[Date Prev][Date Next] [Thread Prev][Thread Next] [Thread Index] [Date Index] [Author Index]

[Libvir] Re: [Xen-users] SOLVED Re: cannot use vncviewer and VMM graphics console to access HVM guest on RHES 5

From: "Glen Deem" <xen inbox gmail com>
To: "Daniel P. Berrange" <berrange redhat com>
Cc: libvir-list redhat com
Subject: [Libvir] Re: [Xen-users] SOLVED Re: cannot use vncviewer and VMM graphics console to access HVM guest on RHES 5
Date: Fri, 1 Jun 2007 14:13:15 -0400

Hi Dan,

I'm with you about the VNC authentication.

But I still don't understand the logic behind assigning HVM displays.
Instead of clear "domU ID is the display number" (vncunused 0), the
Virtual Machine Manager assigns vncunused to 1 and then calculates the
5900+ port, I suppose depending on what port is not occupied (BTW
where exactly is this code in the source, please?).

Why is that? And how am I suppose to find out what that port number is
if I'd want to connect to a VMM-created vm manually with my vnc
client?

Thanks,
Glen

Daniel P. Berrange wrote:

On Fri, Jun 01, 2007 at 11:03:36AM -0400, Glen Deem wrote:

Thanks to Igor Chubin (spasibo) and Richard Jones, the qemu vnc server
was listening but I did not connect to its proper port (why libvirt
doesn't use <IP>:<domU id> kind of vnc connection and restricts the
server to local host only by default?).


VNC authentication is an utter joke. It can be trivially brute forced
so exposing it on a public IP address is not a good idea, hence the
default is 127.0.0.1, though even that's not ideal because it is still
exposed to local users. Ultimately VNC needs to have  SSL/TLS support
integrated into it to allow secure access over public network, which
is something I'm working on for QEMU...

Dan.

Follow-Ups:
- [Libvir] Re: [Xen-users] SOLVED Re: cannot use vncviewer and VMM graphics console to access HVM guest on RHES 5
  - From: Daniel P. Berrange

[Date Prev][Date Next] [Thread Prev][Thread Next] [Thread Index] [Date Index] [Author Index]