<div dir="ltr">Hi Niall,<div><br></div><div>It looks like vnc password support was removed from the vmware driver last October:</div><div><br></div><div><a href="https://github.com/openstack/nova/commit/058ea40e7b7fb2181a2058e6118dce3f051e1ff3">https://github.com/openstack/nova/commit/058ea40e7b7fb2181a2058e6118dce3f051e1ff3</a><br></div><div><br></div><div>For libvirt, there is an option in qemu.conf for "vnc_password", but I'm not sure how it would work with OpenStack.</div><div><br></div><div>Thanks,</div><div>Joe</div><div><br></div></div><div class="gmail_extra"><br><div class="gmail_quote">On Tue, Oct 21, 2014 at 9:30 PM, Niall Power <span dir="ltr"><<a href="mailto:niall.power@oracle.com" target="_blank">niall.power@oracle.com</a>></span> wrote:<br><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">Hi all,<br>
<br>
I have a question about a security consideration on a compute node when using nova-novncproxy for console access.<br>
<br>
Is there any existing mechanism within Nova to automatically authenticate against the VNC console an instance<br>
(I'm talking about plain old VNC authentication) or to generally prevent unauthorized local user accounts on the compute-node from accessing the VNC console of an instance?<br>
<br>
I understand that nova-novnc proxy and websockify bridge between the public network and the private internal/infrastructure network of the compute-node using wss:// to secure and encrypt the connection over the public network. I also understand that VNC authentication is comparatively very weak....<br>
<br>
This is perhaps only an issue when the compute-node is also permitting traditional Unix type user logins.<br>
Let's say we have an instance running on the compute-node and the hypervisor or container manager serves out the console over VNC on a known port and the tenant has authenticated and logged in on the console using Horizon, perhaps as the administrator. A local user on the compute node, if they specified the correct port, could in theory then access the console and the administrative account of that instance without needing to authenticate.<br>
<br>
VNC authentication using password (and optionally username) would seem like the traditional way to prevent such unauthorized access. I can't find anything within the Nova code base that seems to cater for password<br>
authentication with the VNC server. For example the vmware nova driver returns the following dictionary<br>
of parameters for an instance console in vmops.py:get_vnc_console():<br>
{'host': CONF.vmware.host_ip,<br>
'port': self._get_vnc_port(vm_ref),<br>
'internal_access_path': None}<br>
<br>
No suggestion of a password to authenticate with the VNC server. Is this intentionally not supported, lacking, or is there perhaps simply a better way to address this problem?<br>
<br>
Thanks in advance!<br>
Niall Power<br>
<br>
<br>
______________________________<u></u>_________________<br>
OpenStack-operators mailing list<br>
<a href="mailto:OpenStack-operators@lists.openstack.org" target="_blank">OpenStack-operators@lists.<u></u>openstack.org</a><br>
<a href="http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-operators" target="_blank">http://lists.openstack.org/<u></u>cgi-bin/mailman/listinfo/<u></u>openstack-operators</a><br>
</blockquote></div><br></div>