Ubuntu

Vino advertises TLS, but require-encryption is false

Asked by Phssthpok

I have an old Xubuntu system which I administer remotely from a Windows machine using UltraVNC. This doesn't support encryption, but since it's on a local net this is acceptable, and it has worked fine for years.

I have just installed Xubuntu 20.04 on a new machine, and have installed Vino from the repository and configured it using gsettings to the same values as on my old system. The settings are as follows:

org.gnome.Vino prompt-enabled false
org.gnome.Vino require-encryption false
org.gnome.Vino use-alternative-port false
org.gnome.Vino disable-background false
org.gnome.Vino disable-xdamage false
org.gnome.Vino alternative-port uint16 5900
org.gnome.Vino icon-visibility 'client'
org.gnome.Vino authentication-methods ['vnc']
org.gnome.Vino network-interface ''
org.gnome.Vino notify-on-connect true
org.gnome.Vino mailto ''
org.gnome.Vino lock-screen-on-disconnect false
org.gnome.Vino use-upnp false
org.gnome.Vino vnc-password 'xxxxxxxxxx=='
org.gnome.Vino view-only false

When I start the server, this is what I see:

10/06/2020 20:25:40 WARNING: Width (1366) is not a multiple of 4. VncViewer has problems with that.
10/06/2020 20:25:40 Autoprobing TCP port in (all) network interface
10/06/2020 20:25:40 Listening IPv6://[::]:5900
10/06/2020 20:25:40 Listening IPv4://0.0.0.0:5900
10/06/2020 20:25:40 Autoprobing selected port 5900
10/06/2020 20:25:40 Advertising security type: 'TLS' (18)
10/06/2020 20:25:40 Re-binding socket to listen for VNC connections on TCP port 5900 in (all) interface
10/06/2020 20:25:40 Listening IPv6://[::]:5900
10/06/2020 20:25:40 Listening IPv4://0.0.0.0:5900
10/06/2020 20:25:40 Clearing securityTypes
10/06/2020 20:25:40 Advertising security type: 'TLS' (18)
10/06/2020 20:25:40 Clearing securityTypes
10/06/2020 20:25:40 Advertising security type: 'TLS' (18)
10/06/2020 20:25:40 Advertising authentication type: 'No Authentication' (1)
10/06/2020 20:25:40 Re-binding socket to listen for VNC connections on TCP port 5900 in (all) interface
10/06/2020 20:25:40 Listening IPv6://[::]:5900
10/06/2020 20:25:40 Listening IPv4://0.0.0.0:5900
10/06/2020 20:25:40 Clearing securityTypes
10/06/2020 20:25:40 Clearing authTypes
10/06/2020 20:25:40 Advertising security type: 'TLS' (18)
10/06/2020 20:25:40 Advertising authentication type: 'VNC Authentication' (2)
10/06/2020 20:28:21 [IPv4] Got connection from client xxx
10/06/2020 20:28:21 other clients:
10/06/2020 20:28:21 WARNING: New width (1366) is not a multiple of 4.
10/06/2020 20:28:21 Client Protocol Version 3.4
10/06/2020 20:28:21 Ignoring minor version mismatch
10/06/2020 20:28:21 rfbClientConnFailed("No security type suitable for RFB 3.3 supported")
10/06/2020 20:28:21 Client xxx gone

Note that it says "Advertising security type: 'TLS' (18)" even though I have set "org.gnome.Vino require-encryption" to false. And as a result, I can't connect from my Windows box.

Can anyone tell me what to do to fix this?

Question information

Language:
English Edit question
Status:
Solved
For:
Ubuntu Edit question
Assignee:
No assignee Edit question
Solved by:
Phssthpok
Solved:
Last query:
Last reply:
Revision history for this message
actionparsnip (andrew-woodhead666) said : 		#1

What are you doing on the remote system once you connect using Vino? What is the purpose of the connection? There may be a sleeker solution to what you are trying to do

Revision history for this message
Phssthpok (phssthpok) said : 		#2

I want to be able to manage my Linux server from my Windows laptop the same way I have been doing with Vino for the last ten years or so.

Revision history for this message
Phssthpok (phssthpok) said : 		#3

That is, I want to be able to start up and shut down server software, copy files around, install and remove packages...

Revision history for this message
actionparsnip (andrew-woodhead666) said : 		#4

You can install and remove packages using apt-get using SSH.
You can start and shutdown server software in a terminal too.
If you install 3rd party applications you can connect to SFTP and move your files around using a client system. No need for the desktop here
Are you VNCing to the server then opening a terminal to do all of this, by any chance?

Revision history for this message
Phssthpok (phssthpok) said : 		#5

Hmm, well, thanks for the no doubt well-intentioned advice, but it's a bit like telling someone who's asking how to fix their car that they don't really need a car, since they can make the same journeys with a combination of buses and trains and bicycles. I'm well aware of the alternatives, but I'd just like to get Vino working as it has done for me for the last decade or so.

Revision history for this message
actionparsnip (andrew-woodhead666) said : 		#6

Just giving you a work around until you can get it resolved.....

Revision history for this message
actionparsnip (andrew-woodhead666) said : 		#7

Do other VNC clients work OK?

You didn't answer the question. Are you opening a terminal when you are on the remote system system to do what you are doing?

Revision history for this message
Phssthpok (phssthpok) said : 		#8

No, I can't find any VNC clients on Windows that support TLS.

I often open terminal windows to do things, but not exclusively. I've been using vi since the 1980s, for example, but I quite like to use GUI editors these days. And GUI config tools like dconf instead of trying to remember all the magic spells.

However, that isn't really the point here.

I'm also trying RealVNC, but the "vncconfig" tool that the RealVNC docs talk about is missing from the distro, several config parameters that the docs mention don't seem to exist and I haven't managed to hand-configure it.

Vino used to just work, without any fuss at all. Sigh.

Revision history for this message
actionparsnip (andrew-woodhead666) said : 		#9

Then I suggest you report a bug.

It sounds like you have chosen a GUI tool without thinking about what you are going to do with the remote connection. The usual "it's remote access so I need the desktop". You can even run dconf-editor using X forwarding to something like xming on Windows.

Revision history for this message
Phssthpok (phssthpok) said : 		#10

OK, I'll do that.

And yes, I can do this, and I can do that, but I do things the way that I find comfortable. Telling me I should use a bicycle instead of a car doesn't help me get my car fixed, sorry.

Revision history for this message
actionparsnip (andrew-woodhead666) said : 		#11

If the connection doesn't work there may be a bug with the package. At least you have a work around for now...

Revision history for this message
Phssthpok (phssthpok) said : 		#12

I have an even better workaround: sudo apt-get install tigervnc-scraping-server.

My car still isn't fixed, but now I have another car instead of a collection of bicycles.

Meanwhile I'll wait and see what happens as the result of my bug report. Or if anyone has an answer to my actual question (see top of page), I'd be very interested to hear it.

Revision history for this message
actionparsnip (andrew-woodhead666) said : 		#13

I think you are underestimating the power of SSH

Revision history for this message
Phssthpok (phssthpok) said : 		#14

Do you have actually have any answer to the original question, or do you just like the sound of your own voice droning on about the way you like to do things?

Revision history for this message
actionparsnip (andrew-woodhead666) said : 		#15

Let's see how the bug goes. If someone was hammering a nail using the end of a screwdriver, wouldn't you suggest a hammer as a better tool?

Pathetic attitude. Enjoy.

Revision history for this message
Phssthpok (phssthpok) said : 		#16

You keep trying to persuade me to use a screwdriver as a hammer, when I've already told you I've got another hammer. Give it a rest, I'm not interested. I've tried to stay polite so far, but it's getting harder and harder.

Revision history for this message
Bernard Stafford (bernard010) said : 		#17

This may offer a solution: https://askubuntu.com/questions/4474/enable-remote-vnc-from-the-commandline
Some documentation that might help out: https://help.ubuntu.com/community/VNC/Servers#vino
TLS is an encrypted link. May try using Firefox web browser activate HTTPS over DNS within the Firefox settings.
That may help on your Windows platform.

Revision history for this message
Phssthpok (phssthpok) said : 		#18

No, sorry, this doesn't do it. However, although I'd still like to know why Vino insists on TLS even though I've told it not to use encrypted connections, the urgency has gone out of it since I'm now using x0tigervncserver instead of Vino. In parallel, I'm also searching (non-urgently) for a Windows client that can do TLS.

Revision history for this message
Bernard Stafford (bernard010) said : 		#19

Another idea is to install Wubi Ubuntu 20,04 within windows. You would have to disable secure boot in windows BIOS.
https://github.com/hakuna-m/wubiuefi/releases/tag/2004r339-2
It is easy to uninstall within windows.

Revision history for this message
Phssthpok (phssthpok) said : 		#20

Yes, well, as I said, I found a solution that works for me already without any drastic modifications -- x0vncserver does exactly the job that I wanted Vino for. However, I'd still like to know how to get Vino to work as expected, purely from curiosity.

Revision history for this message
Bernard Stafford (bernard010) said : 		#21

That could be due to (one) of the other 161 bug reports that are posted for the vino program.
Some of the reports are Critical New bug reports.

Revision history for this message
Phssthpok (phssthpok) said : 		#22

Wow, that's an impressive number. Five or six years ago I installed it and it just worked. Seems they've "improved" it out of all recognition since then. So, I won't hold my breath...