The holy grail of VNC – VNC Gateway including Java Client, fully contained in Port 443


Since I lost played around with this in the end of 2006 (for the Linux lab), Karl J Runge has actually DONE it:

The perfect solution for building a terminal server solution that will run completely over https, and without installing any client software.
It will download the client via the https connection and once the client is running the client will transfer the VNC protocol data through the same ssl connection.
From there it is quite easy to set up a nice (protected) portal page for accessing all SSH-enabled systems.
Different, but quite important from “easier” solutions like Puttylink tunneling, this “way of doing it” also means the whole session is contained in the java sandbox, which means that we’re not just a very smart smartass getting what we want no matter what corporate IT puts in our way, we’re actually even taking care we’re not violating their policy at all *and* we’re keeping them safe from client overflows etc, which would be contained in java. even the clipboard won’t work 🙂

But please note it’s still your responsibilty if you set up a gateway like this just to connect to your home box from work without being allowed to and then get fired for it.
My perspective is a quite different one, as i.e. providing el-cheapo lab access.

Here is his description:

The Holy Grail: a single https port (443)

Before we discuss the self-contained apache examples here, we want to mention that many x11vnc users who read this page and implement the apache SSL VNC portal ask for something that (so far) seems difficult or impossible to do entirely inside apache:

* A single port, 443 (the default https:// port), is open to the Internet
* It is HTTPS/SSL encrypted
* It handles both VNC traffic and Java VNC Applet downloads.
* And the server can also serve normal HTTPS webpages, CGI, etc

Link to his site:
http://www.karlrunge.com/x11vnc/ssl-single-443.html

He tends to put a lot of text in one site, so you might need to adjust to a ‘careful reading’ mode, but I envy his persistence in cracking down on this.

Advertisements

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s