34,333
edits
Changes
→Establishing a Secure Remote Desktop Session
== Establishing a Secure Remote Desktop Session ==
The remote desktop configurations we have explored so far in this chapter are considered to be insecure because no encryption is used. This is acceptable when the remote connection does not extend outside of an internal network protected by a firewall. When a remote session is required over an internet connection a more secure option is needed. This is achieved by tunneling the remote desktop through a secure shell (SSH) connection.
The ssh server is installed and activated by default on CentOS systems. If this is not the case on your system, refer to the chapter entitled [[Configuring CentOS Remote Access using SSH]].
The vncviewer session will prompt for a password if one is required, and then launch the VNC viewer providing secure access to your desktop environment.
If you are connecting to the remote desktop from outside the firewall keep in mind that the IP address for the ssh connection will be the external IP address provided by your ISP, not the LAN IP address of the remote system (since this IP address is not visible to those outside the firewall). You will also need to configure your firewall to forward port 22 (for the ssh connection) to the IP address of the system running the desktop. It is not necessary to forward port 5900. Steps to perform port forwarding differ between firewalls, so refer to the documentation for your firewall, router or wireless base station for details specific to your configuration.
== Establishing a Secure Remote Desktop Session from a Windows System ==
