prevent take over of a SPICE-Remotedesktop

Chris&Patte

Member
Sep 3, 2013
23
0
21
Hello,

is it possible to prevent the take over of a existing SPICE remote desktop session?

Actually, every user with permissions to a dedicated VM can over take any SPICE Window that another user with similar permissions had used. And therefore spy on any data and use the login on those VM by himself without any restrictions.

Is it possible to block that behavior in any way, maybe
- that a running SPICE session can not take over from another user?
- that a SPICE session can only been take over from the same client that started the remote session before?
- or that a running SPICE session canot take over at all, that it is needet to log off first before another user can start another spice session on a particular VM?
 

dcsapak

Proxmox Staff Member
Staff member
Feb 1, 2016
8,551
1,101
164
34
Vienna
for such a thing you have to use a remote desktop technology which sits inside the guest

the vnc/spice console of qemu is like looking at the monitor/using the plugged in mouse of a hardwarebox.. as soon as someone can
stand there and look at the monitor, everything somewhere does there is visible
 

Chris&Patte

Member
Sep 3, 2013
23
0
21
Well, not really. I need the Host-Remotedesktop because of the workload i have running & it is possible somehow, as Virtualbox shows.

In Virtualbox you can limit the amount of parallel user via settings to one user, preventing the overtake of a Remotedesktopsession.

Not really a perfect solution, but working.

Unfortunatly using VirtualBox as enterprise Hypervisor is not really smooth. A lot of scripting and manual work instead of a nice WebGUI :-(

But it seems that VirtualBox is the only free usable Hypervisor that has this functionality for non-Admin users.
 

Chris&Patte

Member
Sep 3, 2013
23
0
21
i#m now going forward with a combination of Hyper-V and guacamole.
Guacamole can connect to Host-RDP of Hyper-V and has some of the features that MS removed with Server 2012R2 (permission per users) which gave a similar experience then with Virtualbox.

Unfortunatly Proxmox seems not to be usable for that kind of workload. The Remotedesktop-fatures of Proxmox are nice for admin purpose but lack to many features for a user workload.

I would like to use Proxmox together with Guacamole, but because of the authentication process of Proxmox-Remotedesktop this looks to much like a long crafting job :-(
 

About

The Proxmox community has been around for many years and offers help and support for Proxmox VE, Proxmox Backup Server, and Proxmox Mail Gateway.
We think our community is one of the best thanks to people like you!

Get your subscription!

The Proxmox team works very hard to make sure you are running the best software and getting stable updates and security enhancements, as well as quick enterprise support. Tens of thousands of happy customers have a Proxmox subscription. Get your own in 60 seconds.

Buy now!