VNC Two Factor Authentication for Remote Administration


By: peter6960

June 28, 2013 11:17 am





Enabling two-factor authentication for Remote Administration VNC:
Require administrators to authenticate to XVnc first, before the Gnome Login is even presented.
Your Auditors will love this!

In order to secure XVnc (launched by xinetd for Remote Administration on SLES/SLED if enabled from Yast -> Network Services -> Remote Administration), the following simple recipe can be followed:

  1. Set a VNC Password

    Execute ‘vncpasswd’

    password will being truncated to 8 characters, so stick to a 8 character password.
  2. Configure xinetd


    vi /etc/xinetd.d/vnc

    Edit line “user=” from nobody to root (or change the password file’s ownership to Nobody)

    At the end of server args enter the following: “-rfbauth /root/.vnc/passwd”
  3. Restart xinetd


    rcxinetd restart
  4. Test by establishing a VNC session to SLESSERVERIP:1


If you did all the above, VNC should ask you to authenticate the session, even before getting a Gnome Login

Written for by Peter van der Walt

1 vote, average: 5.00 out of 51 vote, average: 5.00 out of 51 vote, average: 5.00 out of 51 vote, average: 5.00 out of 51 vote, average: 5.00 out of 5 (1 votes, average: 5.00 out of 5)
You need to be a registered member to rate this post.

Tags: ,
Categories: SUSE Linux Enterprise Desktop, SUSE Linux Enterprise Server, Technical Solutions

Disclaimer: As with everything else in the SUSE Blog, this content is definitely not supported by SUSE (so don't even think of calling Support if you try something and it blows up).  It was contributed by a community member and is published "as is." It seems to have worked for at least one person, and might work for you. But please be sure to test, test, test before you do anything drastic with it.