Closed stephen-fox closed 2 months ago
And if i want use VNC without password?
I could add a configuration file parameter that allows no password (i.e., disables the password generation).
Edit: In retrospect, I learned that VNC passwords are limited to eight characters - so this PR needs to be updated anyways.
@beam, I have added the ability to disable the automatic password generation if the user desires.
I think it would be better to do it differently. Add settings for password generation and normally leave blank.
Alternatively, it would be nice if the VNC server listened on 127.0.0.1 or better yet a unix socket. I wish we could avoid relying on VNC altogether. But that is a constraint bhyve forces and I'm not sure what the alternative would be (maybe something like xvfb
?).
I would like to see secure - and frankly reasonable - defaults in a hypervisor.
Currently, the VNC server is started without a password if none was specified in the guest's configuration file (this is normally done with the "vnc_password" parameter).
This commit changes this behavior to automatically generate a random password if none is configured. This can be disabled by specifying a configuration parameter.
There does not appear to be a way to get the password back to the user via stdout. Since the password already appears in the guest's log file, I felt that was a sensible place to store it for now.
In addition to improving the default security of a guest, this change also allows macOS' builtin VNC client to connect. The macOS VNC client requires servers to configure a password (although, it fails to make that obvious).