[pve-devel] vncpropxy question

Dominik Csapak d.csapak at proxmox.com
Fri Jul 1 14:01:55 CEST 2022


On 7/1/22 08:39, Dietmar Maurer wrote:
>> addendum:
>>
>> 'it doesn't do anything here' is not completely correct
>> for 'regular' vm displays it just does not set the ticket which
>> breaks the connection
> 
> I think this ("break the connection") is important, because otherwise it would allow unecrypted VNC traffic over the network. I guess we do not want that.
> 
> But qemu now supports more VNC auth types, so maybe we can allow TLS encrypted VNC from outside, and unecrypted VNC for local proxy code.
> 
> I will take a look at that when I am back from vacation...


i don't understand your message.. not setting the Ticket here does not allow unencrypted VNC 
traffic? in 'qm vncproxy' we die if the ticket is not set, and even if we'd not,
the vnc server from qemu does not listen on a public ip, but on 127.0.0.1 (or ::1)

but yeah, we can look at that after your vacation ;)





More information about the pve-devel mailing list