On Wed, 31 May 2006, Jordan Peacock wrote: > Yeah, I changed the shell script in ~/.vnc/xstartup to what you had...my > original was: > > #!/bin/sh > > xrdb $HOME/.Xresources > xsetroot -solid grey > x-terminal-emulator -geometry 80x24+10+10 -ls -title "$VNCDESKTOP Desktop" & > x-window-manager & > > But when I try 'vncviewer localhost:1' it hasn't changed anything; it's > the rootweave X pattern still. How do I know if it'll actually read and > run the shell script? In order to read the ~/.vnc/xstartup you have to kill the session and restart it: vncserver -kill :1 vncserver :1 That will cause the server to start with the new settings you created. The settings are used by the server. The viewer just looks at what the server is putting out. I just realized the other day that I've been reading the VNC help list for 8 years now! Here is the most important tip I've come up with in all that time: If you are using the VNC Free Edition, make sure you are either using version 4.1.2 or 4.0.x or earlier. The 4.1.0 - 4.1.1 versions have a *very* serious vulnerability that allows remote access to your session. This was just discovered on 5/11 or so. Exploits are readily available and people are scanning right now (they mostly scan port 5900 instead of 5901, and would miss you, but it only takes one script kiddie to ruin your day). This is a really bad problem, but it's the only really serious one I've seen in all these years. Another good tip is to run VNC within an SSH tunnel, which is a bit of a pain, but your security level will be much improved. Another way to deal with security is to compile VNC against libwrap.a and use /etc/hosts.deny and /etc/hosts.allow to restrict access. I actually do both but I don't bother with the SSH protection sometimes. If you don't use an SSH tunnel, it is *possible* for someone to view your session but not to control it. Password authentication is reasonably secure even without SSH: http://www.realvnc.com/faq.html#security VNC Free Edition and older VNC 3 based systems support a simple challenge-response protocol used to verify a password of up to eight characters, supplied by the connecting user. While this avoids exposing the password to attackers as would be the case with pure plaintext protocols such as telnet, the rest of the session is unencrypted and so anything typed into the viewer passes "in the clear" to the server. If you want more security and ease of management, you can try VNC Enterprise Edition or VNC Personal Edition, but you pay for those (not a lot though). Mike -- Michael B. Miller, Ph.D. Assistant Professor Division of Epidemiology and Community Health and Institute of Human Genetics University of Minnesota http://taxa.epi.umn.edu/~mbmiller/