[Pkg-xen-devel] Bug#1041533: xen-system-amd64: Xen fails to start hvm type VMs when a vncpasswd is set

zithro slack at rabbit.lu
Thu Jul 20 17:59:55 BST 2023


Hello,

I -think- VNC auth has been removed from the last QEMU versions.
Also maybe related, QEMU in Debian is not configured with VNC_SASL 
(there was a discussion about it in #debian-xen).

Wait for confirmations, meanwhile there is another option: SSH (maybe 
even more secure ?).

The workaround is to make the VNC servers only accessible from dom0, 
then to create SSH tunnels to connect to them :

1. in the domU config file, select "127.0.0.1" as the IP address to 
listen to, and remove everything about authentication
2. from your management host, create a tunnel, something like "ssh -nN 
-L localhost:12345:localhost:59xx user at dom0"
3. from your management host, use VNC_APP:12345 to connect to the display

The "xx" for the tunnel represent the "VNC display id" you've chosen in 
your domU config file, so if you have "vnclisten = 127.0.0.1:12", the 
real IP address is "127.0.0.1:5912" (in your case, you'd pick 5901).

Hope it helps.

PS: as for documentation it will be in the new Debian Xen wiki page 
(which I'm rewriting, for now it's still an offline draft).

--
Cyril Rébert / zithro



More information about the Pkg-xen-devel mailing list