VNC Client Access: Difference between revisions

From Proxmox VE
Jump to navigation Jump to search
No edit summary
 
(3 intermediate revisions by 2 users not shown)
Line 1: Line 1:
= Standard Console Access =
= Standard Console Access =


As default Proxmox provides access via [[https://kanaka.github.io/noVNC/noVNC/vnc.html noVNC]] and/or [[SPICE]] and it is recommended to use this access whenever possible. If there are some reasons to have browser independent access it is possible to use an ordinary VNC client.
By default, PVE provides access to VMs via [https://novnc.com/info.html noVNC] and/or [https://www.spice-space.org SPICE]. It is recommended to use these whenever possible. However, if you need to have browser independent access, it is possible to use an external VNC client such as RealVNC, TightVNC, and Remmina as well.


= Enabling Access from other VNC clients =
== Configure VNC Access in the Configuration File ==


Add a line to the VM's configuration file ''/etc/pve/local/qemu-server/<VMID>.conf'' which specifies the VNC display number as follows ("77" in the example below):


It is possible to enable the VNC access for use with usual VNC clients as RealVNC, TightVNC, Remmina etc.
args: -vnc 0.0.0.0:77


== Configure VNC Access via Monitor ==
If you want to use password protection, add:


# Go to VM´s 'Monitor' panel in the web interface.
args: -vnc 0.0.0.0:77,password=on
# You can setup a plain VNC or also a password secured one:
#* for the plain one type the following into the monitor:
#: <pre>change vnc 0.0.0.0:100</pre>
#: 100 denotes the port, this will get added to the VNC base port of 5900, so in this case the VNC server listens on all addresses on port 6000.
#* for the password secured one type the following into the monitor:
#: <pre>change vnc 0.0.0.0:100,password&#10;set_password vnc foobar1&#10;expire_password vnc +30</pre>
#: note: the first "password" parameter after the IP address mustn't be replaced by a password but is the word "password" itself, this is just a boolean parameter telling QEMU that the server needs a password.
# now you may connect via the ip address and port (6000 in the above example)


The configuration is not persistent, i.e. after the VM has been stopped and started again the above actions have to be repeated in order to enable VNC access via external client.
See below on how to set the password.


== Configure VNC Access via Configuration File ==
The display number can be freely chosen, but each number must occur only once. The VNC service then listens at port 5900+display_number. Note that connections via noVNC use display number 0 and following, therefore it is recommended to use higher numbers in order to avoid conflicts.


* Add in the VM´s configuration file /etc/pve/local/qemu-server/<KVM ID>.conf a line which specifies the VNC display number as follows ("77" in the example bleow):
You can now connect the VNC client to the host IP address and port as chosen ("5977" in the example above).


args: -vnc 0.0.0.0:77
== Set a Password for VNC Access ==


The display number can be freely chosen, but each number must occur only once. VNC service listens then at port 5900+display_number. Note that connections via noVNC start using display number 0 consecutively therefore it´s recommended to use higher numbers in order to avoid conflicts.
'''NOTE:''' This requires at least QEMU 6.1, as there was a bug in the preceding versions which prevented the setting of a password.


* Connect from VNC client to Proxmox host ip address and port  as specified (5977 in the above example)
If you have enabled the ''password=on'' option above, you will not be able to connect until you set a password. This must be done after the VM has started.


Note: Using this method it not possible to set a VNC password.  
Go to the VM's 'Monitor' panel in the web interface, or otherwise open an HMP connection. Then, use the following command:
 
  set_password vnc foobar1 -d vnc2
 
When connecting via an external VNC client, it will now ask for the password "foobar1". The maximum length for VNC passwords is 8 characters.
 
The password is not persistent, meaning that after the VM has been restarted, the above command must be repeated in order to set the password again.
 
Optionally, you may also choose to expire the password. Use the following command:
 
  expire_password vnc +600 -d vnc2
 
In this case, the password would be valid for an additional 10 minutes (600 seconds) after the command is sent. Already logged in clients will not be disconnected.






[[Category: HOWTO]]
[[Category: HOWTO]]

Latest revision as of 09:19, 28 October 2021

Standard Console Access

By default, PVE provides access to VMs via noVNC and/or SPICE. It is recommended to use these whenever possible. However, if you need to have browser independent access, it is possible to use an external VNC client such as RealVNC, TightVNC, and Remmina as well.

Configure VNC Access in the Configuration File

Add a line to the VM's configuration file /etc/pve/local/qemu-server/<VMID>.conf which specifies the VNC display number as follows ("77" in the example below):

args: -vnc 0.0.0.0:77

If you want to use password protection, add:

args: -vnc 0.0.0.0:77,password=on

See below on how to set the password.

The display number can be freely chosen, but each number must occur only once. The VNC service then listens at port 5900+display_number. Note that connections via noVNC use display number 0 and following, therefore it is recommended to use higher numbers in order to avoid conflicts.

You can now connect the VNC client to the host IP address and port as chosen ("5977" in the example above).

Set a Password for VNC Access

NOTE: This requires at least QEMU 6.1, as there was a bug in the preceding versions which prevented the setting of a password.

If you have enabled the password=on option above, you will not be able to connect until you set a password. This must be done after the VM has started.

Go to the VM's 'Monitor' panel in the web interface, or otherwise open an HMP connection. Then, use the following command:

 set_password vnc foobar1 -d vnc2

When connecting via an external VNC client, it will now ask for the password "foobar1". The maximum length for VNC passwords is 8 characters.

The password is not persistent, meaning that after the VM has been restarted, the above command must be repeated in order to set the password again.

Optionally, you may also choose to expire the password. Use the following command:

 expire_password vnc +600 -d vnc2

In this case, the password would be valid for an additional 10 minutes (600 seconds) after the command is sent. Already logged in clients will not be disconnected.