Question
What are the best practices for implementing Partial Encryption, to encrypt just the input devices (mouse/keyboard, etc), not the actual video display, during remote desktop sessions using X, RDP, or (more importantly in our environment) Wayland?
Context
- Multiple Computers, and Devices, (Phones, Tablets, etc), with X Servers and X Clients, (Wayland and RDP too)
- Internet VPN connections utilizing IPSec
- Some local IPSec implemented in the local LAN, (some connections are just transparent GB Ethernet in the server room, developer's private LANs in their offices, etc)
- Wireless Access Points with WPA2 - AES/TKIP
- Full SSH Deployment
Encrypting the entirety of each session, including Video Display, is overly redundant for us and consumes significant bandwidth.
Export
ing X through SSH tunnels adds another layer of encryption that is unnecessary for us, though added keyboard and mouse encryption is desirable.
Clarification: Setting aside the potential risks, (assuming they are acceptable risks), what are the possibilities to encrypt just the keyboard / mouse data?