Several of our users access a group of Linux servers via VNC and recently have decided they'd like to share their session with other users doing the same type of work. Being that they don't really care about security, only functionality, their first approach was to use a single password across the entire department. That's perhaps not the most desirable approach given that the department includes managers with access to secure data and systems. I'm trying to find out if there's a way to share a single session between two users without having to share the same password, even view-only access would be acceptable.
The VNC server in use is xtightvnc-server and tigervnc-server on CentOS and Fedora, respectively. The clients connecting typically use UltraVNC from Windows 7.
Thanks.
Best Answer
Allow VNC from the local host only with no authentication. Require that the users establish an SSH session with port forwarding to access the session.
SSH will provide your authentication/authorization. You might even be able to add an iptables rule using the -uid option to limit which users can access the VNC ports on 127.0.0.1 and log the uid of the users that accessed the service.