I did set up repeater (v. 1400) in mode II and Secure plugin for Server and Viewer. Both parties are behind firewall and by using ID connection works fine. With the secure plugin I believe it is not easy for someone to connect to servers. As I understand, Repeater itself can be used by anyone. I can not limit IP-s as we never know from where the client will connect to the server which can also move around the globe. So, only thing is to have a list of ID-s, but if someone will have access to Single Click solution where ID could be found or if someone will find an acceptable ID by trial, then they could use my Repeater server. This is not a desirable. Is there a reason, the ID can not include letters to be more complex? Is there any ways to have tighter security on repeater?
Another concern is that Repeater includes a built in webserver with weak username "admin" and regular authentication mechanism. Someone could get access to it by brute force attack.
If I disable access to web gui from outside network, then I can't use UVNC Console as it starts to connect to the repeater web interface and crashes.
Perhaps someone would explain the purpose of UVNC Console. So far I found that it will show in a list my vnc connection files that are inside uvnc folder and shows them green if repeater reports they are online. Is there any other functionality?
First things that came into mind about UVNC Console is that it could show us live info about servers connected to the Repeater. So if we deploy UVNC Server to multiple machines, they will connect to the repeater and they are all visible in console. We could then just set passwords for them and voila. It would be great to have option to organize the list in console. Crreate groups for different servers and so on. But all this should probably be written to feature request topic.
Update: UltraVNC 1.4.3.6 and UltraVNC SC 1.4.3.6: https://forum.uvnc.com/viewtopic.php?t=37885
Important: Please update to latest version before to create a reply, a topic or an issue: https://forum.uvnc.com/viewtopic.php?t=37864
Join us on social networks and share our announcements:
- Website: https://uvnc.com/
- GitHub: https://github.com/ultravnc
- Mastodon: https://mastodon.social/@ultravnc
- Bluesky/AT Protocol: https://bsky.app/profile/ultravnc.bsky.social
- Facebook: https://www.facebook.com/ultravnc1
- X/Twitter: https://x.com/ultravnc1
- Reddit community: https://www.reddit.com/r/ultravnc
- OpenHub: https://openhub.net/p/ultravnc
Important: Please update to latest version before to create a reply, a topic or an issue: https://forum.uvnc.com/viewtopic.php?t=37864
Join us on social networks and share our announcements:
- Website: https://uvnc.com/
- GitHub: https://github.com/ultravnc
- Mastodon: https://mastodon.social/@ultravnc
- Bluesky/AT Protocol: https://bsky.app/profile/ultravnc.bsky.social
- Facebook: https://www.facebook.com/ultravnc1
- X/Twitter: https://x.com/ultravnc1
- Reddit community: https://www.reddit.com/r/ultravnc
- OpenHub: https://openhub.net/p/ultravnc
Repeater security concerns
- Rudi De Vos
- Admin & Developer
- Posts: 6867
- Joined: 2004-04-23 10:21
- Contact:
Re: Repeater security concerns
The console use the folder stucture as groups, to create a group create a subfolder.
The console use the .vnc files but also has a eas encrypted files to store the longer encrypted or user/passwd.
This is a one way encryption, you need to provide your ounlock password each time you start the console..
The console can see if servers are online local or via a repeater
You can make
Connect Viewer ID-ABCD:1234 WORKS
by allowing ABCD in the repeater options
The console use the .vnc files but also has a eas encrypted files to store the longer encrypted or user/passwd.
This is a one way encryption, you need to provide your ounlock password each time you start the console..
The console can see if servers are online local or via a repeater
You can make
Connect Viewer ID-ABCD:1234 WORKS
by allowing ABCD in the repeater options