[Pkg-xen-devel] Bug#1041533: xen-system-amd64: Xen fails to start hvm type VMs when a vncpasswd is set
zithro
slack at rabbit.lu
Thu Jul 20 17:59:55 BST 2023
Hello,
I -think- VNC auth has been removed from the last QEMU versions.
Also maybe related, QEMU in Debian is not configured with VNC_SASL
(there was a discussion about it in #debian-xen).
Wait for confirmations, meanwhile there is another option: SSH (maybe
even more secure ?).
The workaround is to make the VNC servers only accessible from dom0,
then to create SSH tunnels to connect to them :
1. in the domU config file, select "127.0.0.1" as the IP address to
listen to, and remove everything about authentication
2. from your management host, create a tunnel, something like "ssh -nN
-L localhost:12345:localhost:59xx user at dom0"
3. from your management host, use VNC_APP:12345 to connect to the display
The "xx" for the tunnel represent the "VNC display id" you've chosen in
your domU config file, so if you have "vnclisten = 127.0.0.1:12", the
real IP address is "127.0.0.1:5912" (in your case, you'd pick 5901).
Hope it helps.
PS: as for documentation it will be in the new Debian Xen wiki page
(which I'm rewriting, for now it's still an offline draft).
--
Cyril Rébert / zithro
More information about the Pkg-xen-devel
mailing list