Tripp Lite B092-016

To Next Page

To Previous Page

111

Chapter 6: Secure SSH Tunneling & SDT Connector

 o IfyouareconnectingasaUserinthe“users”groupthenyoucanonlySSHtunneltoHostsandSerialPorts

where you have speciﬁc access permissions

 o IfyouareconnectingasanAdministrator(inthe“admin”group)thenyoucanconnecttoanyconguredHostor

  SerialPorts(which has SDT enabled)

TosetupthesecureSSHtunnelforaHTTPbrowserconnectiontotheManagedDevicespecifyport80(ratherthanport3389

aswasusedforRDP)intheDestinationIPaddress.

TosetupthesecureSSHtunnelfromtheClient(Viewer)PCtotheConsoleServerforVNCfollowthestepsabove,however

whenconguringtheVNCportredirectionspecifyport5900intheDestinationIPaddress.

Note:HowsecureisVNC?VNCaccessgenerallyallowsaccesstoyourwholecomputer,sosecurityisveryimportant.VNC

uses a random challenge-response system to provide the basic authentication that allows you to connect to a VNC server. This

is reasonably secure and the password is not sent over the network.

However, once connected, all subsequent VNC trafﬁc is unencrypted. So a malicious user could snoop your VNC session. Also

there are VNC scanning programs available, which will scan a subnet looking for PCs which are listening on one of the ports

which VNC uses.

Tunneling VNC over a SSH connection ensures all trafﬁc is strongly encrypted. Also no VNC port is ever open to the internet, so

anyone scanning for open VNC ports will not be able to ﬁnd your computers. When tunneling VNC over a SSH connection, the

only port which you're opening on your Console Server the SDT port 22.

So sometimes it may be prudent to tunnel VNC through SSH even when the Viewer PC and the Console Server are both on the

same local network.

Tripp Lite B092-016 - Page 111