Update: UltraVNC 1.4.3.6 and UltraVNC SC 1.4.3.6: https://forum.uvnc.com/viewtopic.php?t=37885
Important: Please update to latest version before to create a reply, a topic or an issue: https://forum.uvnc.com/viewtopic.php?t=37864

Join us on social networks and share our announcements:
- Website: https://uvnc.com/
- GitHub: https://github.com/ultravnc
- Mastodon: https://mastodon.social/@ultravnc
- Facebook: https://www.facebook.com/ultravnc1
- X/Twitter: https://x.com/ultravnc1
- Reddit community: https://www.reddit.com/r/ultravnc
- OpenHub: https://openhub.net/p/ultravnc

DSM multiple client connecting to multiple servers

Should you have problems with the DSM plugin, here's the place to look for help or report issues
Post Reply
sandman42
8
8
Posts: 16
Joined: 2007-05-10 14:39

DSM multiple client connecting to multiple servers

Post by sandman42 »

Hi,

I'd like to secure a system where there are three servers running UltraVNC server and two client running UltraVNC client.

One of the two client, say AdminClient is allowed to connect to all servers, while the second client, say MaintClient is allowed to connect only to Server2, but not to Server1 and Server3.

AFAIK, using DSM plugin, for every client the key is unique, so if Client1 and Client2 need both to access Server2, the must have the same rc4.key, therefore the only way to keep Client2 out of Server1 and Server3 is a different password. Am I correct?

This frightens me a little bit, because in this way Client2 can sniff the traffic between me and Client1 and 3, and eventually get the password.

My question is: is there a way to tell to server 2: use Client1's and Client2's rc4.key's?

In this way I can distribute different keys to different client and put on the server only the autorized client keys.

Thanks
UltraSam
Admin & Developer
Admin & Developer
Posts: 462
Joined: 2004-04-26 20:55
Contact:

Re: DSM multiple client connecting to multiple servers

Post by UltraSam »

For now, there's no easy way to choose the key to use on viewer side or on server side depending on the client.
Sorry...


About the password sniffing given the fact that the attacker knows the encryption key: this is not possible in an easy way
- The VNC password is never transmitted over the wire, only a challenge buffer is sent by the server to the viewer
- The attacker would have to plug himself on the fly onto the encrypted data stream which is quite hard (to get in sync)

The only possible attack would be the man in the middle attack (known VNC auth scheme vulnerability): data stream and connection interception between a viewer and a server

so if this possibility is really a concern for you I would suggest to add an additional SSH tunnel
We use OpenVPN at work to access sensitive servers to tunnelize UltraVNC(with plugin), RDP, FTP, NetBios and so on... With it, each user has his own certificate and password, and it's quite easy to configure and use.

IMHO for the regular "remote access" UltraVNC+plugin is really secure enought, even if several users share the same key file.
UltraSam
Post Reply