VNC using Certificates?

Is there a version of VNC that uses certificates rather than passwords for authentication?
If so, is it free? I'd like to use X.509 certs instead of simple passwords.
farhan00Asked:
Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

pjwallisCommented:
Hi,

Have a look at tightvnc which has SSL and other goodies.
http://www.karlrunge.com/x11vnc/ssvnc.html

The license has two flavours and is found here.
http://www.tightvnc.com/download.php

Hope this is of help.
pjwallis
0
skullnobrainsCommented:
actually, there are none (at least none that i know of) that really do it directly in vnc.

many servers allow ssl connections but you can only authenticate using certificates if you build and configure tls manually. tightvnc like many others simply provide a way to conveniently tunnel the vnc connection over ssh or ssl tunnels, but the auth is not actually done using the certificates as far as i know.

if you're not to crazy about security, you most likely can work out something reasonably secure using tightvnc with ssh-only access and no password. last time i checked tls authentication was not available yet.

if you're really crazy about security, you can easily make your vnc accessible through unix sockets and tunnel to these sockets over ssh. this will also let you use different desktops for different users if required.

what is your actual goal ? are you targeting unices or windows as the server OS ?
0

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
farhan00Author Commented:
If its not possible, then that's fine. My goal was to have certificate-based authentication rather than password-based authentication. But that's fine.
0
skullnobrainsCommented:
i gave a way to achieve certificate-based auth using ssh + vnc. here is a few implementation details. if you actually need this i can give a more detailed procedure for whatever system you are using. you can achieve the same thing with stunnel quite trivially if you don't need separate certs for separate users

you can setup the tightvnc client for the hardened version using unix domain sockets
VNC_VIA_CMD="/usr/bin/ssh %G %U ~/vnc.sock"
or
VNC_VIA_CMD="/usr/bin/ssh %G %U /path/to/vnc.sock"
instead of the default
VNC_VIA_CMD="/usr/bin/ssh -f -L %L:%H:%R %G sleep 20"

and setup your vnc server(s) with sockets in each user's home directory or in a single path

security can be achieved by setting ACLs on the socket without toying with advanced tunnelling options in ssh or leaving locally open ports on the servers

authentication in then handled by ssh using cert. just leave a blanck password on the vnc server and you have a working cert-based vnc authentication

regards
0
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Networking

From novice to tech pro — start learning today.