docs/system/vnc-security.rst

4 ------------
19 .. parsed-literal::
21    |qemu_system| [...OPTIONS...] -vnc unix:/home/joebloggs/.qemu-myvm-vnc
36 brute-forced by a client making repeat connections. For this reason, a
39 authentication is not supported when operating in FIPS 140-2 compliance
45 .. parsed-literal::
47    |qemu_system| [...OPTIONS...] -vnc :1,password=on -monitor stdio
60 because TLS on its own is susceptible to man-in-the-middle attacks.
65 .. parsed-literal::
68      -object tls-creds-x509,id=tls0,dir=/etc/pki/qemu,endpoint=server,verify-peer=off \
69      -vnc :1,tls-creds=tls0 -monitor stdio
72 files, ``ca-cert.pem``, ``server-cert.pem`` and ``server-key.pem``.
74 ``$HOME/.pki/qemu``. NB the ``server-key.pem`` file should be protected
87 but with ``verify-peer`` set to ``on`` instead.
89 .. parsed-literal::
92      -object tls-creds-x509,id=tls0,dir=/etc/pki/qemu,endpoint=server,verify-peer=on \
93      -vnc :1,tls-creds=tls0 -monitor stdio
103 .. parsed-literal::
106      -object tls-creds-x509,id=tls0,dir=/etc/pki/qemu,endpoint=server,verify-peer=on \
107      -vnc :1,tls-creds=tls0,password=on -monitor stdio
120 GSSAPI/Kerberos, LDAP, SQL databases, one-time keys and more. The
129 .. parsed-literal::
131    |qemu_system| [...OPTIONS...] -vnc :1,sasl=on -monitor stdio
145 .. parsed-literal::
148      -object tls-creds-x509,id=tls0,dir=/etc/pki/qemu,endpoint=server,verify-peer=on \
149      -vnc :1,tls-creds=tls0,sasl=on -monitor stdio
169 versions of QEMU referred to the DIGEST-MD5 mechanism, however, it has
171 never be used any more. The SCRAM-SHA-256 mechanism provides a simple
172 username/password auth facility similar to DIGEST-MD5, but does not
194    mech_list: scram-sha-256