How to secure VNC remote access with two-factor authentication - Page 2

Want to support HowtoForge? Become a subscriber!
 
Submitted by nowen (Contact Author) (Forums) on Mon, 2007-05-14 21:52. ::

Configuring the clients

Configuring WiKID

If you haven't already, you can download a copy of the WiKID open-source token client. The first time you launch the token client, you need to create a passphrase. Once started, select Actions and Create New Domain

Mutual Authentication Token - Add domain

Enter the 12 digit domain identifier and the public key will be sent to the WiKID server. You will be prompted for a PIN.

Mutual Authentication Token - Enter PIN

The WiKID server will store the PIN and return a registration code.

Mutual Authentication Token - reg code

At this point, the account has been created on the WiKID server, but it is not active. You can create self-service registration pages for users based on existing trusted credentials or out-of-band mechanisms, but in the case, we will manually validate the user on the WiKID server. From the WiKIDAdmin web interface, click on Users and Manually Validate A User. Click on the Registration Code and enter a user name.

Mutual Authentication Token - validate

Configuring the NX Client

While these screen shots are from Linux, the set up for Windows is very similar. Start the NX Connecition Wizard. First, create a name for the session and enter IP address or name of the SSH/NoMachine server:

Securing VNC 01

Click Next, and select VNC as the connection method:

Securing VNC 02

Enter the internally routable IP address target PC and the VNC password. Remember, this connection is between the NX server and the target VNC box - it should occur inside your firewall.

Securing VNC 03

Select "Create a short cut on the Desktop and Finish.

Securing VNC 04

Testing the Setup

Now, start the WiKID Token client, select the domain you created and enter your PIN:

Securing VNC 05

You will get a WiKID one-time passcode back:

Securing VNC 06

Enter the WiKID one-time passcode into the NX client password box:

Securing VNC 07

You will see NX connecting:

Securing VNC 08

Once authenticated, NX will launch giving you a secured, strongly authenticated VNC session.

Securing VNC 09

Security always involves trade-offs and it's never perfect. Users want all the power they have inside the firewall outside the firewall. By combining NoMachine's NX server, WiKID's two-factor authentication and VNC, you can give users remote access without sacrificing security or speed.

Links of interest:

up

Copyright © 2007 Nick Owen
All Rights Reserved.
add comment | view as pdf view as pdf | print: this | all page(s)
Please do not use the comment function to ask for help! If you need help, please use our forum.
Comments will be published after administrator approval.