VNC Client Access

From Proxmox VE
Revision as of 09:19, 28 October 2021 by D.whyte (talk | contribs) (→‎Standard Console Access)
(diff) ← Older revision | Latest revision (diff) | Newer revision → (diff)
Jump to navigation Jump to search

Standard Console Access

By default, PVE provides access to VMs via noVNC and/or SPICE. It is recommended to use these whenever possible. However, if you need to have browser independent access, it is possible to use an external VNC client such as RealVNC, TightVNC, and Remmina as well.

Configure VNC Access in the Configuration File

Add a line to the VM's configuration file /etc/pve/local/qemu-server/<VMID>.conf which specifies the VNC display number as follows ("77" in the example below):

args: -vnc 0.0.0.0:77

If you want to use password protection, add:

args: -vnc 0.0.0.0:77,password=on

See below on how to set the password.

The display number can be freely chosen, but each number must occur only once. The VNC service then listens at port 5900+display_number. Note that connections via noVNC use display number 0 and following, therefore it is recommended to use higher numbers in order to avoid conflicts.

You can now connect the VNC client to the host IP address and port as chosen ("5977" in the example above).

Set a Password for VNC Access

NOTE: This requires at least QEMU 6.1, as there was a bug in the preceding versions which prevented the setting of a password.

If you have enabled the password=on option above, you will not be able to connect until you set a password. This must be done after the VM has started.

Go to the VM's 'Monitor' panel in the web interface, or otherwise open an HMP connection. Then, use the following command:

 set_password vnc foobar1 -d vnc2

When connecting via an external VNC client, it will now ask for the password "foobar1". The maximum length for VNC passwords is 8 characters.

The password is not persistent, meaning that after the VM has been restarted, the above command must be repeated in order to set the password again.

Optionally, you may also choose to expire the password. Use the following command:

 expire_password vnc +600 -d vnc2

In this case, the password would be valid for an additional 10 minutes (600 seconds) after the command is sent. Already logged in clients will not be disconnected.