Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

VNC server support #74

Open
yself opened this issue Jun 28, 2020 · 3 comments
Open

VNC server support #74

yself opened this issue Jun 28, 2020 · 3 comments
Assignees
@scottyhardy
Labels
enhancement

Comments

@yself
Copy link

yself commented Jun 28, 2020

Thanks for a already great container. From what I understand, RDP does not support sharing screen with other clients. On the other hand VNC supports that and it would be great if the container also "natively" supported hosting a VNC server. It may also be a better alternative to RDP client for Linux users. I could install it as a additional layer, but I believe that it could be a useful feature for other users.
Thanks!
@scottyhardy scottyhardy self-assigned this Jun 29, 2020
@scottyhardy
Copy link
Owner

Hi @yself

Sounds like a great idea! I think I'll look at adding Guacamole support as well so that you can access via any HTML5 compatible browser.

@yself
Copy link
Author

yself commented Jun 29, 2020

Thank you very much @scottyhardy! HTML5 client would also be great. Would it be possible that the VNC server supported authentication/password, in case the container was open to interent?

@scottyhardy
Copy link
Owner

I knew there was a good reason why I went with RDP over VNC...! In terms of security, VNC is a pain. VNC authentication preference is no username and passwords truncated to 8 characters, with the plain text or obfuscated password stored in a file on the VNC server (no encryption or hashes!).

Out of TightVNC, TigerVNC and x11vnc, only X11vnc allows you to use system username/passwords as an option, but doing so turns on SSL encryption so the credentials can’t be sniffed on the network as otherwise they’re sent as plain text. SSL encryption should be a good thing, except for one tiny problem - no VNC clients support it! (except for SSVNC which was made by the same people who made x11vnc)

TigerVNC at least uses VNC’s own encryption method for transmitting auth credentials, but then all other communication is unencrypted. The only truly secure method of using VNC that any VNC client will support is by using SSH and redirecting VNC traffic along the SSH tunnel with port forwarding (painful! Although an SSH server on the container may be useful for other use cases).

Every option has it’s drawbacks, but security has always been my first concern. I’m still tossing up whether to use x11vnc or TigerVNC and making SSH the default method, with less secure options needing to be specified. Still going to take some more time for me to come up with a solution I’m happy with.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@scottyhardy scottyhardy

Labels
enhancement
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@yself @scottyhardy