Remote administration of any system should be considered a potential anonymity hazard, since it is not under the user's physical protection and could be compromised. Although counterintuitive, it is necessary to follow all relevant recommendations in the Surfing Posting Blogging chapter to stay safe:
- Beware of Keystroke and Mouse Fingerprinting.
- Beware of Stylometry.
- Beware of difficulties in paying anonymously, see Money.
At a minimum, check the connection is encrypted / authenticated, because VNC by default is unencrypted / unauthenticated. Possible methods:
- Perhaps by tunneling VNC through SSH; or
- Running VNC through a Tor Onion Service; or
- Using both SSH and an Onion Service, for stronger encryption and authentication.
- Onion Services Authentication
You might be better off using something that does not require UDP, because...
It is possible to remotely administer any operating system with GNU/Linux by using the Remmina [archive] desktop client. Remmina supports multiple network protocols, including RDP, VNC, SPICE, NX, XDMCP, SSH and EXEC.
Note there are two separate Debian packages:
remmina: the main GTK+ application.
remmina-plugins: a set of plugins to support various network protocols.
This is a wiki. Want to improve this page? Help is welcome and volunteer contributions are happily considered! Read, understand and agree to Conditions for Contributions to Whonix ™, then Edit! Edits are held for moderation.
Copyright (C) 2012 - 2019 ENCRYPTED SUPPORT LP. Whonix ™ is a trademark. Whonix ™ is a licensee [archive] of the Open Invention Network [archive]. Unless otherwise noted, the content of this page is copyrighted and licensed under the same Freedom Software license as Whonix ™ itself. (Why?)