[SOLVED] Is there any way to autofill the vnc websocket password prompt?

J

JVisi

New Member
Sep 23, 2022
15
0
1
Hello
What I need to do, is basically autofill (or make the password not required) when getting the novnc console via websockets)

The setup is:
Browser- nodejs proxy - proxmox

In the browser I can't really do anything with it, because it's required before the pages render, and the vnc-ticket is not the same, so I can't save it and autofill with a plugin for example. so maybe something to add in the proxy?

The proxy in itself is only doing the forwarding, like this:

Code: 
httpProxy.createServer({
    target:proxmox vncwebsocket url,
    ws:true,
    secure:false,
    changeOrigin:true,

    auth:"password:"+vnc_ticket,    //this here is not working
    headers:{
        'Cookie': pveCookie,
        'Password':vnc_ticket           //neither does this
    },
}).listen(5001)

Is there any way to pass the password beforehand, so it's not getting prompted in the browser?
 
When connecting
dcsapak said:
i don't really get what you're trying to do. where do you need the password? what do you try to accomplish?
(maybe checking out our novnc code helps? https://git.proxmox.com/?p=novnc-pve.git;a=tree;h=refs/heads/master;hb=refs/heads/master )
Click to expand...
The proxy forwards the incoming traffic from wss://ip:8006.... to ws://localhost: port. This is the vnc console. When my app tries to connect to ws://other-ip:5001, it prompts me for a password, and this password is the vnc-ticket. I would like to skip the need to manually enter the vnc-ticket, and if someone is trying to connect to ws://localhost: port it automatically shows the vnc-console

1664351720909.png1664351686147.png
 

Attachments

  • 1664351679918.png
    1664351679918.png
    7.5 KB · Views: 13
Last edited:
hard to explain but i kind of do this customer clicks a vnc terminal button in our control panel
In the backend i call "/access/ticket"; enpdoint with customers details then set set_cookie("PVEAuthCookie", based on token for a the customer

then i call /vncproxy' endpoint with $data['websocket'] = true; and finally display the console l html js etc
 
Craig St George said:
hard to explain but i kind of do this customer clicks a vnc terminal button in our control panel
In the backend i call "/access/ticket"; enpdoint with customers details then set set_cookie("PVEAuthCookie", based on token for a the customer

then i call /vncproxy' endpoint with $data['websocket'] = true; and finally display the console l html js etc
Click to expand...
Hmm, interesting, because I feel like I do the same.
In the backed, I call /access/ticket, get the pveauthcookie
next I call the /vncproxy like this:

Code: 
const response = await this.instance.post(
                'https://ip:8006/api2/json/nodes/{node}/lxc/'+vmid+'/vncproxy',
                {
                    websocket: true
                }, {
                headers: {
                    'Cookie': pveCookie,
                    "CSRFPreventionToken": csrf
                },
                withCredentials: true
            })

and then I create a proxyserver that forwards this socket like

JavaScript: 
let url = "wss://ip:8006/api2/json/nodes/{node}/lxc/16150/vncwebsocket?port=" + response.data.data.port + "&" + qs.stringify({ vncticket: response.data.data.ticket })

            httpProxy.createServer({
                target: url,
                ws: true,
                secure: false,
                changeOrigin: true,
                headers: {
                    'Cookie': pveCookie,
                },
            }).listen(5001)
 
JVisi said:
Hmm, interesting, because I feel like I do the same.
In the backed, I call /access/ticket, get the pveauthcookie
next I call the /vncproxy like this:

Code: 
const response = await this.instance.post(
                'https://ip:8006/api2/json/nodes/{node}/lxc/'+vmid+'/vncproxy',
                {
                    websocket: true
                }, {
                headers: {
                    'Cookie': pveCookie,
                    "CSRFPreventionToken": csrf
                },
                withCredentials: true
            })

and then I create a proxyserver that forwards this socket like

JavaScript: 
let url = "wss://ip:8006/api2/json/nodes/{node}/lxc/16150/vncwebsocket?port=" + response.data.data.port + "&" + qs.stringify({ vncticket: response.data.data.ticket })

            httpProxy.createServer({
                target: url,
                ws: true,
                secure: false,
                changeOrigin: true,
                headers: {
                    'Cookie': pveCookie,
                },
            }).listen(5001)
Click to expand...

Maybe the problem is something with that proxmox provides a wss://.... link and I'm trying to connect with ws://... ?
 
maybe im using wss://

but i also had to url endcode the ticket
like api2/json/nodes/' . $hostname . '/' . $vtype . '/' . $username . '/vncwebsocket?port=' . urlencode($port) . '&vncticket=' . urlencode($ticket)

I rember it was hard to debug the wss call chrome did show the real reason firefox did and i also have problems with my certs and the domain of my poxy as i have a reverse proxy there also
 
Craig St George said:
maybe im using wss://

but i also had to url endcode the ticket
like api2/json/nodes/' . $hostname . '/' . $vtype . '/' . $username . '/vncwebsocket?port=' . urlencode($port) . '&vncticket=' . urlencode($ticket)

I rember it was hard to debug the wss call chrome did show the real reason firefox did and i also have problems with my certs and the domain of my poxy as i have a reverse proxy there also
Click to expand...
The ticket is url encoded

what I'm trying to achieve is that from an app running on http://ip:3000, I connect to ws://myproxy-ip:5001, and the proxy connects to the wss://proxmox-ip....
but this requires that 'password' authentication on the front-end. I figure it's an issue with certificates?
the /vncproxy call gives back a certificate, maybe I should be using that somehow?
 
but that is not a password prompt from pve, but it seems a http basic auth prompt. i'd check your proxy if it's correctly configured...
also it says "localhost:3001" but you wrote 5001, maybe there is a typo somewhere?
 
dcsapak said:
but that is not a password prompt from pve, but it seems a http basic auth prompt. i'd check your proxy if it's correctly configured...
also it says "localhost:3001" but you wrote 5001, maybe there is a typo somewhere?
Click to expand...
Well, yes, it's a basic auth prompt. That's why I asked if there was any way to prevent this to be needed. I thought I'm getting prompted, because connecting to the proxmox websocket stream asks me to.

However, I have found a solution.
From the vnc client, on the onCredentialsRequired event one can get the RFB object, and on that theres a sendCredentials call, and in that we can provide then vnc-ticket

Thank you for your time, I mark this thread as solved
 
You must log in or register to reply here.

About

The Proxmox community has been around for many years and offers help and support for Proxmox VE, Proxmox Backup Server, and Proxmox Mail Gateway.
We think our community is one of the best thanks to people like you!

Quick Navigation

Home Get Subscription Wiki Downloads Proxmox Customer Portal About

Get your subscription!

The Proxmox team works very hard to make sure you are running the best software and getting stable updates and security enhancements, as well as quick enterprise support. Tens of thousands of happy customers have a Proxmox subscription. Get yours easily in our online shop.

Buy now!
Community platform by XenForo® © 2010-2024 XenForo Ltd.
Top Bottom
Back