Luke -Jr wrote:
On Thursday 22 February 2007 10:35, you wrote:
I would be happy with a patch that allowed a password to be set from the
monitor. Storing a password in a file on disk is, IMHO, ugly. If no
one beats me to it, I'll probably write something up this weekend.
That doesn't make it too simple to start a qemu session without a human
present. It also means there's a vulnerable window of time without a
password.
In my patch queue, I have a patch that adds a null VNC target along with
another patch to allow you to change what the VNC server listens to in
the monitor.
I also have a small program that lets you execute monitor commands
outside of QEMU (assuming the monitor is a unix socket).
So, without human intervention, you would do:
qemu -vnc null ...
connect to monitor and set password
connect to monitor and change vnc server to listen on :3
Regards,
Anthony Liguori
For real security, TLS integration is most certainly the way to go. I
want to make sure anything we do though doesn't violate the RFB spec so
we have to validate the the authentication ids are reserved and the
protocol isn't violated in anyway (realizing there's no absolutely
secure way to do RFB and still be compatible to the spec).
Well, in theory I can use iptables to restrict connections only from an
individual local user (--uid-owner) and thus require SSH authentication, but
I'm not sure how simple that will be to do from Java...
_______________________________________________
Qemu-devel mailing list
Qemu-devel@nongnu.org
http://lists.nongnu.org/mailman/listinfo/qemu-devel
