[Libvir] Re: [Xen-users] SOLVED Re: cannot use vncviewer and VMM graphics console to access HVM guest on RHES 5
Hi Dan, I'm with you about the VNC authentication. But I still don't understand the logic behind assigning HVM displays. Instead of clear "domU ID is the display number" (vncunused 0), the Virtual Machine Manager assigns vncunused to 1 and then calculates the 5900+ port, I suppose depending on what port is not occupied (BTW where exactly is this code in the source, please?). Why is that? And how am I suppose to find out what that port number is if I'd want to connect to a VMM-created vm manually with my vnc client? Thanks, Glen Daniel P. Berrange wrote:
On Fri, Jun 01, 2007 at 11:03:36AM -0400, Glen Deem wrote:
Thanks to Igor Chubin (spasibo) and Richard Jones, the qemu vnc server was listening but I did not connect to its proper port (why libvirt doesn't use <IP>:<domU id> kind of vnc connection and restricts the server to local host only by default?).
VNC authentication is an utter joke. It can be trivially brute forced so exposing it on a public IP address is not a good idea, hence the default is 127.0.0.1, though even that's not ideal because it is still exposed to local users. Ultimately VNC needs to have SSL/TLS support integrated into it to allow secure access over public network, which is something I'm working on for QEMU...
Dan.
On Fri, Jun 01, 2007 at 02:13:15PM -0400, Glen Deem wrote:
Hi Dan,
I'm with you about the VNC authentication.
But I still don't understand the logic behind assigning HVM displays. Instead of clear "domU ID is the display number" (vncunused 0), the Virtual Machine Manager assigns vncunused to 1 and then calculates the 5900+ port, I suppose depending on what port is not occupied (BTW where exactly is this code in the source, please?).
Virt-manager doesn't calculate the port numbers - QEMU / Xen does that - it starts at 5900 and tries to bind() to it, adding 1 and retrying until it works. 'DomU ID is the display number' doesn't scale - if your host has been up for a while / run alot of guests your domU ID get up into the 1000's, 10,000's or more, and you will easily clash port numbers with other apps on the machine.
Why is that? And how am I suppose to find out what that port number is if I'd want to connect to a VMM-created vm manually with my vnc client?
In current RHEL-5 virsh dumpxml <dom name> | grep graphics Or in Fedora you can now ask virsh vncdisplay <doma name> Dan. -- |=- Red Hat, Engineering, Emerging Technologies, Boston. +1 978 392 2496 -=| |=- Perl modules: http://search.cpan.org/~danberr/ -=| |=- Projects: http://freshmeat.net/~danielpb/ -=| |=- GnuPG: 7D3B9505 F3C9 553F A1DA 4AC2 5648 23C1 B3DF F742 7D3B 9505 -=|
participants (2)
-
Daniel P. Berrange -
Glen Deem