SUSE Conversations


VNC Two Factor Authentication for Remote Administration

peter6960

By: peter6960

June 28, 2013 11:17 am

Reads:617

Comments:0

Rating:5.0

Enabling two-factor authentication for Remote Administration VNC:
Require administrators to authenticate to XVnc first, before the Gnome Login is even presented.
Your Auditors will love this!

In order to secure XVnc (launched by xinetd for Remote Administration on SLES/SLED if enabled from Yast -> Network Services -> Remote Administration), the following simple recipe can be followed:

  1. Set a VNC Password

    Execute ‘vncpasswd’

    password will being truncated to 8 characters, so stick to a 8 character password.
  2. Configure xinetd

    Run:

    vi /etc/xinetd.d/vnc

    Edit line “user=” from nobody to root (or change the password file’s ownership to Nobody)

    At the end of server args enter the following: “-rfbauth /root/.vnc/passwd”
  3. Restart xinetd

    Run:

    rcxinetd restart
  4. Test by establishing a VNC session to SLESSERVERIP:1

vncpassword

If you did all the above, VNC should ask you to authenticate the session, even before getting a Gnome Login

Written for by Peter van der Walt

VN:F [1.9.22_1171]
Rating: 5.0/5 (1 vote cast)
VNC Two Factor Authentication for Remote Administration, 5.0 out of 5 based on 1 rating

Tags: ,
Categories: SUSE Linux Enterprise Desktop, SUSE Linux Enterprise Server, Technical Solutions

Disclaimer: As with everything else at SUSE Conversations, this content is definitely not supported by SUSE (so don't even think of calling Support if you try something and it blows up).  It was contributed by a community member and is published "as is." It seems to have worked for at least one person, and might work for you. But please be sure to test, test, test before you do anything drastic with it.

Comment

RSS