Tunneling Windows NT VNC traffic with SSH2		 =

 
Contents
Overview
Scope
Table 1: Installation VNC
Table 2: Installation SSH2D 
Table 3: Client Setup
Additional Resources
Revision History

Overview

VNC is a GUI remote access program that allows full console access. It has clients and servers covering many different architectures. VNC alone has some inherent security issues. All communication is in plain text and the authentication scheme is very weak. However, by tunneling VNC over SSH we will fix both of these problems. SSH will encrypt all information over the wire and use NT's authentication which is much stronger than VNC's. The following document outlines the steps required to do this. It is important to follow the steps exactly, as leaving out one part can have you incorrectly using straight VNC with all of its accompanying security risks.

 

 Server Installation VNC

Step
Action
1.

Download VNC from http://www.uk.research.att.com/vnc/  (This guide uses v3.3.3.r9) or from here (vnc-3.3.3r9_x86_win32.zip) and unzip.

When you unzip the file it will create two directories. One directory is "Vncviewer" is where the client executable is found. The second directory "Winvnc" is where the server software is found.

Click setup in that directory

This will install both the client and server

After VNC is installed click on the Run WinVNC (APP MODE). The following screen will pop up. Set a password (this password does not have to be a strong one SSH and NT will handle the authentication.). Close down the taskbar docked WinVNC application.

We will want to set VNC up as service that automatically starts each time the server does. To do this click on the Administrative tools icon. This will bring up the following screen.

Click on Install WinVNC service. Set the service to start automatically  in services and then start it. Set a password for the console session when prompted.

 

2.

Configuration of VNC to Allow for local connections from SSH tunnel

Open the Registry with regedt32.exe find:

HKEY_LOCAL_MACHINE\SOFTWARE\ORL\WinVNC3

Click ADD Value then type "AllowLoopback" in the value name (without the quotes) and choose data type REG_DWORD. This will bring the DWORD editor box up type "1" and leave it in hex.  Do a similar value addition with "LoopbackOnly"  and  value of  "1"

You can download vnc_loopback_key.zip when you unzip it click on the .reg file and it will add those two keys in.

This file has the following content;

REGEDIT4

[HKEY_LOCAL_MACHINE\Software\ORL\WinVNC3]
"LoopbackOnly"=dword:00000001

[HKEY_LOCAL_MACHINE\Software\ORL\WinVNC3]
"AllowLoopback"=dword:00000001

 
 

 Server Installation SSHD for NT Remote Management

I reccomend that use only one of the commerical SSHD2 packages  (SSH.COM or Van Dyke) and one of the commercial SSH2 clients (either SSH.com's Secure Shell Client or Van Dyke Technologies' SecureCRT) for remote shells and SSH2 compatible SFTP clients (either SSH.com's Secure File Transfer Client or Van Dyke Technologies' SecureFX) for file transfers.

See the www.shebeen.com/w2k for SSH install
 

 Client Setup

Step
Action
7.

Download a ssh2 Secure Shell client

8.

Install the application:

You'll need to reboot (on some systems) to get the correct settings (like path) active. Now open a cmd.exe (command window), type:

ssh2.exe -L 5901:127.0.0.1:5900 clientname@servername

This uses the following format:

ssh2.exe -L [local port]:[full name of remote host]:[remote port] [username@remote host] [some command]

 

 

This will tunnel on the serverside port 5900 to the client side localhost port number 5901. Leave the command prompt open and start VNCVIEWER.exe to view: localhost:1

If you know the VNC password you can view and control the NT Server.

 
 

Additional Resources

  • Virtual Network Computing, AT&T Laboratories, Cambridge

           http://www.uk.research.att.com/vnc/

 
 

MAJOR Revision History
Date of Change
Responsible
Summary of Change
Dec 2001 Gavin Reid Developed
     

Note: For information/questions, please contact:
Gavin Reid, gavreid@cisco.com,
2AE4 4564 2239 F93F E52A AE25 D635 8397 03AA E562