GNOME Bugzilla – Bug 156242
option to bind to localhost only?
Last modified: 2006-10-23 10:43:22 UTC
It would be nice to have vino only bind the server port to localhost, for situations where tunneling over SSH is desired. If there is interest, I could come up with a patch to achieve this. Thanks, Hein
I'd like this option too. Implementing this is simple; the result is moderately hard to setup, but it's secure and removes the additional point of attack of the open VNC point.
I like this option, if so, then we can run force vino server only accept ssh connection. Hein, if you have a patch, do you mind to send it to me, if you don't have a patch, I can work with you on this.
Sorry I don't have a patch and currently I also don't have the time to look into this issue, but thanks for following up!
Created attachment 72507 [details] [review] localhost patch for vino here's a patch I cooked up quickly to add localhost support. a bit ugly as libvncserver is really separate from the vino source
Thanks Shaya 2006-10-12 Mark McLoughlin <mark@skynet.ie> Add a "local_only" GConf key, for people who want to exclusively use SSH tunnels to access the server. Based on patch from Shaya Potter <spotter@cs.columbia.edu> in bug #156242 * server/libvncserver/sockets.c: (rfbInitSockets): pass rfbScreen->localOnly to ListenOnTcpPort() (rfbSetLocalOnly): re-bind the socket if localOnly changes. (ListenOnTcpPort): add localOnly argument and bind with INADDR_LOOPBACK if true. * server/libvncserver/rfb/rfb.h: modify ListenOnTcpPort() prototype and add rfbSetLocalOnly() * server/libvncserver/main.c: (rfbGetScreen): init localOnly. * server/libvncserver/CHANGES: add note. * server/vino-server.schemas.in: add local_only GConf key * server/vino-prefs.c: (vino_prefs_local_only_changed), (vino_prefs_create_server), (vino_prefs_init): add handling for local_only key * server/vino-prefs.c: (vino_prefs_local_only_changed), (vino_prefs_create_server), (vino_prefs_init): add handling for local_only key * server/vino-server.[ch]: (vino_server_init_from_screen): propogate local_only to rfbScreen. (vino_server_set_property), (vino_server_get_property), (vino_server_class_init): add "local-only" property (vino_server_get_local_only), (vino_server_set_local_only): add accessors. Call rfbSetLocalOnly() if it changes.
I've logged bug #361891 to discussion how we want to change the preferences dialog
*** Bug 335229 has been marked as a duplicate of this bug. ***