I decided to setup two old computers lying around my office today. One already had Ubuntu 7.04 (Feisty Fawn) installed while the other was running WinXP. So I wiped the WinXP off one, and distro upgraded the other to Ubuntu 8.04 (Hardy Heron). Now I have two Hardys sitting on an office bench. I primarily work with a dual-screen WinXP machine with remote desktop to another WinXP machine somewhere else. Then it dawned on me that instead of using ssh to issue text commands to the two Hardys, it will be great if I could do remote desktop to them and control all 4 machines.
It turns out that the simplest way was not a proper remote desktop like how WinXP does its remote desktop but rather, desktop sharing using VNC that comes with Ubuntu. What happens in desktop sharing is you send inputs to the remote computer which sends you back the output. The input is taken to occur on-site, i.e. moving the mouse on the remote side actually moves the pointer on the actual machine. Unlike a proper remote desktop, desktop sharing with VNC is inherently insecure. This is primarily why I refer to it as remote sharing instead of remote desktop (note that in the System menu it is under "Remote Desktop").
Firstly, for remote sharing, after enabling it, a remote user can only connect to the desktop if a user is logged in on site. This means that a computer in an insecure physical location will never be secure as someone can sit down in front of it, stop the remote sharing, and start using the system in place of you. Contrast this with remote desktop in WinXP where the computer will be locked by the remote user on-site. Hence only someone with your user account can hijack the computer physically. Fortunately for me, both computers are in a secure physical location so this is not a problem.
Secondly, the password that one sets for remote sharing is only 8 characters long and there is no prompt for a user account. This means that the security of a user account is now only 8 characters since someone can log in remotely as well and change the on-site logged in user's password.
Lastly, for the free version of VNC, data exchange after logging in is not encrypted. That means any password sent can be sniffed over the network directly.
The solution to the last two problems is to use ssh tunneling and a firewall (or host denying). Indeed there are quite a few a articles online on how to achieve this, one of it being here. The gist of it is, one creates a secure ssh connection to the remote machine, use ssh tunneling to tell the remote machine to forward a connection to itself (on the VNC port), then, connect to desktop sharing through this secure tunnel. For example when connecting from A to B, an encrypted tunnel is set up from A to B and a unencrypted one from B to itself. The latter is fine since no data actually leaves the network interface. Then, to stop others from making a remote sharing connection, either only allow the local host (i.e. B) to remote share to itself or use a firewall to block incoming connections to the remote share port. I used a firewall since the GUI option to ``allow local connections only" for remote sharing did not work for me and I was too lazy to manually edit the configuration files.
The net effect, now connecting to a remote computer requires logging in to it using ssh which makes the connecting password of 8 characters immaterial -- it is now as strong as your normal user account. Furthermore, no one can easily snoop on data you send over the network as it is encrypted, plus no one can access remote sharing directly without using ssh tunneling.
It turns out that the simplest way was not a proper remote desktop like how WinXP does its remote desktop but rather, desktop sharing using VNC that comes with Ubuntu. What happens in desktop sharing is you send inputs to the remote computer which sends you back the output. The input is taken to occur on-site, i.e. moving the mouse on the remote side actually moves the pointer on the actual machine. Unlike a proper remote desktop, desktop sharing with VNC is inherently insecure. This is primarily why I refer to it as remote sharing instead of remote desktop (note that in the System menu it is under "Remote Desktop").
Firstly, for remote sharing, after enabling it, a remote user can only connect to the desktop if a user is logged in on site. This means that a computer in an insecure physical location will never be secure as someone can sit down in front of it, stop the remote sharing, and start using the system in place of you. Contrast this with remote desktop in WinXP where the computer will be locked by the remote user on-site. Hence only someone with your user account can hijack the computer physically. Fortunately for me, both computers are in a secure physical location so this is not a problem.
Secondly, the password that one sets for remote sharing is only 8 characters long and there is no prompt for a user account. This means that the security of a user account is now only 8 characters since someone can log in remotely as well and change the on-site logged in user's password.
Lastly, for the free version of VNC, data exchange after logging in is not encrypted. That means any password sent can be sniffed over the network directly.
The solution to the last two problems is to use ssh tunneling and a firewall (or host denying). Indeed there are quite a few a articles online on how to achieve this, one of it being here. The gist of it is, one creates a secure ssh connection to the remote machine, use ssh tunneling to tell the remote machine to forward a connection to itself (on the VNC port), then, connect to desktop sharing through this secure tunnel. For example when connecting from A to B, an encrypted tunnel is set up from A to B and a unencrypted one from B to itself. The latter is fine since no data actually leaves the network interface. Then, to stop others from making a remote sharing connection, either only allow the local host (i.e. B) to remote share to itself or use a firewall to block incoming connections to the remote share port. I used a firewall since the GUI option to ``allow local connections only" for remote sharing did not work for me and I was too lazy to manually edit the configuration files.
The net effect, now connecting to a remote computer requires logging in to it using ssh which makes the connecting password of 8 characters immaterial -- it is now as strong as your normal user account. Furthermore, no one can easily snoop on data you send over the network as it is encrypted, plus no one can access remote sharing directly without using ssh tunneling.
Tada! Controlling 2 WinXP machines and 2 Ubuntu boxes with one computer! But VNC is quite sluggish even when the machines use the same network switch and this still does not solve the physical insecurity problem. To do that we probably need real remote desktop. In Linux I think this means having an X-server on the WinXP machine via cygwin and logging in to the linux box using XDMCP. This gives the remote user a dedicated desktop, i.e. all actions are private to the user, instead of being shared on-site. The remote computer can be left at the normal log-in screen so no one without the proper privileges can hijack someone's user account on-site.
Alternatively some online HOWTOs seem to advocate FreeNX to do this which I believe is distributed from here. However, it might not be the best solution if the goal is to minimize computation on the remote client (i.e. the machine you are at) since the GUI computation is now done on it. ``SO why not just use normal ssh?", you ask. Well sometimes I forget the names of packages that I want to install and Synaptic helps me find them better than apt-get.
* * * * * Update * * * * *
Decided to give NoMachine NX a spin. It is easier to configure than VNC, handles all security problems and creates a separate X-session for each remote login. It does this, I believe, by having an x-server and using ssh for the connection. Get it from their website.
Alternatively some online HOWTOs seem to advocate FreeNX to do this which I believe is distributed from here. However, it might not be the best solution if the goal is to minimize computation on the remote client (i.e. the machine you are at) since the GUI computation is now done on it. ``SO why not just use normal ssh?", you ask. Well sometimes I forget the names of packages that I want to install and Synaptic helps me find them better than apt-get.
* * * * * Update * * * * *
Decided to give NoMachine NX a spin. It is easier to configure than VNC, handles all security problems and creates a separate X-session for each remote login. It does this, I believe, by having an x-server and using ssh for the connection. Get it from their website.
4 comments:
kong simi?
People (save for a few) don't want to read super duper cheem technical stuffs...
People want to read interesting stuffs... like s*x.. and.. maybe more s*x
yea, recently it's lots of tech, well, changing to travel soon. =D
i have been using a lot of VNC but didnt care of the security...
that is quite dangerous, any password you type is basically visible to anyone on the network. worse if the computer you vnc to is not at home, someone can sit in front of it and read your emails.
Post a Comment