Linux – TigerVNC + SSH without a VNC Password

linuxpasswordrhel6sshvnc

I have a RHEL 6 system with TigerVNC installed. It is configured to only allow VNC connections through SSH. Thus, a user can only connect to VNC if they successfully establish an SSH connection to the system.

However, despite the SSH requirement, a user must still run the vncpasswd command and create a VNC password. Isn't this password redundant since an SSH tunnel is required and must already be established?

Thus, my question is:
Can you disable the TigerVNC server's requirement for a VNC Password if it will only listen on an SSH tunnel? (Assuming that the password is actually redundant)

Thank You

EDIT: I have a theory. Is the reason why it is not redundant because once you SSH in, you can then VNC into any VNC user's account?

Best Answer

It's more that SSH and VNC are separate things, and their password requirements are not related to each other. You're using SSH as the network transport, so you're authenticating on SSH (password or key, it doesn't matter).

Then you're hitting the VNC service, which has its own authentication scheme. VNC doesn't know how you connected to the box, and it doesn't know what user accounts you want to use (I've never used VNC on Linux; I assume it's connecting to the current desktop).

Related Solutions

Ssh – How to automate SSH login with password

Don't use a password. Generate a passphrase-less SSH key and push it to your VM.

If you already have an SSH key, you can skip this step… Just hit Enter for the key and both passphrases:

$ ssh-keygen -t rsa -b 2048
Generating public/private rsa key pair.
Enter file in which to save the key (/home/username/.ssh/id_rsa):
Enter passphrase (empty for no passphrase):
Enter same passphrase again:
Your identification has been saved in /home/username/.ssh/id_rsa.
Your public key has been saved in /home/username/.ssh/id_rsa.pub.

Copy your keys to the target server:

$ ssh-copy-id id@server
id@server's password:

Now try logging into the machine, with ssh 'id@server', and check-in:

.ssh/authorized_keys

Note: If you don't have .ssh dir and authorized_keys file, you need to create it first

to make sure we haven’t added extra keys that you weren’t expecting.

Finally, check to log in…

$ ssh id@server

id@server:~$

You may also want to look into using ssh-agent if you want to try keeping your keys protected with a passphrase.

SSH – Bad Owner or Permissions on ~/.ssh/config

I needed to have rw for user only permissions on config. This fixed it.

chmod 600 ~/.ssh/config

As others have noted below, it could be the file owner. (upvote them!)

chown $USER ~/.ssh/config

If your whole folder has invalid permissions here's a table of possible permissions:

Path	Permission
.ssh directory (code)	0700 (drwx------)
private keys (ex: `id_rsa`) (code)	0600 (-rw-------)
`config`	0600 (-rw-------)
public keys (*.pub ex: `id_rsa.pub`)	0644 (-rw-r--r--)
`authorized_keys` (code)	0644 (-rw-r--r--)
`known_hosts`	0644 (-rw-r--r--)

Sources:

openssh check-perm.c
openssh readconf.c
openssh ssh_user_config fix_authorized_keys_perms

Best Answer

Related Solutions

Ssh – How to automate SSH login with password

SSH – Bad Owner or Permissions on ~/.ssh/config

Related Topic