12

I have a RHEL 6 system with TigerVNC installed. It is configured to only allow VNC connections through SSH. Thus, a user can only connect to VNC if they successfully establish an SSH connection to the system.

However, despite the SSH requirement, a user must still run the vncpasswd command and create a VNC password. Isn't this password redundant since an SSH tunnel is required and must already be established?

Thus, my question is: Can you disable the TigerVNC server's requirement for a VNC Password if it will only listen on an SSH tunnel? (Assuming that the password is actually redundant)

Thank You

EDIT: I have a theory. Is the reason why it is not redundant because once you SSH in, you can then VNC into any VNC user's account?

Phanto
  • 851
  • 5
  • 16
  • 24

2 Answers2

26

From the TigerVNC manual. man Xvnc

-SecurityTypes sec-types
    Specify  which  security  schemes to use separated by commas.  At present only "None" and "VncAuth" are supported.  The default is "VncAuth" - note that if you want a server which does not require a password, you must set this parameter to "None".

So -SecurityTypes None on the server is the correct answer to your question. I have tested it, and it does work.

Running vncserver -SecurityTypes None will let users connect to the VNC session without a password even if a password is setup.

Nathan
  • 157
  • 7
CurtisLeeBolin
  • 364
  • 3
  • 8
-1

It's more that SSH and VNC are separate things, and their password requirements are not related to each other. You're using SSH as the network transport, so you're authenticating on SSH (password or key, it doesn't matter).

Then you're hitting the VNC service, which has its own authentication scheme. VNC doesn't know how you connected to the box, and it doesn't know what user accounts you want to use (I've never used VNC on Linux; I assume it's connecting to the current desktop).

cjc
  • 24,533
  • 2
  • 49
  • 69
  • This is the correct answer. It looks like it can't be done, as VNC does not have the context as to how a user connected to the system. My apologizes for not marking this sooner. – Phanto Dec 09 '12 at 19:20
  • This does not correctly answer the question. It can be done, but you may have to use tightvnc instead to disregard a password. – d hee Feb 12 '20 at 01:35