Sunday, March 24, 2013

Generating and importing RSA/DSA SSH keys into bVNC Secure

Apart from being able to generate its own SSH keys in RSA and DSA format (tap the "Manage Key" button in VNC over SSH mode), versions v3.0.5 and newer of my VNC client, bVNC Secure, can import RSA/DSA keys as well. This guide will show you how such keys are generated and imported into bVNC Secure.

bVNC Secure is an Android and Blackberry Playbook/OS 10 application, available on Google Play and App World respectively. Find it on your mobile device or here:

Google Play, for devices running Android 2.2 and up, or here:

App World for BB Playbook and OS 10 devices.


Generating supported key types in a supported format:

- Encrypted RSA keys in PEM format, obtainable with the following command:
  ssh-keygen -t rsa -b 4096 -f SOMEFILE
When prompted for a pass-phrase enter one of your choice which will be needed to make use of the key when using it to connect.

- Non-encryped RSA keys in PEM format obtainable with the following command:
  ssh-keygen -t rsa -b 4096 -f SOMEFILE
When prompted for a pass-phrase, press enter (twice).

- Non-encryped RSA/DSA keys in PKCS#8 format, obtainable with:
  ssh-keygen -t dsa -b 1024 -f TEMP
  openssl pkcs8 -topk8 -nocrypt > SOMEFILE < TEMP

Importing the key stored in SOMEFILE into bVNC by:

- copying it to the "Download" directory on your smartphone or tablet
- Creating a connection of type VNC over SSH
- Tapping "Manage key"
- Typing SOMEFILE into the text field marked "Filename in Download directory"
- If your key is encrypted, entering your passphrase in the text-field marked "Passphrase"
- Tapping "Import".

Saturday, March 23, 2013

Setting up TigerVNC for secure connections to Windows with bVNC

This guide is for configuring TigerVNC on Windows for secure VNC connection using bVNC Secure/Free bVNC Secure, but is completely applicable to any VNC client that supports VeNCrypt. Only the VNC client configuration would be different.

bVNC Secure is an Android and Blackberry Playbook/OS 10 application, available on Google Play and App World respectively. Find it on your mobile device or here:

Google Play, for devices running Android 2.2 and up, or here:

App World for BB Playbook and OS 10 devices.


Setting up TigerVNC:

    - Download and install TigerVNC v1.1.0 from Sourceforge:
http://sourceforge.net/projects/tigervnc/files/tigervnc/1.1.0/TigerVNC-1.1.0.exe/download

Please note that newer versions may have stability issues (I tried v1.2.0, and it crashes all the time), so you've been warned.


    - Then, when the TigerVNC icon shows up in the task-bar (it is an eye of a tiger), right-click on it, select "Options", and configure it as shown in the screen-shot below. Note I've clicked on "Configure" to set a password.

    - Important! Since you're reading this, you must be conscious about security. Set an exactly 8-character password using no dictionary words and preferably containing numbers and punctuation and other symbols for enhanced security. Write down this password as you will need it in the last step.

Click on the screen-shot below to see the whole image:



Configuring Windows Firewall:

    - Open the Control Panel.
    - Find and open "Windows Firewall"
    - Click on the "Exceptions" tab.
    - Click on "Add Port", name the rule something like "VNC", and enter 5900 in the port, and click "OK".

Click on the screen-shot for an illustration below:



Finally, configuring bVNC:

    - Create a New Connection in bVNC.
    - Under "Connection Type", select "Secure VNC over VeNCrypt".
    - Enter the IP address of the computer where you installed TigerVNC in the "VNC Server" field.
    - Don't enter a "VNC Username"
    - Enter the password you set in the previous step into the "VNC Password" field.
    - Tap connect and you should be happily connected over an encrypted channel.


Additional notes for connecting over the Internet:

- If you need to connect to your computer over the Internet and you have a router, you need to forward a port on the router to your internal computer running TigerVNC. Do a Google search for how to forward a port on your particular router model.

- If you are connecting over the Internet, consider forwarding a non-standard external port to port 5900 of the machine running TigerVNC. This way, it will be less likely hackers will attack your TigerVNC service to try to crack your password. For example, forward a random-looking 5-digit port number like 62563 to port 5900 of the computer running TigerVNC.

- You also need to discover your external IP address (you can do a Google search for "what is my ip".

- If your external IP address changes (it is dynamic), it is also advisable to set up "Dynamic DNS" which will track your external IP address so you don't have to rediscover it when it changes.

Sunday, March 3, 2013

Chef cookbook for AutoX (like NX) with x11vnc, ssvnc, and bVNC

I've created a Chef cookbook available here:

https://github.com/iiordanov/autox-cookbook

which will automatically configure your system for AutoX (NX-like functionality) over VNC. The back-end is handled by x11vnc in combination with Xvfb or Xvnc, and for a client, use my bVNC Secure softwarre on Android/Blackberry 10, and ssvnc on Linux, Mac, and Windows.