我正在尝试将 SSL 与我的应用程序合并,以便它在通过 vnc 查看器访问时使用安全连接。根据日志,我认为它甚至没有通过握手阶段。
服务器配置:
pid = <location>/stunnel.pid
cert = <location>/SystemCred.pem
[websocket]
accept = <hostname>:9999
connect = 127.0.0.1:1111
我正在使用带 SSL 的 tightVNC。 前景=是 进程号 = 客户=是 调试 = 6
options = ALL
cert = /home/tweet/Desktop/cert/SystemCred.pem
#[vnc_stunnel]
#accept = localhost:5930
connect = <server_ip>:9999
复制服务器的SystemCred.pem,并在tightVNC的MyCert配置中指定。
客户端错误日志:
2016.10.04 17:22:01 LOG5[ui]: Reading configuration from file /tmp/ss_vncviewer23188.4043.MzSbol
2016.10.04 17:22:01 LOG5[ui]: UTF-8 byte order mark not detected
2016.10.04 17:22:01 LOG5[ui]: FIPS mode disabled
2016.10.04 17:22:01 LOG6[ui]: Initializing inetd mode configuration
2016.10.04 17:22:01 LOG6[ui]: Loading certificate from file: /home/tweet/Desktop/cert/SystemCred.pem
2016.10.04 17:22:01 LOG6[ui]: Certificate loaded from file: /home/tweet/Desktop/cert/SystemCred.pem
2016.10.04 17:22:01 LOG6[ui]: Loading private key from file: /home/tweet/Desktop/cert/SystemCred.pem
2016.10.04 17:22:01 LOG4[ui]: Insecure file permissions on /home/tweet/Desktop/cert/SystemCred.pem
2016.10.04 17:22:01 LOG6[ui]: Private key loaded from file: /home/tweet/Desktop/cert/SystemCred.pem
2016.10.04 17:22:01 LOG4[ui]: Service [stunnel] needs authentication to prevent MITM attacks
2016.10.04 17:22:01 LOG5[ui]: Configuration successful
2016.10.04 17:22:01 LOG5[ui]: Service [stunnel] accepted connection
2016.10.04 17:22:01 LOG6[ui]: s_connect: connecting <server_ip>:9999
2016.10.04 17:22:01 LOG5[ui]: s_connect: connected <server_ip>:9999
2016.10.04 17:22:01 LOG5[ui]: Service [stunnel] connected remote server from 10.194.6.207:46832
2016.10.04 17:22:01 LOG6[ui]: SNI: sending servername: <server_ip>
2016.10.04 17:22:01 LOG6[ui]: Certificate verification disabled
2016.10.04 17:22:01 LOG6[ui]: Certificate verification disabled
2016.10.04 17:22:01 LOG6[ui]: SSL connected: new session negotiated
2016.10.04 17:22:01 LOG6[ui]: Negotiated TLSv1.2 ciphersuite ECDHE-RSA-AES256-GCM-SHA384 (256-bit encryption)
2016.10.04 17:22:01 LOG3[ui]: SSL_read: Connection reset by peer (104)
2016.10.04 17:22:01 LOG5[ui]: Connection reset: 0 byte(s) sent to SSL, 0 byte(s) sent to socket
vncviewer: VNC server closed connection
服务器错误日志:
服务 [websocket] 接受来自 :46830
的连接
s_connect: connect 127.0.0.1:1111: 连接被拒绝 (111)
我真的卡住了,我不知道发生了什么。我是这个新手。希望你们能帮忙。
也许试试“SSH 方法”。
我遇到了类似的问题,其中的错误正是
Connection refused (111)
.
不想重启。
但是,我尝试了那种“安全”方法(对于我来说,只需遵循 archlinux wiki 页面 ~),并且工作...
注意还有一个奇怪的点是
vncserver
时,一切似乎都很好,除了 KDE 似乎不支持服务器和客户端上同时的桌面屏幕...