clear-linux-documentation
clear-linux-documentation copied to clipboard
clearlinux
"Remote-desktop to a host using VNC" guide under "Encrypt VNC traffic through an SSH tunnel" - Method 3
Under "Encrypt VNC traffic through an SSH tunnel" - Method 3, the document says "No change is needed to the xvnc@service script".
However, I can see the socket binds to all interface for port 5900. This means a vnc client can establish a direct connection to the xvnc server without an ssh tunnel established.
The document needs to be amended. Instead of changing xvnc@service, the xvnc.socket needs to be updated for Method 3.
[Socket] ListenStream=127.0.0.1:5900 Accept=yes
This will force the socket to bind only with the localhost interface and remote connection from a vnc client will only work with an ssh tunnel. This will block direct connection to port 5900.
Environment (please complete the following):
- Clear Linux OS VERSION_ID=33300
- tigervnc: version: 33250
Welcome to Clear Linux* OS Docs. Thanks for submitting your first issue.
![github-actions[bot] avatar](https://avatars.githubusercontent.com/in/15368?v=4 "Published by a pub.dev verified publisher"){kind=small}
Did changes in GDM have an impact on Method 3?
I can confirm that @headwhacker lightdm workaround mentioned at https://github.com/clearlinux/clear-linux-documentation/issues/1108#issuecomment-640018875 worked for me. However, I can't get the ListenStream=127.0.0.1:5900 to work and am not sure if it is a bug. If I just leave it as :5900 and SSH in with my local port 5900 remapped to <VNC server ip>:5900 and use a VNC address of localhost:5900 then I can ssh in securely through the encrypted tunnel.
I should also note that if I put ListenStream=<my windows ip>:5900 and restart the service it fails to restart.
