[mdlug] Disabling TightVNC Ubuntu 18.04
Peter Bart
peterbart.ch at gmail.com
Fri Nov 6 11:55:08 EST 2020
Hi All,
I may need help figuring out what to do with TightVNC. Long story
follows. The machine is an HP Elitedesk 804 or 70??, runs Ubuntu 18.04
and uses openconnect to connect to a corporate VPN, and then access
VMware Horizon and Amazon Workspaces remote desktops. It is my equipment
and I went thru hell several times getting it set up and keeping it
running. The standard line I kept hearing was the all to familiar "we
don't support Linux", and my answer was allways I don't care please send
me the Win instructions and I'll figure it out. Point of fact, they sent
out a blanket email to all employee's rejecting all responsibility for
all things including costs of equipment to set up remote workstation.
But also requiring remote work..........
Unbeknownst to me the powers that be may have installed TightVNC on my
machine I have set up as home office. I got a text from my user: "hey
did you install TightVNC Service? I just had a popup on screen to
restart, so I did and then noticed TightVNC was recently added". So yes
my user ignore all my harping and yes she's click happy. The corporate
response is they need this for remote access when we submit an IT
support ticket. Pfffffft f**k! Yeah right. My user does not have admin
rights, and so should not be able to sudo. Is that correct? My user is
not a member of the sudo group. Also I do not know if TightVNC install
is on Ubuntu, or one of the remote desktops. Should I even be concerned
if it's on one or more of the remote desktops? I do want to stop it if
it's on Ubuntu, and I can use console or Synaptic to get rid of it and
there are lots of instructions on how to detect and stop the TightVNC
server from running. I am not currently onsite, so all this is from memory.
The TightVNC faq at <https://tightvnc.com/faq.php#howsecure> " Although
TightVNC encrypts VNC passwords sent over the net, the rest of the
traffic is sent as is, unencrypted (for password encryption, VNC uses a
DES-encrypted challenge-response scheme, where the password is limited
by 8 characters, and the effective DES key length is 56 bits). So using
TightVNC over the Internet can be a security risk. To solve this
problem, we have plans to implement built-in encryption in future
versions of TightVNC." Because my user connects via VPN am I secure enough?
If TightVNC is installed would the client then be able to access a
console and say change sudo password? Bottom line I will not give out
access to a remote user. Never mind whether or not they use strong
passwords, they don't. I view this as a blatant eavesdropping attempt,
and given their history and lack of experience will not allow it. Any
thoughts? I will have to check once I am onsite.
--
Peter Bart
<peterbart.ch at gmail.com>
More information about the mdlug
mailing list