Given that VNC and X11 were not developed with security in mind, what do people typically see done to remotely connect to a Linux system where a GUI is required. While SSH access alone might be preferred, often times there are requirements where a developer or administrator needs GUI access to a Linux system.
So far, I see the following solutions:
- Require VNC to be used over a secure SSH tunnel. However, I would have to rely on the dev/admin to setup a tunnel every time
- Use X11Forwarding. X11 was not designed for security, and additionally is much slower than VNC is.
- Nomachine remote desktop. I have not played around with it yet, but they purport to be a secure remote desktop solution
While many people advocate setting X11Forwarding to 'no' in the sshd_config, it seems to me that this is the most secure native alternative. However, I am more than open to ideas from the security gurus out here!