Posts: 522 from 2003/2/24
From: finland, the l...
The original VNC protocol never specified any encryption. The existing attempts to add security by bolting a TLS to the protocol have had massive security flaws in them, or other bugs making them impractical in securing VNC.
RealVNC introduced "RFB 5" protocol that is (probably) doing cryptography right, but it is proprietary and RealVNC only.
Even today many VNC server and client implementations only support using SSH or VPN tunnels to secure the connection. Using SSH tunnel is what I'd recommend, even though it is not very convenient. Since we currently have no SSH daemon, it'll have to be a reverse tunnel originating from the MorphOS system. To create the tunnel, use:
ssh -N -R 25900:localhost:5900 user@server
The tunnel will be enabled for as long as you have the SSH command running. To shut down the tunnel CTRL-C the ssh command.
While the tunnel is up you can securely connect to the MorphOS VNCServer *from* the server by pointing the VNC client at the server localhost port 25900.
If the server is to be used as a proxy, another secure means to do that (such as TLS tunnel, VPN or 2nd SSH tunnel needs to be arranged to allow connecting to the proxy host port 25900. The specifics of such arrangement are beyond the scope of this post.