On 01/01/2014 04:06 AM, jetojedno wrote:
> I wasn’t clear enough - yes, connect through ssh through the network.
> It’s the internal connection on the local & remote computers I have an
> issue with. Once the port on localhost is created (and I could be wrong
> here - I’m not a networking expert) then anyone on the computer can
> connect to it, and anyone can listen to the traffic. I believe fifo
> files are easier to secure, and are less “visible”.
Less visible I suppose, since you could put it where only you (and ‘root’)
can see it, but either using a Unix socket or a named pipe/fifo you still
need something to actually do the networking part of all of this. Both of
these are meant for local operations only. Unix sockets (commonly used to
access things like the MariaDB/MySQL server from its client) is for
inter-process communication. FIFOs are essentially the same thing… a
way to send data from here to there within the filesystem to processes
using those FIFOs. There are no magical networking properties of these.
If you are intending to use a pipe/FIFO you need to add that part
yourself, which is the SSH portion you refer to, but SSH uses TCP sockets
for moving data between systems, and one way or another any socket you
open for your user will be visible, unless NetFilter or another firewall
prevents it, to all other users on the local system. If you bind to a
socket with an exposed (non-localhost usually) IP address then anybody on
your computer’s network, or maybe beyond depending on networking
circumstances, could also access that socket.
> I was asking if there’s a way to create a fifo on the local computer and
> connect vncviewer & ssh to it (I think I understand how to do the ssh
> bit). Similarly create a fifo on the remote computer & connect ssh
> (ditto) & Xvnc / vncserver to that. i.e. avoid ports on localhost.
> Better yet is to pipe directly between the commands.
Forget the FIFO… it’s for local stuff only so using it will only
complicate the use of SSH. What you probably want is just the SSH tunnel,
but you can probably simplify this further by using the -via option for he
vncviewer client, which by default creates an SSH connection. Assuming
you have keys setup, and the SSH agent setup, your SSH connection would be
created for your VNC connection on the fly, so nobody could abuse it until
you created it, and even then you could perhaps secure it more with NetFilter.
> Is this possible, or does the software need hacking (probably beyond
Pretty sure ‘no’ because the technologies to which you refer do not use
magic to communicate across the network; one way or another you need a
networking component, and FIFOs are filesystem components only. Combining
filesystem pieces with networking pieces (an SSH tunnel) is easy to do,
but it doesn’t add anything beyond what you have already just using SSH
unless yor program needs a FIFO instead of a TCP socket (vncviewer does
not apply here… it understands networking of course).
If you find this post helpful and are logged into the web interface,
show your appreciation and click on the star below…