Subject: VNC & SSH for Windows Solution
From: Tim Jordan (timothy_jordan@labor.state.ak.us)
Date: Fri Jan 30 2004 - 03:58:10 AKST
I need to still implement the following (if possible) for security
issues:
* Allow only SSH connections from set ip range
* Allow authentication for SSH against Windows Domain Group or ldap
goup.
If I could do the above then I wouldn't need VNC authentication and
could allow blank VNC password.
GOAL: Remote administration of windows workstation for assisting end
users using SSH for encryption & VNC for remote control.
Administrator Setup:
This site has a very easy way to setup SSH and the Vncviewer on your
admin box:
http://www.jfitz.com/vnc/
Download the VNC client with ssh tools package. Run the SSH setup.exe
and follow the instructions for setting up the ssh tools to a local
directory (%systemroot%).
BOTH SSH & VNC SERVERS NEED TO BE RUNNING AS SERVICE ON THE CLIENT
WORKSTATION.
For the client workstations I used:
SSH Sever via Cygwin setup.exe http://www.cygwin.com/
Here are the instructions for installing SSH as a server:
http://tech.erdelynet.com/cygwin-sshd.html
Install the VNC server on the target workstation:
http://www.realvnc.com/download.html
Hack the client registry to AllowLoopback, LoopbackOnly, & Authrequired:
[HKLM\SOFTWARE\ORL\WINVNC3]
"Loopbackonly"=dword:1
"AllowLoopback"=dword:1
"AuthRequired"=dword:0
Execute SSH & VNC to remote control users workstation.
Start the SSH tunnel from your admin box to the client workstation.
ssh -C -L 5900:localhost:5900 -l administrator targetworkstation
(supply the local administrator password)
Then from your admin box run vncviewer localhost:00
Thoughts?
Tim Jordan
---------
To unsubscribe, send email to <aklug-request@aklug.org>
with 'unsubscribe' in the message body.
This archive was generated by hypermail 2a23 : Fri Jan 30 2004 - 13:02:45 AKST