Remote Access with VNC: Difference between revisions
m →VNC Session Initated using vncmanager: Added tip box |
m →Encrypted VNC Communication: Added tip box |
||
| Line 284: | Line 284: | ||
TLS encryption with certificate. If you use a self-signed certificate, you will be asked to verify it on the first connection. On subsequent connections you will be warned only if the certificate changed. So you are protected against everything except man-in-the-middle on the first connection (similar to typical SSH usage). If you use a certificate signed by a certificate authority matching the machine name, then you get full security (similar to typical HTTPS usage). | TLS encryption with certificate. If you use a self-signed certificate, you will be asked to verify it on the first connection. On subsequent connections you will be warned only if the certificate changed. So you are protected against everything except man-in-the-middle on the first connection (similar to typical SSH usage). If you use a certificate signed by a certificate authority matching the machine name, then you get full security (similar to typical HTTPS usage). | ||
<div style="padding-bottom:5px;padding-top:5px;"> | |||
<div style="background:#B6D5B2;border:1px solid #439239;padding-left:5px;padding-right:5px;"> | |||
'''Tip: Path to Certificate and Key''' | '''Tip: Path to Certificate and Key''' | ||
With X509 based encryption, you need to specify the path to the X509 certificate and the key with <code>-X509Cert</code> and <code>-X509Key</code> options. | With X509 based encryption, you need to specify the path to the X509 certificate and the key with <code>-X509Cert</code> and <code>-X509Key</code> options. | ||
</div> | |||
</div> | |||
If you select multiple security types separated by comma, the first one supported and allowed by both client and server will be used. That way you can configure opportunistic encryption on the server. This is useful if you need to support VNC clients that do not support encryption. | If you select multiple security types separated by comma, the first one supported and allowed by both client and server will be used. That way you can configure opportunistic encryption on the server. This is useful if you need to support VNC clients that do not support encryption. | ||
On the client, you can also specify the allowed security types to prevent a downgrade attack if you are connecting to a server which you know has encryption enabled (although our vncviewer will warn you with the "Connection not encrypted!" message in that case). | On the client, you can also specify the allowed security types to prevent a downgrade attack if you are connecting to a server which you know has encryption enabled (although our vncviewer will warn you with the "Connection not encrypted!" message in that case). | ||