SecureVNC (DSM) asking for password in reverse connection

[rattkin]

My questions is as in topic. Could someone (possibly the author explain to me, what does this happen? I see some kind of inconsistency here, which I would like to understand :

• server and client without SecureVNC, regular connection - ASKS for password - which is obvious, since access is password based.
• server and client, without SecureVNC, reverse connection - DOESN'T ASK for password - which is a bit weird, but then again I can understand that with reverse connections and the server willingly initiating connecting, the user sharing screen, knows what he's doing and is responsible for it (is that the reason?)
• server and client, with SecureVNC, regular connection - ASKS for password - makes sense, connection is secure but password should still be needed (though, not necessary, if you have separate certificates, I think, this should be an option to choose on server)
• server and client, with SecureVNC, reverse connection - ASKS for password - and here's where it's weird. Why it's doing so, if it's a reverse connection, which doesn't ask for password without plugin? I understand that I can overcome this by setting whatever password and server and supply -password switch in viewer, but this doesn't feel like a "secure" workaround. I don't want the popup dialog, though. Can this be solved be some SecureVNC/UltraVNC setting?

So again, I already know the workaround, but would very much like to understand why does it work this way? Is it :

• something related to SecureVNC which is a "bug" and can be fixed
• something related to SecureVNC which and should remain this way because ...
• something related to DSM architecutre, which is a "bug" and can be fixed
• something related to DSM architecture, which was designed this way because...

For reference, I'm using 1.0.9.5 with SecureVNC embedded within (I suppose it's 2.3).

[YY]

[*] server and client, with SecureVNC, reverse connection - ASKS for password - and here's where it's weird. Why it's doing so, if it's a reverse connection, which doesn't ask for password without plugin?

In the original design, the DSMplugin handles the encryption, and the authentication is handled by UltraVNC server. And the original UltraVNC is designed not asking for the password in reverse connection.

This changes as the latest SecureVNC (2.3) also handles the the authentication. With it, you can set a passphase up to 128 characters length, and SecureVNC ALSO USE THE passphrase (or the native VNC password) to encrypt the handshake.

This is the reason why the viewer (even in reverse connection) now need to know the passphrase/password to establish the connection.

I don't want the popup dialog, though. Can this be solved be some SecureVNC/UltraVNC setting?

I don't see the present packages (UVNC 1095 + SecureVNC 2.3) having such setting, except you are willing to use the older UVNC (like 1.0.8.2), or the older SecureVNC (but there is only the 2.3 available at the official site, or you may download the UVNC 1.0.8.2 bin package, which have a SecureVNC 1.0 bundled)

[rattkin]

Ok, so this is by design. I can overcome this by supplying a password inline (it's irrelevant anyway, since the connecting person still have to possess the right key certificate), or I could force nopassword on the server, but it seems a bit overkill. SecureVNC could have an option to override the WinVNC password and allow for empty password in that dialog field.

Thanks for the answer.

[redge]

something related to SecureVNC which and should remain this way because ...

this requested many time to have password for reverse connection, so you sure you are connected to good remote computer/person

this also requested many time to have password via repeater connexion
this way, not everybody can connect to an ID without password.

anyway, if key is used, could be an option without ask password for backward compatibility for some users prefer NO password authentication.