TigerVNC + SSH without a VNC Password?

Question

I have a RHEL 6 system with TigerVNC installed. It is configured to only allow VNC connections through SSH. Thus, a user can only connect to VNC if they successfully establish an SSH connection to the system.

However, despite the SSH requirement, a user must still run the vncpasswd command and create a VNC password. Isn't this password redundant since an SSH tunnel is required and must already be established?

Thus, my question is: Can you disable the TigerVNC server's requirement for a VNC Password if it will only listen on an SSH tunnel? (Assuming that the password is actually redundant)

Thank You

EDIT: I have a theory. Is the reason why it is not redundant because once you SSH in, you can then VNC into any VNC user's account?

score 26 · Answer 1 · edited Jun 21 '16 at 09:14

26

From the TigerVNC manual. man Xvnc

-SecurityTypes sec-types
    Specify  which  security  schemes to use separated by commas.  At present only "None" and "VncAuth" are supported.  The default is "VncAuth" - note that if you want a server which does not require a password, you must set this parameter to "None".

So -SecurityTypes None on the server is the correct answer to your question. I have tested it, and it does work.

Running vncserver -SecurityTypes None will let users connect to the VNC session without a password even if a password is setup.

edited Jun 21 '16 at 09:14

Nathan

157
7

answered Mar 09 '14 at 17:58

CurtisLeeBolin

364
3
8

Is this for the server or the VNC client? – Phanto Jun 30 '14 at 16:22
It is for the server. – CurtisLeeBolin Jul 29 '14 at 21:42
2

This should be marked as correct answer. Running `vncserver -SecurityTypes None` will let you login to your VNC session without a password even if you have one setup. – ruslaniv Apr 09 '16 at 06:36
you might also need `TLSNone` to be sure, I'm using `-SecurityTypes None,TLSNone` – graywolf Nov 25 '16 at 08:31

score -1 · Accepted Answer · answered Apr 03 '12 at 14:57

-1

It's more that SSH and VNC are separate things, and their password requirements are not related to each other. You're using SSH as the network transport, so you're authenticating on SSH (password or key, it doesn't matter).

Then you're hitting the VNC service, which has its own authentication scheme. VNC doesn't know how you connected to the box, and it doesn't know what user accounts you want to use (I've never used VNC on Linux; I assume it's connecting to the current desktop).

answered Apr 03 '12 at 14:57

cjc

24,533
2
49
69

This is the correct answer. It looks like it can't be done, as VNC does not have the context as to how a user connected to the system. My apologizes for not marking this sooner. – Phanto Dec 09 '12 at 19:20
This does not correctly answer the question. It can be done, but you may have to use tightvnc instead to disregard a password. – d hee Feb 12 '20 at 01:35

TigerVNC + SSH without a VNC Password?

2 Answers2