Help - VNC Server - Ubuntu focal 20.04 AWS S3

I'm coming to you because I have a problem with TightVNC installed on ubuntu (under AWS S3). From one day to the next, I can no longer log in and display my virtual machine. The connection can't be established.

My version of ubuntu :

lsb_release -a
No LSB modules are available.
Distributor ID: Ubuntu
Description:    Ubuntu 20.04.2 LTS
Release:        20.04
Codename:       focal

My version of Tightvncserver:

sudo apt-cache show tightvncserver
Package: tightvncserver
Architecture: amd64
Version: 1.3.10-0ubuntu5
Priority: optional
Section: universe/x11
Source: tightvnc
Origin: Ubuntu
Maintainer: Ubuntu Developers <[email protected]>
Original-Maintainer: Ola Lundqvist <[email protected]>
Bugs: https://bugs.launchpad.net/ubuntu/+filebug
Installed-Size: 1847
Provides: vnc-server, xserver
Depends: libc6 (>= 2.15), libjpeg8 (>= 8c), libx11-6, zlib1g (>= 1:1.1.4), perl:any, x11-common | xserver-common, x11-utils, xauth
Recommends: xfonts-base, x11-xserver-utils
Suggests: tightvnc-java
Filename: pool/universe/t/tightvnc/tightvncserver_1.3.10-0ubuntu5_amd64.deb
Size: 662900
MD5sum: 3af0020f4758752adf36718d190e6943
SHA1: 08d788330270d20ff8b13f9e9dde8066e71cdb2a
SHA256: d702f1e30e88f619a2eac9f2de7ade59d5954e346fa865f6cc499330f4376b7a
Homepage: http://www.tightvnc.com

However, the launch is done well:

 vncserver

New 'X' desktop is ip-***-**-**-**:1

Starting applications specified in /home/ubuntu/.vnc/xstartup
Log file is /home/ubuntu/.vnc/ip-***-**-**-**:1.log

I don't have much knowledge of ubuntu and in fact I don't even know how to identify the problem.

Could you please help me?

This is very important for my work and I am completely lost.

Thank you very much in advance.

Solution 1:

The Too many authentication failures - client rejected message reveals a couple of things:

1. TightVNC is using standard ports
2. Your security policy on Amazon is inadequate
3. Automated processes found your EC2 instance and it responded to various requests, eventually triggering the VNC server’s security policy

You will want to do a few things:

1. Change the port that is used by the VNC server to something outside of standard, such as 74656
2. Use the security policies on Amazon to limit traffic to known IP addresses or, barring that, specific countries
3. Consider slowing down brute force attempts by either using Fail2Ban or updating your iptables to something like:

   sudo iptables -I INPUT -p tcp --dport 22 -i eth0 -m state --state NEW -m recent --set
   sudo iptables -I INPUT -p tcp --dport 22 -i eth0 -m state --state NEW -m recent --update --seconds 90 --hitcount 3 -j DROP
   

   This will block an IP after three failed attempts in 30 seconds. Be sure to change the dport and i values to the proper port and network interface for your EC2 instance.

With a little more security in place, your VNC server can be a reliable tool 👍🏻