On 18 Jan 2023, at 04:25, Frantisek Rysanek <Frantisek.Rysanek@post.cz> wrote:
Dear fellow QEMU users,
I'm playing for the first time with the VNC output of QEMU. I'm running qemu-system-x86_64 by hand from the command line, i.e. no virtmanager. No problems there, I know enough of QEMU's cmdline args to find my way about. I'm compiling QEMU 7.2.0 from source.
The first time I used "-vnc :1" I chuckled that I got straight to the console of the VM guest = no auth. Then I found the official note about VNC security: https://qemu-project.gitlab.io/qemu/system/vnc-security.html
For the moment I'm too lazy to deal with SSL. I just tried this:
-vnc :1,sasl=on
Obviously I have saslauthd up and running, and coupled to PAM.
Curiously to me, of the three VNC clients that I've tried in Windows, none responded positively to the auth "algorithm set" offered by the QEMU VNC server. Such as, TigerVNC would just chirp "No matching security types". Similarly TightVNC and UltraVNC.
Failing to find any relevant docs or forum posts, I've fired up Wireshark to take a look - and I've discovered that the QEMU VNC proposes a single "security type" called "GTK-VNC SASL".
The questions are probably obvious:
Is there a VNC client that would support this authentication method? :-)
A quick look suggests only GTK-VNC supports this
Is there some way to enhance the QEMU VNC to propose other authentication methods, supported by some client counterparts? Am I perhaps missing some compile-time option? I probably still have GNUTLS turned off... maybe that's a missing dependency, which might add other security types?
You may want to check the options in ./configure --help - I haven't used VNC in QEMU myself
--Adam |