VPN Security

Hi, I have just installed OSXVNC on my Mac and have tested it from linux through my local wireless network and through the internet, so am pretty sure it is working OK.

My question regards the security of using VNC - my password for access is very long and is random, so should be hard to crack. Am I right that the only danger is at the initial stage when the passwords are being exchanged because they are sent unencrypted?

If I were to access VNC via SSH, is it right that the only increase in security is the encryption of passwords provided by SSH? I suppose my question is, if it were up to you, would you bother setting up the SSH access or take your chances with just the VNC server directly?

Thanks for your time…


Thats a fine question Kitteridge.

Actually the password handshaking at the beginning is done in a secure way so that the password is never actually sent along the network, so your VNC login information is kept relatively secure - in this way VNC is not nearly the kind of security risk that some people fear it is.

However, the thing you need to be aware of is that all the VNC communication itself is unencrypted. So any thing you type (like say filling out a Mac OS X authentication panel) could easily be read and your screen image could be viewed by an “eavsdropper”.

The advantage to SSH is that ALL traffic to the VNC server (including the initial authentication and everything after that) is done in an encrypted way so that you can be sure that all communication between your VNC client and VNC server is done privately.

Personally, because SSH is already installed on every Mac OS X system and it’s so easy to turn on, I don’t expose VNC to the public internet and always go through SSH.