VNC using Certificates?

Is there a version of VNC that uses certificates rather than passwords for authentication?
If so, is it free? I'd like to use X.509 certs instead of simple passwords.
Who is Participating?
skullnobrainsConnect With a Mentor Commented:
actually, there are none (at least none that i know of) that really do it directly in vnc.

many servers allow ssl connections but you can only authenticate using certificates if you build and configure tls manually. tightvnc like many others simply provide a way to conveniently tunnel the vnc connection over ssh or ssl tunnels, but the auth is not actually done using the certificates as far as i know.

if you're not to crazy about security, you most likely can work out something reasonably secure using tightvnc with ssh-only access and no password. last time i checked tls authentication was not available yet.

if you're really crazy about security, you can easily make your vnc accessible through unix sockets and tunnel to these sockets over ssh. this will also let you use different desktops for different users if required.

what is your actual goal ? are you targeting unices or windows as the server OS ?

Have a look at tightvnc which has SSL and other goodies.

The license has two flavours and is found here.

Hope this is of help.
farhan00Author Commented:
If its not possible, then that's fine. My goal was to have certificate-based authentication rather than password-based authentication. But that's fine.
i gave a way to achieve certificate-based auth using ssh + vnc. here is a few implementation details. if you actually need this i can give a more detailed procedure for whatever system you are using. you can achieve the same thing with stunnel quite trivially if you don't need separate certs for separate users

you can setup the tightvnc client for the hardened version using unix domain sockets
VNC_VIA_CMD="/usr/bin/ssh %G %U ~/vnc.sock"
VNC_VIA_CMD="/usr/bin/ssh %G %U /path/to/vnc.sock"
instead of the default
VNC_VIA_CMD="/usr/bin/ssh -f -L %L:%H:%R %G sleep 20"

and setup your vnc server(s) with sockets in each user's home directory or in a single path

security can be achieved by setting ACLs on the socket without toying with advanced tunnelling options in ssh or leaving locally open ports on the servers

authentication in then handled by ssh using cert. just leave a blanck password on the vnc server and you have a working cert-based vnc authentication

Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.