Mining access to VNC secure tunneling-vulnerability warning-the black bar safety net

ID MYHACK58:6220066438
Type myhack58
Reporter 佚名
Modified 2006-01-17T00:00:00


I believe many readers like to use Telnet on the server for remote access, use the Telnet server and the client may also vary, may be Microsoft's Terminal Services or PCAnywhere, etc., I believe most of the users still prefer to VNC this free lunch. But you use VNC at the same time there is no worry about your password to connect or interactive operation is the people listening to steal? The author today to introduce is a secure remote VNC access to the programme, hoping to help readers solve the worries. This program will use SSH as a VNC connection secure tunnel, since the OpenSSH and VNC under Linux the configuration is relatively simple, the author of this article focuses on the Windows version of the configuration process. OK,cut the crap, let's start digging our tunnel.

OpenSSH for Windows description OpenSSH is under Windows A Free the small the OpenSSH server and client tools package. It will allow Windows provides OpenSSH services for SSH/SCP/SFTP and other security operations Its home page is http://SSHWindows. sourceforge. net/

SSH Server installation First from the official website to download the latest version of the SSHWindows it. SSHWindows installed as other Windows software installation as simple as click Next to complete the installation. The installation process is nothing special, generally choose the default option. If your computer before you installed cygwin and the version of the old to the SSHWindows included, the system will pop-up asking you whether you continue the installation, click”yes”to upgrade.

SSHWindows in the installation process will automatically create a public key, you will see the pop-up Windows command-line is to generate the key. The final tip before you start the OpenSSH service before, you must first edit C:\Program Files\OpenSSH\etc\passwd in. If you do not complete this step you will not be able to login to the SSH server. Click ok to complete the installation. To login to OpenSSH,of course, need to create the appropriate authorized account, and these accounts must also exist in the first Windows in order to SSH server import. Under Windows how to create a new user, here I will not say more. Really need to readers, please call the Microsoft Help Center. First open the Windows command line, in the【Start】--【Run】to enter”cmd”enter, switch to the OpenSSH installation directory under the bin directory, assuming you herein, such as the OpenSSH install to the C:\Program Files, the command is as follows cd "C:\Program Files\OpenSSH\bin" First import the local group and the Domain Users group mkgroup-l >> ..\etc\group (local user group) mkgroup-d >> ..\etc\group (Domain Users group) Then create a user password file. This file will contain all the authorization to login the SSH Server of the user. If you only want to join for individual users please use the - u parameter, if you want to join all of the Windows System User, then this parameter is omitted, note that doing this will take the system some of the services account, guest account, etc. be added. And mkgroup, like,-l with - d parameter allows you to choose to join the type of user is local or domain user. Also in the bin directory, we have to add new local user becks with a domain user jinni as an example.

mkpasswd-l-u becks >> ..\etc\passwd mkpasswd-d-u jinni >> ..\etc\passwd

By using WordPad to open C:\Program Files\OpenSSH\etc\passwd this file check is successful the import account. If necessary you can also modify the C:\Program Files\OpenSSH\etc\SSHd_config to configure the SSH Server,generally in accordance with the system default configuration, the following is the author's SSHd_config ============== File Begin Here============== Port 2 2

Protocol 2,1

Protocol 2


ListenAddress ::

HostKey for protocol version 1

HostKey /etc/SSH/SSH_host_key

HostKeys for protocol version 2

HostKey /etc/SSH/SSH_host_rsa_key

HostKey /etc/SSH/SSH_host_dsa_key

Lifetime and size of ephemeral version 1 server key

KeyRegenerationInterval 1h

ServerKeyBits 7 6 8


obsoletes QuietMode and FascistLogging

SyslogFacility AUTH

LogLevel INFO


LoginGraceTime 2m

PermitRootLogin no

The following setting overrides permission checks on host key files

and directories. For security reasons set this to "yes" when running

NT/W2K, NTFS and CYGWIN=ntsec.

StrictModes yes

RSAAuthentication no

PubkeyAuthentication yes

AuthorizedKeysFile . SSH/authorized_keys

For this to work you will also need host keys in /etc/SSH/SSH_known_hosts

RhostsRSAAuthentication no

similar for protocol version 2

Useful no

Change to yes if you don't trust ~/. SSH/known_hosts for

RhostsRSAAuthentication and Useful

IgnoreUserKnownHosts yes

Don't read the user's ~/. rhosts and ~/. shosts files

IgnoreRhosts yes

To disable tunneled clear text passwords, change to no here!

Password Authentication yes

PermitEmptyPasswords no

Change to no to disable s/key passwords

ChallengeResponseAuthentication yes

Kerberos options

KerberosAuthentication no

KerberosOrLocalPasswd yes

KerberosTicketCleanup yes

GSSAPI options

GSSAPIAuthentication no

GSSAPICleanupCreds yes

Set this to 'yes' to enable PAM authentication (via challenge-response)

and session processing. Depending on your PAM configuration, this may

bypass the setting of 'Password Authentication'

UsePAM yes

AllowTcpForwarding yes

GatewayPorts no

X11Forwarding no

X11DisplayOffset 1 0

X11UseLocalhost yes

PrintMotd yes

PrintLastLog yes

KeepAlive yes

UseLogin no

UsePrivilegeSeparation no

PermitUserEnvironment no

Compression yes

ClientAliveInterval 0

ClientAliveCountMax 3

The usedns yes

PidFile /var/run/SSHd. pid

MaxStartups 1 0:3 0:6 0

default banner path

Banner /etc/banner.txt

override default of no subsystems

Subsystem sftp /usr/sbin/sftp-server

============= File End Here============== After the configuration is complete save, at the command line, start the OpenSSH,the start command: Net Start openSSHd. in: Stop: Net Stop openSSHd on. Can also be directly in the [service]. Start, Run, input services. msc, open the Services console, find the openSSH service, right click-Properties will be able to start and stop the service operation.In order to test whether the successful launch, we can use telnet to test the connection of local 2 2 port for the SSH service default port, use the following command to test. telnet localhost 2 2 If you see the following information showing success: SSH-2.0-OpenSSH_3. 8. 1p1。

The client connection Now use an SSH client, the author here to recommend the use of putty this small yet powerful SSH Client. Enter OpenSSH in the IP, click on open to connect. The first connection will appear whether to accept the remote host's public key prompt, click yes to continue. Then enter the username and password to login, where the login banner information by editing the server on the OpenSSH installation directory under etc/banner. txt to be modified. After a successful login, we can be like the previous telnet remote Windows host like remote maintenance, of course, the biggest difference is where we are now with the Inter-server communication is encrypted.

OK. The OpenSSH service settings Well, now we install the VNC. Since the Vnc installation process is simple, the author here is not to charge the ink. It is worth noting that, at the end of the installation before, you need to set the login for the VNC Server password. After the installation, the system will automatically VNC service. So much to do warm-up exercises, the next is the most critical step, the author will be to introduce the reader how to through putty+VNCviewer secure connection to a remote VNC Server. First, configure Putty, enter the remote running VNC service in the SSH Server's IP, in the left tree menu, select SSH—tunnel the new add a channel. In the source port at the input 5 9 0 0, destination enter 9 0 0, click the add increase.

If you frequently connect can save this session configuration. Click open to connect, enter the user name and password to login to the SSH Server. At this time the only thing we have to do is open VNCviewer, enter 1 2 7. 0. 0. 1 to connect, the VNC require us to type the password, input the previously set connection password. Ok, the remote server screen view, then you can be assured of operation, you are now the VNC connection is through we tap the SSH secure tunnel.

By OpenSSH, we can also use the secure Ftp function, space constraints, the author here is not to add more description, make the reader self-study.