document/TranslateProject
2
0
Fork 0
mirror of https://github.com/LCTT/TranslateProject.git synced 2024-12-29 21:41:00 +08:00
Code Issues Packages Projects Releases Wiki Activity

Merge pull request #7407 from geekpi/master

Browse Source 
translated
This commit is contained in:
geekpi 2018-01-26 09:12:05 +08:00 committed by GitHub
commit 010d1659b8
2 changed files with 135 additions and 137 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

137
sources/tech/20171027 Easy guide to secure VNC server with TLS encryption.md
View File

@ -1,137 +0,0 @@
translating---geekpi
Easy guide to secure VNC server with TLS encryption
======
In this tutorial, we will learn to install VNC server & secure VNC server sessions with TLS encryption.
This method has been tested on CentOS 6 & 7 but should work on other versions/OS as well (RHEL, Scientific Linux etc).
**(Recommended Read:[Ultimate guide for Securing SSH sessions][1] )**
### Installing VNC server
Before we install VNC server on our machines, make sure we are have a working GUI. If GUI is not installed on our machine, we can install it by executing the following command,
```
yum groupinstall "GNOME Desktop"
```
Now we will tigervnc as our VNC server, to install it run,
```
# yum install tigervnc-server
```
Once VNC server has been installed, we will create a new user to access the server,
```
# useradd vncuser
```
& assign it a password for accessing VNC by using following command,
```
# vncpasswd vncuser
```
Now we have a little change in configuration on CentOS 6 & 7, we will first address the CentOS 6 configuration,
#### CentOS 6
Now we need to edit VNC configuration file,
```
**# vim /etc/sysconfig/vncservers**
```
& add the following lines,
```
[ …]
VNCSERVERS= "1:vncuser"
VNCSERVERARGS[1]= "-geometry 1024×768″
```
Save the file & exit. Next restart the vnc service to implement the changes,
```
# service vncserver restart
```
& enable it at boot,
```
# chkconfig vncserver on
```
#### CentOS 7
On CentOS 7, /etc/sysconfig/vncservers file has been changed to /lib/systemd/system/vncserver@.service. We will use this configuration file as reference, so create a copy of the file,
```
# cp /lib/systemd/system/vncserver@.service /etc/systemd/system/vncserver@:1.service
```
Next we will edit the file to include our created user,
```
# vim /etc/systemd/system/vncserver@:1.service
```
& edit the user on the following 2 lines,
```
ExecStart=/sbin/runuser -l vncuser -c "/usr/bin/vncserver %i"
PIDFile=/home/vncuser/.vnc/%H%i.pid
```
Save file & exit. Next restart the service & enable it at boot,
```
systemctl restart[[email protected]][2]:1.service
systemctl enable[[email protected]][2]:1.service
```
We now have our VNC server ready & can connect to it from a client machine using the IP address of VNC server. But we before we do that, we will secure our connections with TLS encryption.
### Securing the VNC session
To secure VNC server session, we will first configure the encryption method to secure VNC server sessions. We will be using TLS encryption but can also use SSL encryption. Execute the following command to start using TLS encrytption on VNC server,
```
# vncserver -SecurityTypes=VeNCrypt,TLSVnc
```
You will asked to enter a password to access VNC (if using any other user, than the above mentioned user)
![secure vnc server][4]
We can now access the server using the VNC viewer from the client machine, use the following command to start vnc viewer with secure connection,
**# vncviewer -SecurityTypes=VeNCrypt,TLSVnc 192.168.1.45:1**
here, 192.168.1.45 is the IP address of the VNC server.
![secure vnc server][6]
Enter the password & we can than access the server remotely & that too with TLS encryption.
This completes our tutorial, feel free to send your suggestions or queries using the comment box below.
--------------------------------------------------------------------------------
via: http://linuxtechlab.com/secure-vnc-server-tls-encryption/
作者:[Shusain][a]
译者:[译者ID](https://github.com/译者ID)
校对:[校对者ID](https://github.com/校对者ID)
本文由 [LCTT](https://github.com/LCTT/TranslateProject) 原创编译,[Linux中国](https://linux.cn/) 荣誉推出
[a]:http://linuxtechlab.com/author/shsuain/
[1]:http://linuxtechlab.com/ultimate-guide-to-securing-ssh-sessions/
[2]:/cdn-cgi/l/email-protection
[3]:https://i1.wp.com/linuxtechlab.com/wp-content/plugins/a3-lazy-load/assets/images/lazy_placeholder.gif?resize=642%2C241
[4]:https://i1.wp.com/linuxtechlab.com/wp-content/uploads/2017/10/secure_vnc-1.png?resize=642%2C241
[5]:https://i1.wp.com/linuxtechlab.com/wp-content/plugins/a3-lazy-load/assets/images/lazy_placeholder.gif?resize=665%2C419
[6]:https://i2.wp.com/linuxtechlab.com/wp-content/uploads/2017/10/secure_vnc-2.png?resize=665%2C419

135
translated/tech/20171027 Easy guide to secure VNC server with TLS encryption.md Normal file
View File

@ -0,0 +1,135 @@
使用 TLS 加密保护 VNC 服务器的简单指南
======
在本教程中,我们将学习使用 TLS 加密安装 VNC 服务器并保护 VNC 会话。
此方法已经在 CentOS 67 上测试过了,但是也可以在其他的版本/操作系统上运行RHEL、Scientific Linux 等)。
**(推荐阅读:[保护 SSH 会话终极指南][1]**
### 安装 VNC 服务器
在机器上安装 VNC 服务器之前,请确保我们有一个可用的 GUI。如果机器上还没有安装 GUI我们可以通过执行以下命令来安装
```
yum groupinstall "GNOME Desktop"
```
现在我们将 tigervnc 作为我们的 VNC 服务器,运行下面的命令运行:
```
# yum install tigervnc-server
```
安装完成后,我们将创建一个新的用户访问服务器:
```
# useradd vncuser
```
并使用以下命令为其分配访问 VNC 的密码:
```
# vncpasswd vncuser
```
我们在 CentOS 6&7 上配置会有一点改变,我们首先看 CentOS 6 的配置。
#### CentOS 6
现在我们需要编辑 VNC 配置文件:
```
**# vim /etc/sysconfig/vncservers**
```
并添加下面这几行:
```
[ …]
VNCSERVERS= "1:vncuser"
VNCSERVERARGS[1]= "-geometry 1024×768″
```
保存文件并退出。接下来重启 vnc 服务使改动生效:
```
# service vncserver restart
```
并在启动时启用它:
```
# chkconfig vncserver on
```
#### CentOS 7
在 CentOS 7 上,/etc/sysconfig/vncservers 已经改为 /lib/systemd/system/vncserver@.service。我们将使用这个配置文件作为参考所以创建一个文件的副本
```
# cp /lib/systemd/system/vncserver@.service /etc/systemd/system/vncserver@:1.service
```
接下来,我们将编辑文件以包含我们创建的用户:
```
# vim /etc/systemd/system/vncserver@:1.service
```
编辑下面 2 行中的用户:
```
ExecStart=/sbin/runuser -l vncuser -c "/usr/bin/vncserver %i"
PIDFile=/home/vncuser/.vnc/%H%i.pid
```
保存文件并退出。接下来重启服务并在启动时启用它:
```
systemctl restart[[email protected]][2]:1.service
systemctl enable[[email protected]][2]:1.service
```
现在我们已经设置好了 VNC 服务器,并且可以使用 VNC 服务器的 IP 地址从客户机连接到它。但是,在此之前,我们将使用 TLS 加密保护我们的连接。
### 保护 VNC 会话
要保护 VNC 会话,我们将首先配置加密方法。我们将使用 TLS 加密,但也可以使用 SSL 加密。执行以下命令在 VNC 服务器上使用 TLS 加密:
```
# vncserver -SecurityTypes=VeNCrypt,TLSVnc
```
你将被要求输入密码来访问 VNC如果使用其他用户而不是上述用户
![secure vnc server][4]
现在,我们可以使用客户机上的 VNC 浏览器访问服务器,使用以下命令以安全连接启动 vnc 浏览器:
**# vncviewer -SecurityTypes=VeNCrypt,TLSVnc 192.168.1.45:1**
这里192.168.1.45 是 VNC 服务器的 IP 地址。
![secure vnc server][6]
输入密码,我们可以远程访问服务器,并且也是 TLS 加密的。
这篇教程就完了,欢迎随时使用下面的评论栏提交你的建议或疑问。
--------------------------------------------------------------------------------
via: http://linuxtechlab.com/secure-vnc-server-tls-encryption/
作者:[Shusain][a]
译者:[geekpi](https://github.com/geekpi)
校对:[校对者ID](https://github.com/校对者ID)
本文由 [LCTT](https://github.com/LCTT/TranslateProject) 原创编译,[Linux中国](https://linux.cn/) 荣誉推出
[a]:http://linuxtechlab.com/author/shsuain/
[1]:http://linuxtechlab.com/ultimate-guide-to-securing-ssh-sessions/
[2]:/cdn-cgi/l/email-protection
[3]:https://i1.wp.com/linuxtechlab.com/wp-content/plugins/a3-lazy-load/assets/images/lazy_placeholder.gif?resize=642%2C241
[4]:https://i1.wp.com/linuxtechlab.com/wp-content/uploads/2017/10/secure_vnc-1.png?resize=642%2C241
[5]:https://i1.wp.com/linuxtechlab.com/wp-content/plugins/a3-lazy-load/assets/images/lazy_placeholder.gif?resize=665%2C419
[6]:https://i2.wp.com/linuxtechlab.com/wp-content/uploads/2017/10/secure_vnc-2.png?resize=665%2C419