates Linear Accelerator Center | Somerville, MA 02143 |
| Middleton, MA 01949 | U.S.A. |
| U.S.A. | |
| - - - - - - - - - - - - | - - - - - - - - -|
| Email: kohlm@mit.edu | K.Michael.Kohl@gmx.de |
| Work: +1-617-253-9207 | Home: +1-617-629-3147 |
| Fax: +1-617-253-9599 | Mobile: +1-978-580-4190 |
| http://blast.lns.mit.edu | |
+-------------------------------------+--------------------------+

Next message: Michael Kohl: "Minutes of the Blast analysis meeting on Thursday 12/07/2006"
Previous message: Michael Kohl: "Blast analysis meeting"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

This archive was generated by hypermail 2.1.2 : Mon Feb 24 2014 - 14:07:33 EST