How to secure VM VNC console?

Stux · May 15, 2017

Is it possible to password protect the VM VNC console in 11RC?

Is it possible to enable encryption?

This is not about protecting from the outside world, but rather just keeping curious cats out.

Thanks

KrisBee · May 15, 2017

If the VNC connection is provided by bhyve and not by installing a vncserver in the VM, then there's no password protection.

I don't have a use case for a VM with a graphical interface, nor for windows VMs, so just use ssh once the VM is installed. ssh connections can be tunnelled if necessary which can potentially secure a VNC connection:

http://www.cl.cam.ac.uk/research/dtg/attarchive/vnc/sshvnc.html

Stux · May 15, 2017

KrisBee said:
If the VNC connection is provided by bhyve and not by installing a vncserver in the VM, then there's no password protection.

I don't have a use case for a VM with a graphical interface, nor for windows VMs, so just use ssh once the VM is installed. ssh connections can be tunnelled if necessary which can potentially secure a VNC connection:

http://www.cl.cam.ac.uk/research/dtg/attarchive/vnc/sshvnc.html

Thanks. I guess I can disable the VNC device unless I want it, and you're right, once sshd is enabled then VNC server can be installed in the server if wanted.

But, I'm assuming there is no capability to even put a trivial password on a bhyve served VNC, at least from FreeNAS GUI?

Anyway, Feature Request added: https://bugs.freenas.org/issues/23979#change-127904

microbug · May 16, 2017

AFAIK VNC is unencrypted so it's inherently insecure anyway (vulnerable to a MITM attack). It's intended for management inside a secured network.

Important Announcement for the TrueNAS Community.

How to secure VM VNC console?

Stux

MVP

KrisBee

Wizard

Stux

MVP

microbug

Dabbler

Similar threads