
Hi Dan, I'm with you about the VNC authentication. But I still don't understand the logic behind assigning HVM displays. Instead of clear "domU ID is the display number" (vncunused 0), the Virtual Machine Manager assigns vncunused to 1 and then calculates the 5900+ port, I suppose depending on what port is not occupied (BTW where exactly is this code in the source, please?). Why is that? And how am I suppose to find out what that port number is if I'd want to connect to a VMM-created vm manually with my vnc client? Thanks, Glen Daniel P. Berrange wrote:
On Fri, Jun 01, 2007 at 11:03:36AM -0400, Glen Deem wrote:
Thanks to Igor Chubin (spasibo) and Richard Jones, the qemu vnc server was listening but I did not connect to its proper port (why libvirt doesn't use <IP>:<domU id> kind of vnc connection and restricts the server to local host only by default?).
VNC authentication is an utter joke. It can be trivially brute forced so exposing it on a public IP address is not a good idea, hence the default is 127.0.0.1, though even that's not ideal because it is still exposed to local users. Ultimately VNC needs to have SSL/TLS support integrated into it to allow secure access over public network, which is something I'm working on for QEMU...
Dan.