Xen 		  
Home About Xen.org Xen Xen Summit Wiki Mailing List Bug Tracker Xen Downloads
 
   
 

xen-users

[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

[Xen-users] securing the vnc pvfb

from [Luke S. Crawford] [Permanent Link][Original]
To: xen-users@xxxxxxxxxxxxxxxxxxx
Subject: [Xen-users] securing the vnc pvfb
From: "Luke S. Crawford" <lsc@xxxxxxxxx>
Date: Sun, 3 Jun 2007 16:02:06 -0700 (PDT)
Cc: chris@xxxxxxxxx
Delivery-date: Sun, 03 Jun 2007 16:00:32 -0700
Envelope-to: www-data@xxxxxxxxxxxxxxxxxx
List-help: <mailto:xen-users-request@lists.xensource.com?subject=help>
List-id: Xen user discussion <xen-users.lists.xensource.com>
List-post: <mailto:xen-users@lists.xensource.com>
List-subscribe: <http://lists.xensource.com/cgi-bin/mailman/listinfo/xen-users>, <mailto:xen-users-request@lists.xensource.com?subject=subscribe>
List-unsubscribe: <http://lists.xensource.com/cgi-bin/mailman/listinfo/xen-users>, <mailto:xen-users-request@lists.xensource.com?subject=unsubscribe>
Sender: xen-users-bounces@xxxxxxxxxxxxxxxxxxx
I would like to allow users to install their own paravirtualized DomUs using tools like virt-install. one way to make this possible is to give the users access to the vnc console that the pvfb driver enables.
The question is this: how do I secure access to this? from what I read of vnc security, simply leaving it open isn't much of an option. I could setup a second machine that my users would have to setup a ssh tunnel through to get to it, but that removes some of the "easy and intuitive to use" bit that the vnc console provides. (not that this is unacceptable; my entire business model has been that there are people that know what they are doing, and that those people are an undeserved market... right now, I require all my customers to understand how to generate and send me a OpenSSH public keys... still, the easier, the better.)
So yeah, is anyone else opening the vnc console to customers? how do you go about securing it? 

_______________________________________________
Xen-users mailing list
Xen-users@xxxxxxxxxxxxxxxxxxx
http://lists.xensource.com/xen-users
[More with this subject...]
<Prev in Thread] Current Thread [Next in Thread>
  • [Xen-users] securing the vnc pvfb, Luke S. Crawford <=
Previous by Date:  [Xen-users] WinXP cannot partition disk, Rob van Oostveen
Next by Date:  [Xen-users] Xen and iptables, Frank Church
Previous by Thread:  [Xen-users] WinXP cannot partition disk, Rob van Oostveen
Next by Thread:  [Xen-users] Xen and iptables, Frank Church
Indexes:  [Date] [Thread] [Top] [All Lists]
 
   

Copyright , XenSource, Inc. All rights reserved. Note: the xen.org trademark policy
is changing. For information please email legalxen.org, Legal and Privacy