1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

PVECert parameter in VNC

Discussion in 'Proxmox VE: Installation and configuration' started by tincboy, Mar 28, 2012.

  1. tincboy

    tincboy Member

    Joined:
    Apr 13, 2010
    Messages:
    411
    Likes Received:
    0
    I've my own code which will connect to VNC of each VM from inside my web application, this feature was fine with Proxmox 1.9 but it seems Proxmox 2 have add a PVECert parameter
    My question about this parameter is if it's unique for each VNC session or it's unique for each VM or each Proxmox serve?
    And what about PASSWORD parameter? which kind of encryption does it use?
     
    #1 tincboy, Mar 28, 2012
    Last edited: Mar 28, 2012
  2. dietmar

    dietmar Proxmox Staff Member
    Staff Member

    Joined:
    Apr 28, 2005
    Messages:
    14,155
    Likes Received:
    69
    New VNC is encrypted using TLS with VEncrytAuthPlain, so you need a client which supports that (tigervnc).

    You get all needed parameters when you create the vncproxy with the API (/nodes/<node>/qemu<VMID>/vncproxy).

    Try:

    # pvesh create /nodes/localhost/qemu/10000/vncproxy

    to get an idea
     
  3. tincboy

    tincboy Member

    Joined:
    Apr 13, 2010
    Messages:
    411
    Likes Received:
    0
    Thanks dietmar,
    I've run the command below, but it gots me connection timeout errors, also how can I specify which port I want VNC to listen on?
    Code:
    pvesh create /nodes/c43/qemu/4333/vncproxy
    no connection : Connection timed out
    command '/bin/nc -l -p 5900 -w 10 -c '/usr/sbin/qm vncproxy 4333 2>/dev/null'' failed: exit code 1
    
     
  4. dietmar

    dietmar Proxmox Staff Member
    Staff Member

    Joined:
    Apr 28, 2005
    Messages:
    14,155
    Likes Received:
    69
    Do you use the latest version? And do you run that on the same node the VM is on?

    There is currently no way to specify the port.
     
  5. tincboy

    tincboy Member

    Joined:
    Apr 13, 2010
    Messages:
    411
    Likes Received:
    0
    I guess it's final version, because I've isntalled it last week,
    Code:
    pveversion -v
    pve-manager: 2.0-38 (pve-manager/2.0/af81df02)
    running kernel: 2.6.32-7-pve
    proxmox-ve-2.6.32: 2.0-60
    pve-kernel-2.6.32-7-pve: 2.6.32-60
    lvm2: 2.02.88-2pve1
    clvm: 2.02.88-2pve1
    corosync-pve: 1.4.1-1
    openais-pve: 1.1.4-2
    libqb: 0.10.1-2
    redhat-cluster-pve: 3.1.8-3
    resource-agents-pve: 3.9.2-3
    fence-agents-pve: 3.1.7-1
    pve-cluster: 1.0-23
    qemu-server: 2.0-25
    pve-firmware: 1.0-15
    libpve-common-perl: 1.0-17
    libpve-access-control: 1.0-17
    libpve-storage-perl: 2.0-12
    vncterm: 1.0-2
    vzctl: 3.0.30-2pve1
    vzprocps: 2.0.11-2
    vzquota: 3.0.12-3
    pve-qemu-kvm: 1.0-5
    ksm-control-daemon: 1.1-1
    
     
  6. tincboy

    tincboy Member

    Joined:
    Apr 13, 2010
    Messages:
    411
    Likes Received:
    0
    Yes, it on the same server
     
  7. dietmar

    dietmar Proxmox Staff Member
    Staff Member

    Joined:
    Apr 28, 2005
    Messages:
    14,155
    Likes Received:
    69
    Oh - please can you use a non-existing VMID for the test (or stop the VM)?
     
  8. tincboy

    tincboy Member

    Joined:
    Apr 13, 2010
    Messages:
    411
    Likes Received:
    0
    output for not existing vmid:
    Code:
    pvesh create /nodes/localhost/qemu/8888/vncproxy
    no connection : Connection timed out
    command '/bin/nc -l -p 5900 -w 10 -c '/usr/sbin/qm vncproxy 8888 2>/dev/null'' failed: exit code 1
    200 OK
    {
       "cert" : "-----BEGIN CERTIFICATE-----\nMIIEPzCCAyegAwIBAgIJAICXJAdaqrphMA0GCSqGSIb3DQEBBQUAMHIxJDAiBgNV\nBAMTG1Byb3htb3ggVmlydHVhbCBFbnZpcm9ubWVudDEpMCcGA1UECxMgYWI2ZDgx\nYjhlZWJhNDNiZjE2ODk4ZDIwYWMyYmFlNWQxHzAdBgNVBAoTFlBWRSBDbHVzdGVy\nIE1hbmFnZXIgQ0EwHhcNMTIwMzE3MTMyNjAxWhcNMjIwMzE1MTMyNjAxWjByMSQw\nIgYDVQQDExtQcm94bW94IFZpcnR1YWwgRW52aXJvbm1lbnQxKTAnBgNVBAsTIGFi\nNmQ4MWI4ZWViYTQzYmYxNjg5OGQyMGFjMmJhZTVkMR8wHQYDVQQKExZQVkUgQ2x1\nc3RlciBNYW5hZ2VyIENBMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA\n5Jrpsbam/nknztPDyzsJtiVy32GROvxmSbxgQOyhF6k1xFa9Z33xXl25CxSHkOei\nH4fLKTGhtwC7XoVCaPmBq9Wnyu0DiguPY7tPs5R+YJAWNzK9/vaAakYpcA43deBl\nd/KOdvZNlqiOqzG3QLL/M84+yZt961QTTFBOErjGW6BEMnJqzxk7LSeujsrNZRZ5\noaCUUHDFpMbw/A8Hijy7tFK8LKTnq1bssV3tAZHxU/RHo4IvDMhbWuiDN2RZtEov\nf8Mpy2+7JYBrWkIyp3rix5EMeMPcixkP9KIQb+btn3myNKMcSTvQxteGXoCoTPd4\nWZFAS3vtoje/tBgZW7HrSQIDAQABo4HXMIHUMB0GA1UdDgQWBBR8znH2R1ktEXBq\nqwlPHFZg96XESDCBpAYDVR0jBIGcMIGZgBR8znH2R1ktEXBqqwlPHFZg96XESKF2\npHQwcjEkMCIGA1UEAxMbUHJveG1veCBWaXJ0dWFsIEVudmlyb25tZW50MSkwJwYD\nVQQLEyBhYjZkODFiOGVlYmE0M2JmMTY4OThkMjBhYzJiYWU1ZDEfMB0GA1UEChMW\nUFZFIENsdXN0ZXIgTWFuYWdlciBDQYIJAICXJAdaqrphMAwGA1UdEwQFMAMBAf8w\nDQYJKoZIhvcNAQEFBQADggEBAMZ4hXMWYtJSNq79PhiDnzrJp8LQjQvBs6Q0dZMg\nOT6ZfN6GhMYiEwKN0hHJlxe1GyqQMPG7Kod0UR8RjzGEM6U+QYi9otqNlJlVzNyS\ndn/7qmqvGr9+U6l++SOZkiexUnlaa52ZBiCwCs46B9MjkyCRwEUk7daIhBxFgrAw\nBrQTbkm4TwADXABozQFQPAFt69yokEvLBHdOUidWxmh5fQdO0QUJauLeyF28KTX3\nTqUtZzdpPzE39KRCOwPjeeA79QoTb1Bk7b33gIXmxUTbdPgGGOVJZA4DGRFiELX5\nCckZHgAZqNNZhN/dMzqTpvU1ZNpSZqViwm37SZyfOmtAOwE=\n-----END CERTIFICATE-----\n",
       "port" : 5900,
       "ticket" : "PVEVNC:4F7481E8::OHjcIAAY99aIN6kRKkwv7RO30Quox9XfeTfM1Ae2DsLaMfhkXI2jFzjgA+b6eIKN65ylLXhJc1Hw4ugLoA3lNO34zeHZDYk3FazPLymb5ZGodL3QB0R0KE9if3sjWGR2BmVDiwzUj4ZHknafl9qZxJBy0xQvQ8UAQkFM32S9AAFhpWVTRqPccgf0Dhb3fE4b8XPT5eyJQ3SLT1rP8x7KHa6VayXSOCBa58B0MxlRKbx6SKoK2ulkLgRf+Xu9KBxxxpssAkV7M3W4Xen3Uluby2eDtv7tosKIT/YB3l547kRffCYKPHovWzqMvfYnQcX9EnbJD3a9zqUADco+cTfQkw==",
       "upid" : "UPID:c43:00084C2E:05558C53:4F7481E8:vncproxy:8888:root@pam:",
       "user" : "[EMAIL="root@pam"]root@pam[/EMAIL]"
    }
    
    output for existing vmid:
    Code:
    pvesh create /nodes/localhost/qemu/4333/vncproxy
    no connection : Connection timed out
    command '/bin/nc -l -p 5900 -w 10 -c '/usr/sbin/qm vncproxy 4333 2>/dev/null'' failed: exit code 1
    200 OK
    {
       "cert" : "-----BEGIN CERTIFICATE-----\nMIIEPzCCAyegAwIBAgIJAICXJAdaqrphMA0GCSqGSIb3DQEBBQUAMHIxJDAiBgNV\nBAMTG1Byb3htb3ggVmlydHVhbCBFbnZpcm9ubWVudDEpMCcGA1UECxMgYWI2ZDgx\nYjhlZWJhNDNiZjE2ODk4ZDIwYWMyYmFlNWQxHzAdBgNVBAoTFlBWRSBDbHVzdGVy\nIE1hbmFnZXIgQ0EwHhcNMTIwMzE3MTMyNjAxWhcNMjIwMzE1MTMyNjAxWjByMSQw\nIgYDVQQDExtQcm94bW94IFZpcnR1YWwgRW52aXJvbm1lbnQxKTAnBgNVBAsTIGFi\nNmQ4MWI4ZWViYTQzYmYxNjg5OGQyMGFjMmJhZTVkMR8wHQYDVQQKExZQVkUgQ2x1\nc3RlciBNYW5hZ2VyIENBMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA\n5Jrpsbam/nknztPDyzsJtiVy32GROvxmSbxgQOyhF6k1xFa9Z33xXl25CxSHkOei\nH4fLKTGhtwC7XoVCaPmBq9Wnyu0DiguPY7tPs5R+YJAWNzK9/vaAakYpcA43deBl\nd/KOdvZNlqiOqzG3QLL/M84+yZt961QTTFBOErjGW6BEMnJqzxk7LSeujsrNZRZ5\noaCUUHDFpMbw/A8Hijy7tFK8LKTnq1bssV3tAZHxU/RHo4IvDMhbWuiDN2RZtEov\nf8Mpy2+7JYBrWkIyp3rix5EMeMPcixkP9KIQb+btn3myNKMcSTvQxteGXoCoTPd4\nWZFAS3vtoje/tBgZW7HrSQIDAQABo4HXMIHUMB0GA1UdDgQWBBR8znH2R1ktEXBq\nqwlPHFZg96XESDCBpAYDVR0jBIGcMIGZgBR8znH2R1ktEXBqqwlPHFZg96XESKF2\npHQwcjEkMCIGA1UEAxMbUHJveG1veCBWaXJ0dWFsIEVudmlyb25tZW50MSkwJwYD\nVQQLEyBhYjZkODFiOGVlYmE0M2JmMTY4OThkMjBhYzJiYWU1ZDEfMB0GA1UEChMW\nUFZFIENsdXN0ZXIgTWFuYWdlciBDQYIJAICXJAdaqrphMAwGA1UdEwQFMAMBAf8w\nDQYJKoZIhvcNAQEFBQADggEBAMZ4hXMWYtJSNq79PhiDnzrJp8LQjQvBs6Q0dZMg\nOT6ZfN6GhMYiEwKN0hHJlxe1GyqQMPG7Kod0UR8RjzGEM6U+QYi9otqNlJlVzNyS\ndn/7qmqvGr9+U6l++SOZkiexUnlaa52ZBiCwCs46B9MjkyCRwEUk7daIhBxFgrAw\nBrQTbkm4TwADXABozQFQPAFt69yokEvLBHdOUidWxmh5fQdO0QUJauLeyF28KTX3\nTqUtZzdpPzE39KRCOwPjeeA79QoTb1Bk7b33gIXmxUTbdPgGGOVJZA4DGRFiELX5\nCckZHgAZqNNZhN/dMzqTpvU1ZNpSZqViwm37SZyfOmtAOwE=\n-----END CERTIFICATE-----\n",
       "port" : 5900,
       "ticket" : "PVEVNC:4F74825B::RSl8dc71OVwwQqc3n7PooT0vq7H2gP7CZ3QRvNC0yq7E+pDVsdbEn1sJj8FFRAQMnnM6fWfPCU6wUUf66Dh1b48NkHCsrViss0FZ600Jq8kRfsbt6mhGWgHhoRN62XSmk9AL/sOtlDKDmY2g4uoIKhRZHQAikT7yTAd8ltov5omaMak9JJnr1g67uS+DYGvRXJ+OTieAKoxezYP6T4dsvd6GA6pEIxeDjHizzNm9njzBi40TyLnt/nTC3truFftIzZfdYTqiutwvGNzBz5tJMXI2/oZB4PaX3h+OQyf2CKcsU7NnrGcFWfZ3K6/+C7dUg9O7gZlErpQiS8fupJUAHQ==",
       "upid" : "UPID:c43:00084D02:0555B91B:4F74825B:vncproxy:4333:root@pam:",
       "user" : "[EMAIL="root@pam"]root@pam[/EMAIL]"
    }
    
    Thanks for your attention
     
  9. dietmar

    dietmar Proxmox Staff Member
    Staff Member

    Joined:
    Apr 28, 2005
    Messages:
    14,155
    Likes Received:
    69
    So it works as expected - You can use the returned parameters for VNC (use ticket as password).
     
  10. tincboy

    tincboy Member

    Joined:
    Apr 13, 2010
    Messages:
    411
    Likes Received:
    0
    I'm using the data, but would you please let me know if the name of HOST parameter is changed? because the VNC shows me nothing not even any error just a white screen.
     
  11. dietmar

    dietmar Proxmox Staff Member
    Staff Member

    Joined:
    Apr 28, 2005
    Messages:
    14,155
    Likes Received:
    69
  12. tincboy

    tincboy Member

    Joined:
    Apr 13, 2010
    Messages:
    411
    Likes Received:
    0
    Thank you dietmar,
    I've implement my code just like what you did in start_vnc_viewer,
    But the issue is not gone, I didn't find out how to pass the HOST ip to the applet, and white screen is still what I got from the applet.
    Would you please let me know if there's any thing else I should consider?
     
  13. dietmar

    dietmar Proxmox Staff Member
    Staff Member

    Joined:
    Apr 28, 2005
    Messages:
    14,155
    Likes Received:
    69
    You can only connect to the host where you started the proxy. Sorry, but I do not really know what you are trying to do.
     
  14. tincboy

    tincboy Member

    Joined:
    Apr 13, 2010
    Messages:
    411
    Likes Received:
    0
    I'm a VPS provider, in my website I've a section which my clients can reboot/shut down/vnc to their servers,
    This was simply done with Proxmox 1.9 but in Proxmox 2 I didn't get any success to show VNC console in my web site to my clients,
    It is important for me to let my clients control their servers via inside of their client area and not going to different address,
     
  15. tincboy

    tincboy Member

    Joined:
    Apr 13, 2010
    Messages:
    411
    Likes Received:
    0
    Any help on this?
    Do you think running the qm vncproxy manually by myself will help me in this situation?
     
  16. dietmar

    dietmar Proxmox Staff Member
    Staff Member

    Joined:
    Apr 28, 2005
    Messages:
    14,155
    Likes Received:
    69
    Again, I do not know your setup in detail, and you did not wrote any details about the problem. In general, you need a VNC server, and connect that to the VNC client. You have the complete source code, so it should be easy to debug.
     
  17. tincboy

    tincboy Member

    Joined:
    Apr 13, 2010
    Messages:
    411
    Likes Received:
    0
  18. dietmar

    dietmar Proxmox Staff Member
    Staff Member

    Joined:
    Apr 28, 2005
    Messages:
    14,155
    Likes Received:
    69
    The VNC applet is part of the 'vncterm' package. That package include the whole tigervnc sources.
     
  19. tincboy

    tincboy Member

    Joined:
    Apr 13, 2010
    Messages:
    411
    Likes Received:
    0
    Security question,
    As I want to show the applet to my clients on my own website, I've to pass the username & password to the applet, So does the ticket value contains critical data? and can be abused be who knows it?
     
  20. dietmar

    dietmar Proxmox Staff Member
    Staff Member

    Joined:
    Apr 28, 2005
    Messages:
    14,155
    Likes Received:
    69
    I guess you talk about the ticket returned by the create vncproxy API? That is a special ticket only valid for a very limited time (1 min). That ticket allows access to that VNC console for that time, so you should not make it public.
     

Share This Page