Secure passwordless VNC logins to a Citrix XenServer Debian Lenny virtual machine
Debian Lenny template, included with Citrix XenServer 5.x, is setup with Xvnc. Changes below will make the setup more secure by tunneling VNC over SSH and get rid of annoying password prompts.
1. Configure PKI certificate based SSH logins
2. Modify Xvnc so it accepts VNC connections only from localhost (I also have a iptables rule for good measure):
--- /etc/gdm/gdm.conf 2010-11-10 17:28:17.000000000 -0800
+++ /etc/gdm/gdm.conf 2010-11-10 17:28:54.000000000 -0800
@@ -66,5 +66,5 @@
# in the defaults.conf file.
[server-VNC]
name=VNC
-command=/usr/bin/Xvnc -geometry 800x600 -PasswordFile /etc/vncpass BlacklistTimeout=0
+command=/usr/bin/Xvnc -geometry 1280x960 -securitytypes=none -localhost BlacklistTimeout=0
flexible=true
3. Restart gdm:
/etc/init.d/gdm restart
4. To open up a VNC session to your VM, on your remote machine run:
vncviewer -via sshuser@vnchost localhost:0 &
Leave a comment