Daniel P. Berrange
2006-Oct-02 20:10 UTC
[Fedora-xen] FYI: vnc console now only accessible on 127.0.0.1 by default
Just a heads-up for anyone who uses the VNC service for accessing the
graphical framebuffer for fully-virt & para-virt guests. As of xen-3.0.2-43
in rawhide, the VNC server will default to only accepting connections on
localhost (127.0.0.1). The reason for this change is that the VNC servers
do not currently[1] have any support for VNC password authentication, so
listening on 0.0.0.0 by default is rather a bad idea.
If you need to revert to old behaviour either set vnclisten="0.0.0.0"
in
the guest domain''s config, or to change it system wide, set the
vnc-listen
parameter in /etc/xen/xend-config.sxp. I''d recommend though to just
forward
the VNC port securely over SSH instead if feasible.
Regards,
Dan.
[1] Password support is under active development & will hopefully also
appear real soon now...
--
|=- Red Hat, Engineering, Emerging Technologies, Boston. +1 978 392 2496 -=|
|=- Perl modules: http://search.cpan.org/~danberr/ -=|
|=- Projects: http://freshmeat.net/~danielpb/ -=|
|=- GnuPG: 7D3B9505 F3C9 553F A1DA 4AC2 5648 23C1 B3DF F742 7D3B 9505 -=|
Daniel P. Berrange
2006-Oct-02 20:16 UTC
Re: [Fedora-xen] FYI: vnc console now only accessible on 127.0.0.1 by default
On Mon, Oct 02, 2006 at 09:10:51PM +0100, Daniel P. Berrange wrote:> Just a heads-up for anyone who uses the VNC service for accessing the > graphical framebuffer for fully-virt & para-virt guests. As of xen-3.0.2-43I do of course actually mean ''xen-3.0.2-42'' * Sep 29 2006 Daniel P. Berrange <berrange@redhat.com> - 3.0.2-42 - Added vnclisten patches to make VNC only listen on localhost out of the box, configurable by ''vnclisten'' parameter (bz 203196)> in rawhide, the VNC server will default to only accepting connections on > localhost (127.0.0.1). The reason for this change is that the VNC servers > do not currently[1] have any support for VNC password authentication, so > listening on 0.0.0.0 by default is rather a bad idea. > > If you need to revert to old behaviour either set vnclisten="0.0.0.0" in > the guest domain''s config, or to change it system wide, set the vnc-listen > parameter in /etc/xen/xend-config.sxp. I''d recommend though to just forward > the VNC port securely over SSH instead if feasible. > > Regards, > Dan. > > [1] Password support is under active development & will hopefully also > appear real soon now...Dan. -- |=- Red Hat, Engineering, Emerging Technologies, Boston. +1 978 392 2496 -=| |=- Perl modules: http://search.cpan.org/~danberr/ -=| |=- Projects: http://freshmeat.net/~danielpb/ -=| |=- GnuPG: 7D3B9505 F3C9 553F A1DA 4AC2 5648 23C1 B3DF F742 7D3B 9505 -=|