Enabling two-factor authentication for Remote Administration VNC:
Require administrators to authenticate to XVnc first, before the Gnome Login is even presented.
Your Auditors will love this!

In order to secure XVnc (launched by xinetd for Remote Administration on SLES/SLED if enabled from Yast -> Network Services -> Remote Administration), the following simple recipe can be followed:

  1. Set a VNC PasswordExecute ‘vncpasswd’

    password will being truncated to 8 characters, so stick to a 8 character password.

  2. Configure xinetdRun:

    vi /etc/xinetd.d/vnc

    Edit line “user=” from nobody to root (or change the password file’s ownership to Nobody)

    At the end of server args enter the following: “-rfbauth /root/.vnc/passwd”

  3. Restart xinetdRun:

    rcxinetd restart

  4. Test by establishing a VNC session to SLESSERVERIP:1

vncpassword

If you did all the above, VNC should ask you to authenticate the session, even before getting a Gnome Login

Written for netcb by Peter van der Walt

(Visited 1 times, 1 visits today)
Tags: ,
Category: SUSE Linux Enterprise Desktop, SUSE Linux Enterprise Server, Technical Solutions
This entry was posted Friday, 28 June, 2013 at 11:17 am
You can follow any responses to this entry via RSS.

Leave a Reply

Your email address will not be published. Required fields are marked *

No comments yet