Proxmox VNC 详细配置说明 |
| 发表者:分类:云计算容器2012-12-08 23:11:15 阅读[2955] |
vnc for Proxmox 2.0
this page is a quick writeup on how to use vnc in 2.0
AFAIK , Proxmox 2.0 seems to be a lot more secure in its use of vnc, and requires clients to use tls .
Secure connections are a very good thing , trying to disable them so non secure clients work is not smart. However there are not many tls enabled clients. My guess is that there will be . I suggest helping out by filing bug reports for non tls clients you use, and help the developer by testing their changes.
With changes in Java due to security fixes, web based vnc access is hit or miss.
Vnc client access to a kvm used by multiple people can help keep the Proxmox host more secure as fewer people will have access to Proxmox-VE .
Note to Ubuntu users
I came to this page since web console wasn't working for me under ubuntu 11.10 and firefox. Problem was OpenJDK. I've installed Sun's JRE and sun-java6-plugin (as appointed by tom in the Proxmox VE 2.0 Forums) and now everything is working fine WITHOUT the setup described on this page. You can find several procedures to achieve this on Google or any other search engine.
shell script to update-sun-jre
- check http://www.duinsoft.nl/packages.php?t=en , there is a shell script and a repository which make the installation of the Oracle (Sun) Java Runtime Environment very easy. I used it on Ubuntu, but it look like it'll work on any Debian based system.
On that link there is information about the java changes that occurred in August 2011.
Enable Vnc 2.0 for use with old vnc clients (Including iOS and Android)
It currently is possible to enable the VNC 2.0 for use with old vnc clients however it is not recommend, and just in this guide as a reference
1. create your KVM machine, once created get the KVM ID (e.g: 100, 120)
2. SSH into your proxmox host
3. nano /etc/pve/local/qemu-server/(THE ID).conf - (nano /etc/pve/local/qemu-server/100.conf)
4. at the end of config enter the following...
args: -vnc 0.0.0.0:100
this basically tells the KVM to run a vnc from the IP 0.0.0.0 (all) on port 6000 (5900 + what port you set)
5. run your container, and connect via external VNC
Enable VNC Password Authorisation
1. create your KVM machine, once created get the KVM ID (e.g: 100, 120)
2. SSH into your proxmox host
3.nano /etc/pve/local/qemu-server/(THE ID).conf - (nano /etc/pve/local/qemu-server/100.conf)
4. at the end of config enter the following...
args: -vnc 0.0.0.0:100,password
this basically tells the KVM to run a vnc from the IP 0.0.0.0 (all) on port 6000 (5900 + what port you set) and to use a password as authorisation
5. run your container
6. go into the console with the web panel and run
set_password vnc YOURPASSWORD
7. connect via external ip address and port, enter you password and away you go!
NOTE: the console command has to be run every time you start up the VM because it doesnt remember the password for some reason?
Note this step shouldn't be needed anymore with pve-qemu-kvm > (1.1-7).
We have added VeNCrypt PLAIN authentication.
using tigervnc :
- encryption : none ,authentification: username and password
you can log with root@pam - rootpassword. (don't have tried with other logins)
configure Proxmox host
- this configures the host to accept vnc connections.
aptitude install openbsd-inetd
run this to get your kvm id's :
qm list
root@homenet-home10 /etc # qm list
VMID NAME STATUS MEM(MB) BOOTDISK(GB) PID
101 freenas stopped 1024 32.00 0
102 debpbx running 512 0.00 573304
105 winxp stopped 512 15.01 0
7012 ltsp-ldap-openfire-KVM running 512 9.00 495870
7016 fbc16-kvm running 512 8.00 462697
7159 win7 stopped 2048 0.00 0
27014 ltsp-term-KVM stopped 512 0.00 0
edit /etc/inetd.conf , put a port for each kvm you want to access using kvm
#port kvm 59055 stream tcp nowait root /usr/sbin/qm qm vncproxy 105 59058 stream tcp nowait root /usr/sbin/qm qm vncproxy 7159
restart openbsd-inetd
/etc/init.d/openbsd-inetd restart
test/debug host set up
this shows a working set up:
telnet home10 59058 # home10 is the hostname of my prox 2.0 test server. Trying 192.168.1.10... Connected to home10.fantinibakery.com. Escape character is '^]'. RFB 003.008
to exit press these 2 keys: control and ]
then type exit to quit that.
firewall portforward
to access the kvm's off site, you'll need to forward the ports in your router/firewall for off site access.
here is an example using pfsense : 
and dd-wrt: 
connect to a kvm using tigervnc from cli
- download from : http://sourceforge.net/apps/mediawiki/tigervnc/index.php?title=Welcome_to_TigerVNC . version 1.1.0 supports tls, 1.0.90 may not. Use a stable version.
- install
cd / tar xf <downloaded file>
- installed folder should be
/opt/TigerVNC
- open a terminal from linux gui.
- username will be
root@pam
password = root password for prox2.0 host
/opt/TigerVNC/bin/vncviewer home10:59058
issues
- tigervnc: control keys do not work. try nano , ctl + x .
- so do not enter ping w/o a -c
ping google.com # bad
ping -c 5 google.com
other vnc clients to check
winswitch looks promising . see http://winswitch.org/about/ . the version I used on 11/2011 did not have tls support , but there have been a few updates since then.
tls vnc clients for
Debian Squeeze
- none that I know of work using apt to install. Hopefully there will be some in backports.
- remmina does not work.
Ubuntu LTS
- none 2011-12
- remmina does not work in Ubuntu 12.04 LTS (Precise Pangolin) as of 2012-02-06.
Windows
- Worked
- TigerVNC (Including bundled)
- Not worked
- RealVNC, TightVNC, RealVNC and stuff
Mac
- Worked
- TigerVNC (including bundled)
- Not worked
- JollysFastVNC, Screens, RealVNC Viewer and stuff
iOS
RealVNC App works with old method shown above
However Nothing works with TLS Encryption
Old VNC Clients
All clients work with the old method listed above, on different platforms
转载请标明出处【Proxmox VNC 详细配置说明 】。
《www.micoder.cc》
虚拟化云计算,系统运维,安全技术服务.
| Tags: | [阅读全文...] |
最新评论