[Libvir] SOLVED Re: cannot use vncviewer and VMM graphics console to access HVM guest on RHES 5

Thanks to Igor Chubin (spasibo) and Richard Jones, the qemu vnc server was listening but I did not connect to its proper port (why libvirt doesn't use <IP>:<domU id> kind of vnc connection and restricts the server to local host only by default?). Regards, Glen On 5/31/07, Glen Deem <xen.inbox@XXXXXXXXX> wrote:
Hi all,
I've created an HVM guest under RHES 5 (Xen 3.0.3) using "xm create" but I cannot access it with vncviewer.
The Virtual Machine Manager also informs about graphics console unavailability.
What am I doing wrong, please?
I do
vncviewer 123.456.789.123:4, where 4 is the guest id.
This is the xm config file is:
name = "hvmGuest" builder = "hvm" memory = "500" disk = [ 'file:/var/lib/red-hat.img,hda,w', ] vif = [ 'type=ioemu, mac=00:16:3e:34:3b:ba, bridge=xenbr0', ] device_model = "/usr/lib/xen/bin/qemu-dm" kernel = "/usr/lib/xen/boot/hvmloader" vnc=1 vncunused=1 apic=1 acpi=1 pae=1 vcpus=1 serial = "pty" on_reboot = 'restart' on_crash = 'restart'
Thanks a lot in advance.
Glen from Ottawa, Canada

On Fri, Jun 01, 2007 at 11:03:36AM -0400, Glen Deem wrote:
Thanks to Igor Chubin (spasibo) and Richard Jones, the qemu vnc server was listening but I did not connect to its proper port (why libvirt doesn't use <IP>:<domU id> kind of vnc connection and restricts the server to local host only by default?).
VNC authentication is an utter joke. It can be trivially brute forced so exposing it on a public IP address is not a good idea, hence the default is 127.0.0.1, though even that's not ideal because it is still exposed to local users. Ultimately VNC needs to have SSL/TLS support integrated into it to allow secure access over public network, which is something I'm working on for QEMU... Dan. -- |=- Red Hat, Engineering, Emerging Technologies, Boston. +1 978 392 2496 -=| |=- Perl modules: http://search.cpan.org/~danberr/ -=| |=- Projects: http://freshmeat.net/~danielpb/ -=| |=- GnuPG: 7D3B9505 F3C9 553F A1DA 4AC2 5648 23C1 B3DF F742 7D3B 9505 -=|

On Fr, Jun 01, 2007 at 11:03:36 -0400, Glen Deem wrote:
Thanks to Igor Chubin (spasibo) and Richard Jones, the qemu vnc server was listening but I did not connect to its proper port (why libvirt doesn't use <IP>:<domU id> kind of vnc connection and restricts the server to local host only by default?).
AFAIK you can edit xend-config.sxl, restart xend and it will be listening not only on the localhost. -- WBR, i.m.chubin

On Fr, Jun 01, 2007 at 06:11:22 +0300, Igor Chubin wrote:
On Fr, Jun 01, 2007 at 11:03:36 -0400, Glen Deem wrote:
Thanks to Igor Chubin (spasibo) and Richard Jones, the qemu vnc server was listening but I did not connect to its proper port (why libvirt doesn't use <IP>:<domU id> kind of vnc connection and restricts the server to local host only by default?).
AFAIK you can edit xend-config.sxl, restart xend and it will be listening not only on the localhost.
Also you can use ssh port forwarding. You can read about in ssh(1). ssh -L (for local port forwarding) and ssh -R (for remote port forwarding) (vnc security is really not so good)
-- WBR, i.m.chubin
_______________________________________________ Xen-users mailing list Xen-users@lists.xensource.com http://lists.xensource.com/xen-users
-- WBR, i.m.chubin

Glen Deem schrieb:
Thanks to Igor Chubin (spasibo) and Richard Jones, the qemu vnc server was listening but I did not connect to its proper port (why libvirt doesn't use <IP>:<domU id> kind of vnc connection and restricts the server to local host only by default?).
This is defined in xend-config.sxp as (vnc-listen '127.0.0.1') I think its a security issue if vncviewer listens to 0.0.0.0 by default. greetings Stephan
participants (4)
-
Daniel P. Berrange
-
Glen Deem
-
Igor Chubin
-
Stephan Seitz