User profile for user: yethish
yethish Author
User level: Level 1
8 points

VNC Server Unencrypted Communication Detection on Mac Mini's

Our internal security scan reports are showing "VNC Server Unencrypted Communication Detection" for Mac Mini servers.


Setting done in the server.

  1. Preferences -> Sharing -> Remote Login (Checked) -> Allow access for (only these users)

-> Administrator, localuser



2 Preferences -> Sharing -> Remote Management (Checked) -> Allow access for (only these users)

-> localuser



Following is the suggestion provided to enable encryption. But it does not seem to be resolving the issue !

```

Enable encryption settings for the service.


Some VNC services do not provide encryption options. In this case, tunnel all VNC sessions through cryptography software such as SSH or IPSec.


The following links provide examples of setting up a tunnel: 

http://www.cyberciti.biz/tips/tunneling-vnc-connections-over-ssh-howto.html

http://www.science.smith.edu/~ejensen/vncssh.html

```

Mac minis are connected only through Screen sharing only.

Please suggest how to resolve the issue ?

Posted on Oct 29, 2019 5:42 AM

Reply
Question marked as ⚠️ Top-ranking reply
User profile for user: Marco Klobas
Marco Klobas
User level: Level 6
8,315 points

Posted on Oct 30, 2019 12:55 AM

In order to have a VNC encrypted connection, an SSH tunneling is required (as described in the links you provided). In my case I usually type this command in client's terminal:


ssh -C -L 8000:127.0.0.1:5900 username@your-external-IP-address


Where username and your-external-IP-address (or domain if you have one) are the ones belonging to the machine you're trying to connect to.


While keeping the terminal open and running, a VNC sessions is then started with vnc://127.0.0.1:8000 in Finder -> Go -> Connect to Server...


Another option is to set a VPN and connect via VNC through a local IP.


Regardless of the solution chosen, your internal security scan will still report that a potential unencrypted VNC communication is available because the machine will still "listen" for a plain VNC connection.

View in context

Similar questions

3 replies
Sort By: 
Question marked as ⚠️ Top-ranking reply
User profile for user: Marco Klobas
Marco Klobas
User level: Level 6
8,315 points

Oct 30, 2019 12:55 AM in response to yethish

In order to have a VNC encrypted connection, an SSH tunneling is required (as described in the links you provided). In my case I usually type this command in client's terminal:


ssh -C -L 8000:127.0.0.1:5900 username@your-external-IP-address


Where username and your-external-IP-address (or domain if you have one) are the ones belonging to the machine you're trying to connect to.


While keeping the terminal open and running, a VNC sessions is then started with vnc://127.0.0.1:8000 in Finder -> Go -> Connect to Server...


Another option is to set a VPN and connect via VNC through a local IP.


Regardless of the solution chosen, your internal security scan will still report that a potential unencrypted VNC communication is available because the machine will still "listen" for a plain VNC connection.

Reply
User profile for user: yethish
yethish Author
User level: Level 1
8 points

Oct 30, 2019 9:10 AM in response to Marco Klobas

Thanks for your suggestion Marco.

I tried 

ssh -C -L 8000:127.0.0.1:5900 username@your-external-IP-address


Still the scan reports shows 

VNC Server Unencrypted Communication Detection


Is there any other alternatives to remote connect MAC server through GUI in encrypted form ?

Reply
User profile for user: Marco Klobas
Marco Klobas
User level: Level 6
8,315 points

Oct 30, 2019 9:22 AM in response to yethish

If you start a VNC session (or any other protocol like AFP, SMB...) tunneled through SSH, then it will be encrypted.


As said an alternative is to implement a VPN.


Otherwise there're apps like Remotix or Screens which simplify the process (no terminal involved) or web services like LogMeIn.


I don't know why you get the "VNC Server Unencrypted Communication Detection" alert.

Reply

This thread has been closed by the system or the community team. You may vote for any posts you find helpful, or search the Community for additional answers.

VNC Server Unencrypted Communication Detection on Mac Mini's

Welcome to Apple Support Community
A forum where Apple customers help each other with their products. Get started with your Apple Account.
Learn more Sign up