RE: [Xen-devel] Individual passwords for guest VNC servers ? - Ian Pratt - com.xensource.lists.xen-devel

42 messages in com.xensource.lists.xen-develRE: [Xen-devel] Individual passwords ...

From	Sent On	Attachments
Daniel P. Berrange	16 Aug 2006 11:11
Daniel P. Berrange	24 Aug 2006 17:44
Daniel P. Berrange	27 Aug 2006 15:20
Masami Watanabe	30 Aug 2006 18:23
Daniel P. Berrange	30 Aug 2006 18:38
Masami Watanabe	30 Aug 2006 19:57
Ian Pratt	31 Aug 2006 03:45
George Dunlap	31 Aug 2006 08:42
Masami Watanabe	22 Sep 2006 05:04	.patch
Ian Pratt	22 Sep 2006 05:49
Daniel P. Berrange	22 Sep 2006 06:12
Ian Pratt	22 Sep 2006 06:54
Anthony Liguori	22 Sep 2006 07:03
Daniel P. Berrange	22 Sep 2006 07:43
Masami Watanabe	26 Sep 2006 01:07
Anthony Liguori	26 Sep 2006 07:24
Ian Pratt	26 Sep 2006 11:23
Masami Watanabe	27 Sep 2006 18:00
Masami Watanabe	27 Sep 2006 18:04
Masami Watanabe	29 Sep 2006 01:47	.patch
Anthony Liguori	29 Sep 2006 07:01
Daniel P. Berrange	29 Sep 2006 15:11
masa...@jp.fujitsu.com	30 Sep 2006 11:46
Masami Watanabe	30 Sep 2006 11:53
Daniel P. Berrange	02 Oct 2006 09:22
Anthony Liguori	02 Oct 2006 10:24
Daniel P. Berrange	02 Oct 2006 11:12
Ian Pratt	02 Oct 2006 12:14
Masami Watanabe	02 Oct 2006 19:03
Masami Watanabe	03 Oct 2006 09:08
Anthony Liguori	03 Oct 2006 10:56
Daniel P. Berrange	03 Oct 2006 11:05
Anthony Liguori	03 Oct 2006 11:49
Masami Watanabe	04 Oct 2006 16:24
Daniel P. Berrange	04 Oct 2006 16:42
Anthony Liguori	04 Oct 2006 17:56
Masami Watanabe	04 Oct 2006 18:27
Daniel P. Berrange	10 Oct 2006 06:10
Anthony Liguori	10 Oct 2006 07:03
Daniel P. Berrange	25 Oct 2006 11:00
Keir Fraser	25 Oct 2006 13:42
Daniel P. Berrange	25 Oct 2006 14:23

Subject:	RE: [Xen-devel] Individual passwords for guest VNC servers ?
From:	Ian Pratt (m+Ia...@cl.cam.ac.uk)
Date:	09/22/2006 05:49:18 AM
List:	com.xensource.lists.xen-devel

- A password has to be encoded in base64 format. For example, you can obtain one by executing the next command. # cat ~/.vnc/passwd | uuencode -m passwd | head -2 | tail -1

Nice work.

Didn't someone suggest that there was some better tool than uunecode for getting the password printable? One that was in the 'base' of most distros? (which I don't think uuencode is)

It would be nice if we had a script that invoked the 'vncpasswd' and the above encoding to print the string to cut and paste.

Thanks, Ian

Configuration examples: - No password authentication for all VNC consoles. --- xend-config.sxp --- (vncpasswd '') -----------------------

- Single common password for all VNC consoles. --- xend-config.sxp --- (vncpasswd 'PASSWORD') -----------------------

- VM-specific password for vm1. --- vm1 config -------- vncpasswd = "PASSWORD for vm1" -----------------------

Notes and request: - On log file permissions. Please mind logfile permissons since password are recorded in xend and qemu-dm logfiles, though they are not decoded. - On DES (Data Encryption Standard). Please check the copyright notes in d3des.h and d3des.c and the description that says "a portable, public domain, version of the Data Encryption Standard." I needed the DES module in standard VNC. So I included these files without modification from VNC 4.1.1 source distribution for Unix platforms.

Other notes: - I tested that the following VNC clients successfully negotiated to the VNC console. VNC Viewer Free Edition 4.1.1 for X VNC Free Edition for Windows Version 4.1.2 UltraVNC Win32 Viewer 1.0.2

Signed-off-by: Masami Watanabe <masa...@jp.fujitsu.com>

Best regards, Watanabe

On Thu, 31 Aug 2006 11:45:37 +0100, Ian Pratt wrote:

I take your point about security, I'll do as follows. - vnc_passwd is not omissible. - The domain cannot be created if there is no vnc_passwd.

It would also be good to be able to specify a system-wide vnc password in the xend-config.sxp that is overridden by individual guest configs.

Thanks, Ian

On Thu, Aug 31, 2006 at 10:23:56AM +0900, Masami Watanabe wrote:

I'm thinking of adding the following protection to VNC console. I know it's not perfect, nonetheless, it's far better than the current no protection situation. Please comment.

Specification: - The same challenge-response auth scheme as standard VNC to

available

from VNC viewer (like RealVNC).

Yeah, looking at the various clients, challenge-response is the

only

one

we can really rely on being present - in fact its the only one supported by Fedora VNC client (RealVNC IIRC?) at all.

- The vnc password of each VM is described in the VM

configuration

file.

When omit the password, do not use authentification. ex) vnc_passwd = xxxxx

I think we should be secure by default - if they omit the

password

then

we should either generate one - and store it in xenstore, or

refuse

activate VNC server. If we really really want to allow no

passwords,

then

admin could have to explicitly request it with vnc_no_password=1 in the config file - but my prefernce is still that we should

flat

out

refuse to allow an empty password - in this day & day its just

plain

wrong.

RealVNC server for example, refuses to allow empty password.

- Where "xxxxx" is an uuencoded encrypted password, that is, you can get this value by # cat ~/.vnc/passwd | uuencode -m passwd (needs uuencode command: sharutils package)

Perhaps base64 would be preferable - that's a standard part of Linux coreutils toolset, rather than an addon like uuencode is.

Regards, Dan.

-- |=- Red Hat, Engineering, Emerging Technologies, Boston. +1 978

392

2496

-=|

|=- Perl modules: http://search.cpan.org/~danberr/ -=| |=- Projects: http://freshmeat.net/~danielpb/ -=| |=- GnuPG: 7D3B9505 F3C9 553F A1DA 4AC2 5648 23C1 B3DF F742

7D3B

9505

-=|