VNC authentication failure

I try to connect to my vncserver running on CentOs from home computer, behind firewall. I have installed Win7 and Ubuntu both on this machine. I have an error:

VNC conenction failed: vncserver too many security failures

even when logging with right credentials (I reset passwd on CentOs) I get: authentication failure.

I observe that I have to wait a whole day to be able to relogin at all.

Is it something regarding that I try as root? I think important is also that I have to login to remote Centos through port 6050 - none else port works for me. Do I have to do something with other ports? I see that vncserver is listening on 5901, 5902 if another added - and I consider connection is established because from time to time (long time) the passwd prompt appears,... right?

I have created additional user1, password for him to CentOS and to VNC, also user2. I do:

service vncserver start

and two servers starts, one :1, and second on :2. When I try to connect to vncserverIP:1 I get what described above, but when I try connect to vncserverIP:2 it says that the trial was unsuccessful.

please help, what to do?

additionally: how to disable this lockout for a testing purposes?


Solution 1:

VNC uses a separate password system. It does not check passwords against /etc/passwd but rather against ~/.vnc/passwd, which contains a single primary password and optionally a secondary password that allows only viewing the screen.

To set your VNC password(s), use the vncpasswd command. VNC passwords must be between five and eight characters in length – characters beyond the eighth are silently ignored. So if you are using VNC over the Internet, pick a strong, random password, as attackers may use botnets that have numerous IP addresses to circumvent the lockout while cracking your password.

If you must use VNC over the Internet, run it on a randomly chosen port number (not 5900) to avoid detection in port scans that cover only the common ports. Preferably, tunnel your VNC connection over SSH to protect yourself against eavesdropping and man-in-the-middle attacks. If you do this, you should set vncserver to not accept connections from the Internet, disable password-only authentication on the SSH service and use public-key authentication to protect against common brute-force password cracking attempts.

Restarting vncserver should reset the lockout. The manual page does not mention any way to disable the (already inadequate?) lockout entirely.