Secure passwordless VNC logins to a Citrix XenServer Debian Lenny virtual machine

Debian Lenny template, included with Citrix XenServer 5.x, is setup with Xvnc. Changes below will make the setup more secure by tunneling VNC over SSH and get rid of annoying password prompts.

1. Configure PKI certificate based SSH logins

2. Modify Xvnc so it accepts VNC connections only from localhost (I also have a iptables rule for good measure):

1
2
3
4
5
6
7
8
9
--- /etc/gdm/gdm.conf	2010-11-10 17:28:17.000000000 -0800
+++ /etc/gdm/gdm.conf	2010-11-10 17:28:54.000000000 -0800
@@ -66,5 +66,5 @@
 # in the defaults.conf file.
 [server-VNC]
 name=VNC
-command=/usr/bin/Xvnc -geometry 800x600 -PasswordFile /etc/vncpass BlacklistTimeout=0
+command=/usr/bin/Xvnc -geometry 1280x960 -securitytypes=none -localhost BlacklistTimeout=0
 flexible=true

3. Restart gdm:

/etc/init.d/gdm restart

4. To open up a VNC session to your VM, on your remote machine run:

vncviewer -via sshuser@vnchost localhost:0 &

Leave a comment

NOTE: Enclose quotes in <blockquote></blockquote>. Enclose code in <pre lang="LANG"></pre> (where LANG is one of these).