Hey Jamie,
Am I missing where the VNC password for KVM instances is set? It's cool that VNC mostly works out of the box (though the web Java applet doesn't seem to accept text for me, I'm gonna poke at that more later), but it's dangerous that it has a default password and doesn't seem changeable. VNC access to these instances is like having hardware access to a physical machine, so it'd be trivial to break into a system with just that information.
Status:
Closed (fixed)
Comments
Submitted by JamieCameron on Tue, 06/14/2011 - 15:45 Comment #1
Currently there is no way to set the VNC password after creation - it defaults to whatever you set the root password of a new VM to, or a random string if no password was set at creation time. Annoyingly KVM only seems to support very short VNC passwords, like 6 or 8 characters .. any longer and it fails silently.
I will add support for changing the VNC password to my TODO list for Cloudmin.
While you're at it, make the randomly generated password stronger (looks like 8 chars is the max length). I got a four character one, with all lowercase letters. Since VNC has no brute force protection to speak of, it'd take a few minutes or maybe a few hours to brute force it.
Submitted by JamieCameron on Wed, 06/15/2011 - 00:59 Comment #3
I'll up it to 6 or 8 characters, depending on what works for KVM ..
Submitted by JamieCameron on Wed, 06/15/2011 - 16:41 Comment #4
Turns out 7 characters is the max, so I'll make that the default.
Also, the next Cloudmin release will let you change the VNC console password on the Edit Password page.
Submitted by Issues on Wed, 06/29/2011 - 17:21 Comment #5
Automatically closed -- issue fixed for 2 weeks with no activity.