[SOLVED] Is there any way to autofill the vnc websocket password prompt?

JVisi

New Member
Sep 23, 2022
15
0
1
Hello
What I need to do, is basically autofill (or make the password not required) when getting the novnc console via websockets)

The setup is:
Browser- nodejs proxy - proxmox

In the browser I can't really do anything with it, because it's required before the pages render, and the vnc-ticket is not the same, so I can't save it and autofill with a plugin for example. so maybe something to add in the proxy?

The proxy in itself is only doing the forwarding, like this:

Code:
httpProxy.createServer({
    target:proxmox vncwebsocket url,
    ws:true,
    secure:false,
    changeOrigin:true,

    auth:"password:"+vnc_ticket,    //this here is not working
    headers:{
        'Cookie': pveCookie,
        'Password':vnc_ticket           //neither does this
    },
}).listen(5001)

Is there any way to pass the password beforehand, so it's not getting prompted in the browser?
 
When connecting
i don't really get what you're trying to do. where do you need the password? what do you try to accomplish?
(maybe checking out our novnc code helps? https://git.proxmox.com/?p=novnc-pve.git;a=tree;h=refs/heads/master;hb=refs/heads/master )
The proxy forwards the incoming traffic from wss://ip:8006.... to ws://localhost: port. This is the vnc console. When my app tries to connect to ws://other-ip:5001, it prompts me for a password, and this password is the vnc-ticket. I would like to skip the need to manually enter the vnc-ticket, and if someone is trying to connect to ws://localhost: port it automatically shows the vnc-console

1664351720909.png1664351686147.png
 

Attachments

  • 1664351679918.png
    1664351679918.png
    7.5 KB · Views: 14
Last edited:
hard to explain but i kind of do this customer clicks a vnc terminal button in our control panel
In the backend i call "/access/ticket"; enpdoint with customers details then set set_cookie("PVEAuthCookie", based on token for a the customer

then i call /vncproxy' endpoint with $data['websocket'] = true; and finally display the console l html js etc
 
hard to explain but i kind of do this customer clicks a vnc terminal button in our control panel
In the backend i call "/access/ticket"; enpdoint with customers details then set set_cookie("PVEAuthCookie", based on token for a the customer

then i call /vncproxy' endpoint with $data['websocket'] = true; and finally display the console l html js etc
Hmm, interesting, because I feel like I do the same.
In the backed, I call /access/ticket, get the pveauthcookie
next I call the /vncproxy like this:

Code:
const response = await this.instance.post(
                'https://ip:8006/api2/json/nodes/{node}/lxc/'+vmid+'/vncproxy',
                {
                    websocket: true
                }, {
                headers: {
                    'Cookie': pveCookie,
                    "CSRFPreventionToken": csrf
                },
                withCredentials: true
            })

and then I create a proxyserver that forwards this socket like

JavaScript:
let url = "wss://ip:8006/api2/json/nodes/{node}/lxc/16150/vncwebsocket?port=" + response.data.data.port + "&" + qs.stringify({ vncticket: response.data.data.ticket })

            httpProxy.createServer({
                target: url,
                ws: true,
                secure: false,
                changeOrigin: true,
                headers: {
                    'Cookie': pveCookie,
                },
            }).listen(5001)
 
Hmm, interesting, because I feel like I do the same.
In the backed, I call /access/ticket, get the pveauthcookie
next I call the /vncproxy like this:

Code:
const response = await this.instance.post(
                'https://ip:8006/api2/json/nodes/{node}/lxc/'+vmid+'/vncproxy',
                {
                    websocket: true
                }, {
                headers: {
                    'Cookie': pveCookie,
                    "CSRFPreventionToken": csrf
                },
                withCredentials: true
            })

and then I create a proxyserver that forwards this socket like

JavaScript:
let url = "wss://ip:8006/api2/json/nodes/{node}/lxc/16150/vncwebsocket?port=" + response.data.data.port + "&" + qs.stringify({ vncticket: response.data.data.ticket })

            httpProxy.createServer({
                target: url,
                ws: true,
                secure: false,
                changeOrigin: true,
                headers: {
                    'Cookie': pveCookie,
                },
            }).listen(5001)

Maybe the problem is something with that proxmox provides a wss://.... link and I'm trying to connect with ws://... ?
 
maybe im using wss://

but i also had to url endcode the ticket
like api2/json/nodes/' . $hostname . '/' . $vtype . '/' . $username . '/vncwebsocket?port=' . urlencode($port) . '&vncticket=' . urlencode($ticket)

I rember it was hard to debug the wss call chrome did show the real reason firefox did and i also have problems with my certs and the domain of my poxy as i have a reverse proxy there also
 
maybe im using wss://

but i also had to url endcode the ticket
like api2/json/nodes/' . $hostname . '/' . $vtype . '/' . $username . '/vncwebsocket?port=' . urlencode($port) . '&vncticket=' . urlencode($ticket)

I rember it was hard to debug the wss call chrome did show the real reason firefox did and i also have problems with my certs and the domain of my poxy as i have a reverse proxy there also
The ticket is url encoded

what I'm trying to achieve is that from an app running on http://ip:3000, I connect to ws://myproxy-ip:5001, and the proxy connects to the wss://proxmox-ip....
but this requires that 'password' authentication on the front-end. I figure it's an issue with certificates?
the /vncproxy call gives back a certificate, maybe I should be using that somehow?
 
but that is not a password prompt from pve, but it seems a http basic auth prompt. i'd check your proxy if it's correctly configured...
also it says "localhost:3001" but you wrote 5001, maybe there is a typo somewhere?
 
but that is not a password prompt from pve, but it seems a http basic auth prompt. i'd check your proxy if it's correctly configured...
also it says "localhost:3001" but you wrote 5001, maybe there is a typo somewhere?
Well, yes, it's a basic auth prompt. That's why I asked if there was any way to prevent this to be needed. I thought I'm getting prompted, because connecting to the proxmox websocket stream asks me to.

However, I have found a solution.
From the vnc client, on the onCredentialsRequired event one can get the RFB object, and on that theres a sendCredentials call, and in that we can provide then vnc-ticket

Thank you for your time, I mark this thread as solved
 

About

The Proxmox community has been around for many years and offers help and support for Proxmox VE, Proxmox Backup Server, and Proxmox Mail Gateway.
We think our community is one of the best thanks to people like you!

Get your subscription!

The Proxmox team works very hard to make sure you are running the best software and getting stable updates and security enhancements, as well as quick enterprise support. Tens of thousands of happy customers have a Proxmox subscription. Get yours easily in our online shop.

Buy now!