WARNING - OLD ARCHIVES

This is an archived copy of the Xen.org mailing list, which we have preserved to ensure that existing links to archives are not broken. The live archive, which contains the latest emails, can be found at http://lists.xen.org/
   
 
 
Xen 		  
Home Products Support Community News
 
   
 

xen-users

[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

[Xen-users] securing the vnc pvfb

from [Luke S. Crawford] [Permanent Link][Original]
To: xen-users@xxxxxxxxxxxxxxxxxxx
Subject: [Xen-users] securing the vnc pvfb
From: "Luke S. Crawford" <lsc@xxxxxxxxx>
Date: Sun, 3 Jun 2007 16:02:06 -0700 (PDT)
Cc: chris@xxxxxxxxx
Delivery-date: Sun, 03 Jun 2007 16:00:32 -0700
Envelope-to: www-data@xxxxxxxxxxxxxxxxxx
List-help: <mailto:xen-users-request@lists.xensource.com?subject=help>
List-id: Xen user discussion <xen-users.lists.xensource.com>
List-post: <mailto:xen-users@lists.xensource.com>
List-subscribe: <http://lists.xensource.com/cgi-bin/mailman/listinfo/xen-users>, <mailto:xen-users-request@lists.xensource.com?subject=subscribe>
List-unsubscribe: <http://lists.xensource.com/cgi-bin/mailman/listinfo/xen-users>, <mailto:xen-users-request@lists.xensource.com?subject=unsubscribe>
Sender: xen-users-bounces@xxxxxxxxxxxxxxxxxxx
I would like to allow users to install their own paravirtualized DomUs using tools like virt-install. one way to make this possible is to give the users access to the vnc console that the pvfb driver enables.
The question is this: how do I secure access to this? from what I read of vnc security, simply leaving it open isn't much of an option. I could setup a second machine that my users would have to setup a ssh tunnel through to get to it, but that removes some of the "easy and intuitive to use" bit that the vnc console provides. (not that this is unacceptable; my entire business model has been that there are people that know what they are doing, and that those people are an undeserved market... right now, I require all my customers to understand how to generate and send me a OpenSSH public keys... still, the easier, the better.)
So yeah, is anyone else opening the vnc console to customers? how do you go about securing it? 

_______________________________________________
Xen-users mailing list
Xen-users@xxxxxxxxxxxxxxxxxxx
http://lists.xensource.com/xen-users
[More with this subject...]
<Prev in Thread] Current Thread [Next in Thread>
  • [Xen-users] securing the vnc pvfb, Luke S. Crawford <=
Previous by Date:  [Xen-users] WinXP cannot partition disk, Rob van Oostveen
Next by Date:  [Xen-users] Xen and iptables, Frank Church
Previous by Thread:  [Xen-users] WinXP cannot partition disk, Rob van Oostveen
Next by Thread:  [Xen-users] Xen and iptables, Frank Church
Indexes:  [Date] [Thread] [Top] [All Lists]
 
   

Copyright , Citrix Systems Inc. All rights reserved. Legal and Privacy