Add security via a option to *only* listen to localhost:5900 #227
Labels
duplicate
This issue or pull request already exists
Comments
|
Thanks for reporting! This is actually a dupe of #43, please subscribe there! |
elluisian
added a commit
to elluisian/droidVNC-NG-translation-binding
that referenced
this issue
Aug 21, 2024
When applied, this commit tries to implement the feature requests reported on issue bk138#43 and bk138#227. Basically, with this commit, it is possible to instruct the server to listen only on a certain address. To do this, there is a further edittext "Listening Address", which can be configured. Please note that if an invalid ip/address is set, by default, it is assumed 0.0.0.0 is requested
elluisian
added a commit
to elluisian/droidVNC-NG-translation-binding
that referenced
this issue
Aug 21, 2024
When applied, this commit tries to implement the feature requests reported on the issues bk138#43 and bk138#227. Basically, with this, it is now possible to make the server listen only on certain addresses. This increases security and allows the typical "SSH usage", that is, SSH + publickey auth + local port forwarding + VNC listening on localhost only. To achieve this: - on droidvnc-ng.c, vncServerStart was modified in order to provide a further "jstring listenIf" parameter. It uses rfbScreenInfo*'s listenInterface property. - A TableRow was added in order to allow users to input the desired address to use ("Listening Address"). - On droidvnc-ng.c, the method vncServerGetListenInterface was introduced in order to track if the server is currenctly set to listen to 0.0.0.0 or not (this is used to properly show what addresses are available to use on the UI). Please note that, if an invalid address/host is set, by default, it is assumed the address 0.0.0.0 is requested.
elluisian
added a commit
to elluisian/droidVNC-NG-translation-binding
that referenced
this issue
Aug 30, 2024
When applied, this commit tries to implement the feature requests reported on the issues bk138#43 and bk138#227. Basically, with this, it is now possible to make the server listen only on certain addresses. This increases security and allows the typical "SSH usage", that is, SSH + publickey auth + local port forwarding + VNC listening on localhost only. To achieve this: - on droidvnc-ng.c, vncServerStart was modified in order to provide a further "jstring listenIf" parameter. It uses rfbScreenInfo*'s listenInterface property. - A TableRow was added in order to allow users to input the desired address to use ("Listening Address"). - On droidvnc-ng.c, the method vncServerGetListenInterface was introduced in order to track if the server is currenctly set to listen to 0.0.0.0 or not (this is used to properly show what addresses are available to use on the UI). Please note that, if an invalid address/host is set, by default, it is assumed the address 0.0.0.0 is requested.
elluisian
added a commit
to elluisian/droidVNC-NG-translation-binding
that referenced
this issue
Sep 1, 2024
When applied, this commit tries to implement the feature requests reported on the issues bk138#43 and bk138#227. Basically, with this, it is now possible to make the server listen only on certain addresses. This increases security and allows the typical "SSH usage", that is, SSH + publickey auth + local port forwarding + VNC listening on localhost only. To achieve this: - on droidvnc-ng.c, vncServerStart was modified in order to provide a further "jstring listenIf" parameter. It uses rfbScreenInfo*'s listenInterface property. - A TableRow was added in order to allow users to input the desired address to use ("Listening Address"). - On droidvnc-ng.c, the method vncServerGetListenInterface was introduced in order to track if the server is currenctly set to listen to 0.0.0.0 or not (this is used to properly show what addresses are available to use on the UI). Please note that, if an invalid address/host is set, by default, it is assumed the address 0.0.0.0 is requested.
elluisian
added a commit
to elluisian/droidVNC-NG-translation-binding
that referenced
this issue
Sep 1, 2024
When applied, this commit tries to implement the feature requests reported on the issues bk138#43 and bk138#227. Basically, with this, it is now possible to make the server listen only on certain addresses. This increases security and allows the typical "SSH usage", that is, SSH + publickey auth + local port forwarding + VNC listening on localhost only. To achieve this: - on droidvnc-ng.c, vncServerStart was modified in order to provide a further "jstring listenIf" parameter. It uses rfbScreenInfo*'s listenInterface property. - A TableRow was added in order to allow users to input the desired address to use ("Listening Address"). - On droidvnc-ng.c, the method vncServerGetListenInterface was introduced in order to track if the server is currenctly set to listen to 0.0.0.0 or not (this is used to properly show what addresses are available to use on the UI). Please note that, if an invalid address/host is set, by default, it is assumed the address 0.0.0.0 is requested.
elluisian
added a commit
to elluisian/droidVNC-NG-translation-binding
that referenced
this issue
Sep 1, 2024
When applied, this commit tries to implement the feature requests reported on the issues bk138#43 and bk138#227. Basically, with this, it is now possible to make the server listen only on certain addresses. This increases security and allows the typical "SSH usage", that is, SSH + publickey auth + local port forwarding + VNC listening on localhost only. To achieve this: - on droidvnc-ng.c, vncServerStart was modified in order to provide a further "jstring listenIf" parameter. It uses rfbScreenInfo*'s listenInterface property. - A TableRow was added in order to allow users to input the desired address to use ("Listening Address"). - On droidvnc-ng.c, the method vncServerGetListenInterface was introduced in order to track if the server is currenctly set to listen to 0.0.0.0 or not (this is used to properly show what addresses are available to use on the UI). Please note that, if an invalid address/host is set, by default, it is assumed the address 0.0.0.0 is requested.
elluisian
added a commit
to elluisian/droidVNC-NG-translation-binding
that referenced
this issue
Sep 30, 2024
When applied, this commit tries to implement the feature requests reported on the issues bk138#43 and bk138#227. Basically, with this, it is now possible to make the server listen only on certain addresses. This increases security and allows the typical "SSH usage", that is, SSH + publickey auth + local port forwarding + VNC listening on localhost only. To achieve this: - on droidvnc-ng.c, vncServerStart was modified in order to provide a further "jstring listenIf" parameter. It uses rfbScreenInfo*'s listenInterface property. - A TableRow was added in order to allow users to input the desired address to use ("Listening Address"). - On droidvnc-ng.c, the method vncServerGetListenInterface was introduced in order to track if the server is currenctly set to listen to 0.0.0.0 or not (this is used to properly show what addresses are available to use on the UI). Please note that, if an invalid address/host is set, by default, it is assumed the address 0.0.0.0 is requested.
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Is your feature request related to a problem? Please describe.
The default listening action for droidVNC-NG is to listen on all interfaces (including localhost and external ip address). (this can be seen from termux with "netstat -lnt")
Those that have secured their systems with a ssh tunnel, will use the localhost address, but having the interface still open on the external ip address makes one vulnerable when problems like : #219 arise.
Describe the solution you'd like
A option to only listen to locahost:5900, and not listen to the external interface
Describe alternatives you've considered
In issue #93 , it seems like he is saying that he got his to listen just to 127.0.0.1:5900 via UI, so its possible this is already implemented and I'm just not understanding the UI.
Your environment (please complete the following information):
The text was updated successfully, but these errors were encountered: