I have a RHEL 6 system with TigerVNC installed. It is configured to only allow VNC connections through SSH. Thus, a user can only connect to VNC if they successfully establish an SSH connection to the system.
However, despite the SSH requirement, a user must still run the vncpasswd command and create a VNC password. Isn't this password redundant since an SSH tunnel is required and must already be established?
Thus, my question is: Can you disable the TigerVNC server's requirement for a VNC Password if it will only listen on an SSH tunnel? (Assuming that the password is actually redundant)
Thank You
EDIT: I have a theory. Is the reason why it is not redundant because once you SSH in, you can then VNC into any VNC user's account?
From the TigerVNC manual.
man XvncSo
-SecurityTypes Noneon the server is the correct answer to your question. I have tested it, and it does work.Running
vncserver -SecurityTypes Nonewill let users connect to the VNC session without a password even if a password is setup.It's more that SSH and VNC are separate things, and their password requirements are not related to each other. You're using SSH as the network transport, so you're authenticating on SSH (password or key, it doesn't matter).
Then you're hitting the VNC service, which has its own authentication scheme. VNC doesn't know how you connected to the box, and it doesn't know what user accounts you want to use (I've never used VNC on Linux; I assume it's connecting to the current desktop).