Java VNC client using SSL socket interface?

classic Classic list List threaded Threaded
6 messages Options
Reply | Threaded
Open this post in threaded view
|

Java VNC client using SSL socket interface?

Eric Evans-5
To anyone on this mailing list who might have tried
this:

I´ve set up a VNC Server.  I have a web site set up to
feed the JAVA VNC client to users.  I can connect from
one to the other just fine..  It works great.

I´m looking at adding security to this link so I can
allow it out onto the internet and trust that no one
can do a man in the middle sniff of the VNC
connection.  

I looked at SSH but that only seems to work if I know
the person that will be connecting because of the key
that needs to be passed... I then looked at SSL.  I
know there are several JAVA implementations of SSL.
Even Sun themselves includes one in their SDK and
Runtime Environment packages.. (javax.net.ssl)  In the
README for the JAVA VNC client it mentions that other
SocketFactory implementations can be used.  Sun
provides javax.net.ssl.SSLSocketFactory...  It looks
as though it might be compatible with the Socket
Factory that the VNC client uses.  Unfortunately I
read a *LITTLE* JAVA but I am not very good at writing
it so I´m not really sure what I´m doing here.  Has
anyone tried to mash these two together?  What would
need to be done at the server side?  Does this even
sound like the right way to handle this situation?

The end result I´m trying for is to allow anyone to
pull up the VNC viewer on my web page and log into my
machine.  I´ve already redirected the VNC server to a
login prompt and pretty much hardened that piece of
things I just need help securing the VNC connection
across the internet.  Help please! :/

- Eric Evans



       
____________________________________________________________________________________
Sick sense of humor? Visit Yahoo! TV's
Comedy with an Edge to see what's on, when.
http://tv.yahoo.com/collections/222

-------------------------------------------------------------------------
This SF.net email is sponsored by: Microsoft
Defy all challenges. Microsoft(R) Visual Studio 2005.
http://clk.atdmt.com/MRT/go/vse0120000070mrt/direct/01/
___________________________________________________________
TightVNC mailing list, [hidden email]
To change your subscription or to UNSUBSCRIBE, please visit
https://lists.sourceforge.net/lists/listinfo/vnc-tight-list
Reply | Threaded
Open this post in threaded view
|

Re: Java VNC client using SSL socket interface?

Eric Evans-5

--- Robert Johnston <[hidden email]> wrote:

> On 9/9/07, Eric Evans <[hidden email]> wrote:
> > To anyone on this mailing list who might have
> tried
> > this:
> >
> > I´ve set up a VNC Server.  I have a web site set
> up to
> > feed the JAVA VNC client to users.  I can connect
> from
> > one to the other just fine..  It works great.
> >
> > I´m looking at adding security to this link so I
> can
> > allow it out onto the internet and trust that no
> one
> > can do a man in the middle sniff of the VNC
> > connection.
> >
> > I looked at SSH but that only seems to work if I
> know
> > the person that will be connecting because of the
> key
> > that needs to be passed... I then looked at SSL.
> I
> > know there are several JAVA implementations of
> SSL.
> > Even Sun themselves includes one in their SDK and
> > Runtime Environment packages.. (javax.net.ssl)  In
> the
> > README for the JAVA VNC client it mentions that
> other
> > SocketFactory implementations can be used.  Sun
> > provides javax.net.ssl.SSLSocketFactory...  It
> looks
> > as though it might be compatible with the Socket
> > Factory that the VNC client uses.  Unfortunately I
> > read a *LITTLE* JAVA but I am not very good at
> writing
> > it so I´m not really sure what I´m doing here.
> Has
> > anyone tried to mash these two together?  What
> would
> > need to be done at the server side?  Does this
> even
> > sound like the right way to handle this situation?
> >
> > The end result I´m trying for is to allow anyone
> to
> > pull up the VNC viewer on my web page and log into
> my
> > machine.  I´ve already redirected the VNC server
> to a
> > login prompt and pretty much hardened that piece
> of
> > things I just need help securing the VNC
> connection
> > across the internet.  Help please! :/
>
> How about using stunnel to route the traffic across
> the 'net.
> --
> Robert "Anaerin" Johnston

Agreed!  I was thinking the same thing.  The only
issue there is that I can´t load stunnel transparently
within the user´s browser.  You´ve definately got the
right idea for what I´m trying to do though.  

I´ve found users would rather completely give up on a
web site rather than download a custom plugin or other
program to access it.  I think it´s probably because
of all the viruses and back door code and such that´s
being shoved out there by dishonest people.  

Thanks much for the idea though.  It´s appreciated.

- Eric Evans



       
____________________________________________________________________________________
Be a better Globetrotter. Get better travel answers from someone who knows. Yahoo! Answers - Check it out.
http://answers.yahoo.com/dir/?link=list&sid=396545469

-------------------------------------------------------------------------
This SF.net email is sponsored by: Microsoft
Defy all challenges. Microsoft(R) Visual Studio 2005.
http://clk.atdmt.com/MRT/go/vse0120000070mrt/direct/01/
___________________________________________________________
TightVNC mailing list, [hidden email]
To change your subscription or to UNSUBSCRIBE, please visit
https://lists.sourceforge.net/lists/listinfo/vnc-tight-list
Reply | Threaded
Open this post in threaded view
|

Re: Java VNC client using SSL socket interface?

Andre Charbonneau
In reply to this post by Eric Evans-5
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Greetings,

I've done a similar thing here to implement remote access to systems
through VNC and I used JSCH, a 100% Java SSH client library.  The way it
works is that I wrote a very simply Java app that sets up a SSH tunnel
between the client system and the remote system.  Then, this java app
launches the tightvnc java viewer and connects to the remote system
through this SSH tunnel.  I deploy all this using Java WebStart, so the
user only needs a web browser and the latest Java runtime.

If this is of any interest to you, let me know and I can give you some
pointers on how it is implemented.

Regards,
        Andre

Eric Evans wrote:

> To anyone on this mailing list who might have tried
> this:
>
> I´ve set up a VNC Server.  I have a web site set up to
> feed the JAVA VNC client to users.  I can connect from
> one to the other just fine..  It works great.
>
> I´m looking at adding security to this link so I can
> allow it out onto the internet and trust that no one
> can do a man in the middle sniff of the VNC
> connection.  
>
> I looked at SSH but that only seems to work if I know
> the person that will be connecting because of the key
> that needs to be passed... I then looked at SSL.  I
> know there are several JAVA implementations of SSL.
> Even Sun themselves includes one in their SDK and
> Runtime Environment packages.. (javax.net.ssl)  In the
> README for the JAVA VNC client it mentions that other
> SocketFactory implementations can be used.  Sun
> provides javax.net.ssl.SSLSocketFactory...  It looks
> as though it might be compatible with the Socket
> Factory that the VNC client uses.  Unfortunately I
> read a *LITTLE* JAVA but I am not very good at writing
> it so I´m not really sure what I´m doing here.  Has
> anyone tried to mash these two together?  What would
> need to be done at the server side?  Does this even
> sound like the right way to handle this situation?
>
> The end result I´m trying for is to allow anyone to
> pull up the VNC viewer on my web page and log into my
> machine.  I´ve already redirected the VNC server to a
> login prompt and pretty much hardened that piece of
> things I just need help securing the VNC connection
> across the internet.  Help please! :/
>
> - Eric Evans
>
>
>
>        
> ____________________________________________________________________________________
> Sick sense of humor? Visit Yahoo! TV's
> Comedy with an Edge to see what's on, when.
> http://tv.yahoo.com/collections/222
>
> -------------------------------------------------------------------------
> This SF.net email is sponsored by: Microsoft
> Defy all challenges. Microsoft(R) Visual Studio 2005.
> http://clk.atdmt.com/MRT/go/vse0120000070mrt/direct/01/
> ___________________________________________________________
> TightVNC mailing list, [hidden email]
> To change your subscription or to UNSUBSCRIBE, please visit
> https://lists.sourceforge.net/lists/listinfo/vnc-tight-list


- --
Andre Charbonneau
100 Sussex Drive, Rm 2025
Research Computing Support, IMSB
National Research Council Canada
Ottawa, ON, Canada K1A 0R6
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.7 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org

iD8DBQFG5UzBhiehvD+v9JARAvguAJ9V8/5o+QLbCmD7cEhMzqnp/SVOGQCgxgv0
tI6r8G0MGmvFvapx/uQQCpU=
=j00B
-----END PGP SIGNATURE-----

-------------------------------------------------------------------------
This SF.net email is sponsored by: Microsoft
Defy all challenges. Microsoft(R) Visual Studio 2005.
http://clk.atdmt.com/MRT/go/vse0120000070mrt/direct/01/
___________________________________________________________
TightVNC mailing list, [hidden email]
To change your subscription or to UNSUBSCRIBE, please visit
https://lists.sourceforge.net/lists/listinfo/vnc-tight-list
Reply | Threaded
Open this post in threaded view
|

Re: Java VNC client using SSL socket interface?

Eric Evans-5
Andre,

  Yes!  I am very interested.  I´m not much of a JAVA
programmer so any help you can pass on will be greatly
appreciated.  You said this was transparent to the web
user?  It sounds like it might be.  How do you get
around the key that normally has to be passed to
secure an SSH session?  You said it only took a simple
little bit of JAVA code to connect the two..... Are
you willing to share that code with myself and the
rest of the community?  I´m sure there are others of
us out there who are trying similar tasks.  Thank you
in advance for your help... :)  

- Eric Evans


--- Andre Charbonneau
<[hidden email]> wrote:

> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
>
> Greetings,
>
> I've done a similar thing here to implement remote
> access to systems
> through VNC and I used JSCH, a 100% Java SSH client
> library.  The way it
> works is that I wrote a very simply Java app that
> sets up a SSH tunnel
> between the client system and the remote system.
> Then, this java app
> launches the tightvnc java viewer and connects to
> the remote system
> through this SSH tunnel.  I deploy all this using
> Java WebStart, so the
> user only needs a web browser and the latest Java
> runtime.
>
> If this is of any interest to you, let me know and I
> can give you some
> pointers on how it is implemented.
>
> Regards,
> Andre
>
> Eric Evans wrote:
> > To anyone on this mailing list who might have
> tried
> > this:
> >
> > I´ve set up a VNC Server.  I have a web site set
> up to
> > feed the JAVA VNC client to users.  I can connect
> from
> > one to the other just fine..  It works great.
> >
> > I´m looking at adding security to this link so I
> can
> > allow it out onto the internet and trust that no
> one
> > can do a man in the middle sniff of the VNC
> > connection.  
> >
> > I looked at SSH but that only seems to work if I
> know
> > the person that will be connecting because of the
> key
> > that needs to be passed... I then looked at SSL.
> I
> > know there are several JAVA implementations of
> SSL.
> > Even Sun themselves includes one in their SDK and
> > Runtime Environment packages.. (javax.net.ssl)  In
> the
> > README for the JAVA VNC client it mentions that
> other
> > SocketFactory implementations can be used.  Sun
> > provides javax.net.ssl.SSLSocketFactory...  It
> looks
> > as though it might be compatible with the Socket
> > Factory that the VNC client uses.  Unfortunately I
> > read a *LITTLE* JAVA but I am not very good at
> writing
> > it so I´m not really sure what I´m doing here.
> Has
> > anyone tried to mash these two together?  What
> would
> > need to be done at the server side?  Does this
> even
> > sound like the right way to handle this situation?
> >
> > The end result I´m trying for is to allow anyone
> to
> > pull up the VNC viewer on my web page and log into
> my
> > machine.  I´ve already redirected the VNC server
> to a
> > login prompt and pretty much hardened that piece
> of
> > things I just need help securing the VNC
> connection
> > across the internet.  Help please! :/
> >
> > - Eric Evans
> >
> >
> >
> >        
> >
>
____________________________________________________________________________________
> > Sick sense of humor? Visit Yahoo! TV's
> > Comedy with an Edge to see what's on, when.
> > http://tv.yahoo.com/collections/222
> >
> >
>
-------------------------------------------------------------------------
> > This SF.net email is sponsored by: Microsoft
> > Defy all challenges. Microsoft(R) Visual Studio
> 2005.
> >
>
http://clk.atdmt.com/MRT/go/vse0120000070mrt/direct/01/
> >
>
___________________________________________________________
> > TightVNC mailing list,
> [hidden email]
> > To change your subscription or to UNSUBSCRIBE,
> please visit
> >
>
https://lists.sourceforge.net/lists/listinfo/vnc-tight-list

>
>
> - --
> Andre Charbonneau
> 100 Sussex Drive, Rm 2025
> Research Computing Support, IMSB
> National Research Council Canada
> Ottawa, ON, Canada K1A 0R6
> -----BEGIN PGP SIGNATURE-----
> Version: GnuPG v1.4.7 (GNU/Linux)
> Comment: Using GnuPG with Mozilla -
> http://enigmail.mozdev.org
>
>
iD8DBQFG5UzBhiehvD+v9JARAvguAJ9V8/5o+QLbCmD7cEhMzqnp/SVOGQCgxgv0
> tI6r8G0MGmvFvapx/uQQCpU=
> =j00B
> -----END PGP SIGNATURE-----
>



       
____________________________________________________________________________________
Be a better Heartthrob. Get better relationship answers from someone who knows. Yahoo! Answers - Check it out.
http://answers.yahoo.com/dir/?link=list&sid=396545433

-------------------------------------------------------------------------
This SF.net email is sponsored by: Microsoft
Defy all challenges. Microsoft(R) Visual Studio 2005.
http://clk.atdmt.com/MRT/go/vse0120000070mrt/direct/01/
___________________________________________________________
TightVNC mailing list, [hidden email]
To change your subscription or to UNSUBSCRIBE, please visit
https://lists.sourceforge.net/lists/listinfo/vnc-tight-list
Reply | Threaded
Open this post in threaded view
|

Single interface...

Gene Buckle

Is there a way to force TightVNC to use only a single interface when
listening for a connection?  I've got a machine with three ethernet cards
in it and I need it to only look for connections on one.  I'm using
Windows 2003 R2 32 bit.

tnx!

g.


--
Proud owner of F-15C 80-0007
http://www.f15sim.com - The only one of its kind.

-------------------------------------------------------------------------
This SF.net email is sponsored by: Microsoft
Defy all challenges. Microsoft(R) Visual Studio 2005.
http://clk.atdmt.com/MRT/go/vse0120000070mrt/direct/01/
___________________________________________________________
TightVNC mailing list, [hidden email]
To change your subscription or to UNSUBSCRIBE, please visit
https://lists.sourceforge.net/lists/listinfo/vnc-tight-list
Reply | Threaded
Open this post in threaded view
|

Re: Java VNC client using SSL socket interface?

Andre Charbonneau
In reply to this post by Eric Evans-5
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Hi Eric,
Here are some pointers on how to achieve this using JSCH as a SSH library:





1. First you need to get the latest jsch library from
http://www.jcraft.com/jsch/
There are many examples in the code that shows you how to use the
library in your own java application.





2. In my application, I first connect to the remote system using the
jsch library:

// Get a JSch instance.
JSch jsch = new JSch();

// Get a JSch Session instance...
Session session = null;
session = jsch.getSession(
          "myusername",
          "remotesystem.abc.ca",
          22);

// Establish a connection to the remote system
UserInfo ui=new MyUserInfo();
session.setUserInfo(ui);
session.connect();






3. Then I send the command to start the VNC server on the remote host
through this SSH connection.

// Start a VNC server on the remote system
Channel channel = null;
InputStream in = null;
OutputStream out = null;
BufferedReader br = null;
String vncServerStartCmd = "<command to start VNC server goes here>";
channel = session.openChannel("exec");
((ChannelExec)channel).setCommand(vncServerStartCmd);

in = ((ChannelExec)channel).getExtInputStream();
out = channel.getOutputStream();
br = new BufferedReader(new InputStreamReader(in));

channel.connect();

// By parsing the output from the BufferedReader, you can extract the
display number that was assigned to the VNC server.  Using this you can
determine the remote port number that the VNC server is listening on.
int remoteVNCPort = ...



4. Then I create a SSH tunnel from my system to the VNC server on the
remote system.
// Create a SSH tunnel between this system and the remote VNC server
int assigned_port = session.setPortForwardingL(0,
        "remotesystem.abc.ca", remoteVNCPort);





5. I then start a VNC viewer (in a seperate thread actually, but I kept
the threading code out for readablity...)

//Start VNC viewer
List<String> args = new LinkedList<String>();
args.add("HOST");
args.add("127.0.0.1");
args.add("PORT");
args.add(Integer.toString(assigned_port));

VncViewer v = new VncViewer();
v.mainArgs = args.toArray(new String[0]);
v.inAnApplet = false;
v.inSeparateFrame = true;
v.init();
v.start();



This basically gives an overview of what I do in my application.  There
are some other stuff I do, such as creating a one-time password to
protect the VNC server, some threading code, error handling and other
stuff which are specific to my application, but the core ideas are shown
above and should point you in the right direction.

Another point that is important is that I needed to make some minor
modifications to the VncViewer code in order to be able to bundle the
class as part of my application.  This was needed in order to be able to
use the VncViewer class from within my application.  I will post these
changes to the mailing list eventually if anyone is interested in those.

Hope this helps,
        Andre


Eric Evans wrote:

> Andre,
>
>   Yes!  I am very interested.  I´m not much of a JAVA
> programmer so any help you can pass on will be greatly
> appreciated.  You said this was transparent to the web
> user?  It sounds like it might be.  How do you get
> around the key that normally has to be passed to
> secure an SSH session?  You said it only took a simple
> little bit of JAVA code to connect the two..... Are
> you willing to share that code with myself and the
> rest of the community?  I´m sure there are others of
> us out there who are trying similar tasks.  Thank you
> in advance for your help... :)  
>
> - Eric Evans
>
>
> --- Andre Charbonneau
> <[hidden email]> wrote:
>
> Greetings,
>
> I've done a similar thing here to implement remote
> access to systems
> through VNC and I used JSCH, a 100% Java SSH client
> library.  The way it
> works is that I wrote a very simply Java app that
> sets up a SSH tunnel
> between the client system and the remote system.
> Then, this java app
> launches the tightvnc java viewer and connects to
> the remote system
> through this SSH tunnel.  I deploy all this using
> Java WebStart, so the
> user only needs a web browser and the latest Java
> runtime.
>
> If this is of any interest to you, let me know and I
> can give you some
> pointers on how it is implemented.
>
> Regards,
> Andre
>
> Eric Evans wrote:
>>>> To anyone on this mailing list who might have
> tried
>>>> this:
>>>>
>>>> I´ve set up a VNC Server.  I have a web site set
> up to
>>>> feed the JAVA VNC client to users.  I can connect
> from
>>>> one to the other just fine..  It works great.
>>>>
>>>> I´m looking at adding security to this link so I
> can
>>>> allow it out onto the internet and trust that no
> one
>>>> can do a man in the middle sniff of the VNC
>>>> connection.  
>>>>
>>>> I looked at SSH but that only seems to work if I
> know
>>>> the person that will be connecting because of the
> key
>>>> that needs to be passed... I then looked at SSL.
> I
>>>> know there are several JAVA implementations of
> SSL.
>>>> Even Sun themselves includes one in their SDK and
>>>> Runtime Environment packages.. (javax.net.ssl)  In
> the
>>>> README for the JAVA VNC client it mentions that
> other
>>>> SocketFactory implementations can be used.  Sun
>>>> provides javax.net.ssl.SSLSocketFactory...  It
> looks
>>>> as though it might be compatible with the Socket
>>>> Factory that the VNC client uses.  Unfortunately I
>>>> read a *LITTLE* JAVA but I am not very good at
> writing
>>>> it so I´m not really sure what I´m doing here.
> Has
>>>> anyone tried to mash these two together?  What
> would
>>>> need to be done at the server side?  Does this
> even
>>>> sound like the right way to handle this situation?
>>>>
>>>> The end result I´m trying for is to allow anyone
> to
>>>> pull up the VNC viewer on my web page and log into
> my
>>>> machine.  I´ve already redirected the VNC server
> to a
>>>> login prompt and pretty much hardened that piece
> of
>>>> things I just need help securing the VNC
> connection
>>>> across the internet.  Help please! :/
>>>>
>>>> - Eric Evans
>>>>
>>>>
>>>>
>>>>        
>>>>
>> ____________________________________________________________________________________
>>>> Sick sense of humor? Visit Yahoo! TV's
>>>> Comedy with an Edge to see what's on, when.
>>>> http://tv.yahoo.com/collections/222
>>>>
>>>>
>> -------------------------------------------------------------------------
>>>> This SF.net email is sponsored by: Microsoft
>>>> Defy all challenges. Microsoft(R) Visual Studio
> 2005.
>> http://clk.atdmt.com/MRT/go/vse0120000070mrt/direct/01/
>> ___________________________________________________________
>>>> TightVNC mailing list,
> [hidden email]
>>>> To change your subscription or to UNSUBSCRIBE,
> please visit
>> https://lists.sourceforge.net/lists/listinfo/vnc-tight-list
>
>>

> ____________________________________________________________________________________
> Be a better Heartthrob. Get better relationship answers from someone who knows. Yahoo! Answers - Check it out.
> http://answers.yahoo.com/dir/?link=list&sid=396545433


- --
Andre Charbonneau
100 Sussex Drive, Rm 2025
Research Computing Support, IMSB
National Research Council Canada
Ottawa, ON, Canada K1A 0R6
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.7 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org

iD8DBQFG5vIahiehvD+v9JARAuz3AJ4g+Tplv48l+sI7aVY6bZ7wA9B0QwCbB9/+
l/2bZro6x2Cybe66jMeHWvU=
=qv65
-----END PGP SIGNATURE-----

-------------------------------------------------------------------------
This SF.net email is sponsored by: Microsoft
Defy all challenges. Microsoft(R) Visual Studio 2005.
http://clk.atdmt.com/MRT/go/vse0120000070mrt/direct/01/
___________________________________________________________
TightVNC mailing list, [hidden email]
To change your subscription or to UNSUBSCRIBE, please visit
https://lists.sourceforge.net/lists/listinfo/vnc-tight-list