Gnome 3.10 sharing desktop --- how to configure the security type for VNC?

Solution 1:

Real solution: I am now using SSVNC on the windows machine and x11vnc on the linux server. Works with bVNC on android too. You need a bit of expertise to make it work, so terse instruction here:

On Linux (follow the instruction that x11vnc is giving you, is verbose but worth reading):

x11vnc -storepasswd
x11vnc -forever -repeat -usepw -ssl -autoport 6000 

(you will have to put the last one in one of your login startup scripts, or whatever. Do not use a passphrase on the generated SSL certificate. I am using port 6000 to not mess with vino).

On Windows: Install the binary client from here.

Connect and enjoy a (slowish...) encrypted connection.

Partial answer: (posted for sake of helping other people, NOT RECOMMENDED); I hope there will be other answers to the question --- I will mark this answer as the right one as there are no solution by now).

The problem surfaced when the Vino project decided to switch to require encryption by default --- unfortunately, the only kind of encryption supported by the vino server (type 18) is not supported by most of the Windows, Android, and iOS viewer. For what I know, only the Linux-based vinagre viewer supports it.

I have reported a bug to the Vino project, both upstream and in launchpad about this issue; look there for more details. Basically, it seems that there is no sufficient developer power to implement more encryption types to the server (fair enough).

That means that you can go back to the previous, unsafe behavior by disabling encryption for the whole VNC layer by using dconf-editor like this:

No Encryption for VNC

Big fat notice that means that all what you type is visible in clear in the network. Passwords included.

I can do it because the connection is really through an encrypted SSH tunnel and there are no other local users on the remote machine --- but even in this case, if someone manage to get access to your machine, they can read all your secrets by sniffing 127.0.0.1...

Solution 2:

One liner UNSAFE encryption turn off command for 16.04

dconf write /org/gnome/desktop/remote-access/require-encryption false

then TigerVNC and realvnc work from Windows.

As Rmano pointed out however, only do this if your connection is already encrypted on another layer.

Found with dconf dump.

There is also a compatibility request on the TigerVNC side: https://github.com/TigerVNC/tigervnc/issues/307