Enabling two-factor authentication for Remote Administration VNC:
Require administrators to authenticate to XVnc first, before the Gnome Login is even presented.
Your Auditors will love this!
In order to secure XVnc (launched by xinetd for Remote Administration on SLES/SLED if enabled from Yast -> Network Services -> Remote Administration), the following simple recipe can be followed:
- Set a VNC Password
password will being truncated to 8 characters, so stick to a 8 character password.
- Configure xinetd
Edit line “user=” from nobody to root (or change the password file’s ownership to Nobody)
At the end of server args enter the following: “-rfbauth /root/.vnc/passwd”
- Restart xinetd
- Test by establishing a VNC session to SLESSERVERIP:1
If you did all the above, VNC should ask you to authenticate the session, even before getting a Gnome Login
Written for by Peter van der Walt