I have a customer using a Colibri IMX8 SoM running on Torizon OS. The customer has the requirement of using VNC to access their GUI-Application. There should be a simple password authentication method to secure the GUI’s access. The device is in an air-gapped network environment, so the “Torizon remote Access” feature is not usable and also VPN is out of the game for other reasons.
My question is:
Is it feasible that the VNC password authentication method will be added to Weston anytime soon?
Hi, I’m the Toradex AI Assistant. I’m in early beta, and I would appreciate your feedback.
The Toradex Support team will follow up with you shortly!
Did you like my answer?
Hi Lukas,
As of the current documentation and available features, Weston in Torizon OS does not natively support password authentication for VNC access. The VNC backend provided by Weston is primarily intended for development and debugging purposes and does not include advanced security features like password protection.
Given that your customer is operating in an air-gapped network environment and cannot use Torizon Remote Access or VPN, an alternative approach would be to use a VNC server that supports password authentication. You could run a separate VNC server container alongside the Weston container. Here’s a general approach:
Set up a VNC server container: Use a VNC server Docker image that supports password authentication, such as tigervnc or x11vnc.
Configure the VNC server: Ensure that the VNC server is configured to require a password for access. This typically involves setting environment variables or configuration files within the VNC server container.
Run the VNC server container: Start the VNC server container and ensure it is properly networked with the Weston container.
Here is an example of how you might set up a tigervnc server with password authentication:
In this setup, replace yourpassword with the desired password for VNC access. Ensure that the VNC server is properly configured to use this password.
This approach allows you to add password protection to VNC access without relying on Weston’s VNC backend. However, please note that this is a workaround and not an official feature of Weston on Torizon OS.
If you need further assistance or have specific requirements, please feel free to reach out.
Looking at what was added here, would this functionality that was added suffice for your customer’s needs?
Obviously we would need to update the version of Weston we are using to include this change. Which I’ll need to check with our team the feasibility of this.
It looks like they have added VNC authentication support via PAM. Yes, this would match the customers requirement.
Do you have an estimate how long this would take to integrate and release as new weston version, if your team decides to go this route?
As another option, I was wondering how hard it would be to “fork” the toradex weston image and add a VNC server e.g. x11vnc that supports password authentication. Maybe you could ask your team about this approach?
Do you have an estimate how long this would take to integrate and release as new weston version, if your team decides to go this route?
As part of our transition to Torizon OS 7.X which will came later this year/early next year. We are updating all our container images. During this the team will update the version of Weston for iMX8. According to the team the new version of Weston used will be Weston 12, which should have the changes for authentication I linked previously.
Now keep in mind these new container image versions will be designed for the upcoming Torizon OS 7.X and may not even work properly for older versions of the OS. Keep this in mind.
As another option, I was wondering how hard it would be to “fork” the toradex weston image and add a VNC server e.g. x11vnc that supports password authentication. Maybe you could ask your team about this approach?
So in theory it should be easy to customize these containers for your specific needs.
Now the specifics on how hard it is to integrate x11vnc, we don’t really have a straight answer for you. Far as I know no one on the team has tried to integrate this into our containers. Installing it in the container is probably simple, getting it to work correctly is unknown.
Thanks for the update concerning transition to OS 7.X resp. updating to Weston 12.
This would be my preferred way to get this feature into my customers application.
Thank you for your effort and support, best regards
Lukas
Glad I could be of some help. Once Torizon OS 7.X is out and stable please give it a try along with the newer container images and see if that helps. Otherwise let us know if something still isn’t quite meeting your requirements and we can always see what can be done on our end.