VNC access with password authentication

matay1 · April 8, 2022, 9:27am

Hi,

I’m wondering if there is any chance of enabling VNC connections with password authentication feature on weston?

VNC is working great with ENABLE_VNC=1 environment variable and
command=/usr/bin/weston --backend=vnc-backend.so --shell=fullscreen-shell.so in weston.ini, but I can’t see away to enable any authentication method.

jeremias.tx · April 8, 2022, 7:40pm

Greetings @matay1,

The VNC implementation we use with Weston does not have support for authentication at this time. That said, it seems your use-case here isn’t possible at the moment.

I can make a request internally to see if this would be possible, but I can’t promise anything at this time.

Just to make sure I understand, you’re just looking for simple password-based authentication with VNC in Weston, correct? Are there any other details here that might complicate things?

Best Regards,
Jeremias

matay1 · April 14, 2022, 10:32am

Thank you for reply.
Yes, I mean just a simple password-based authentication, without any additional functionalities etc.
I would be very grateful for submitting such request.

Regards,
Mateusz

jeremias.tx · April 14, 2022, 7:04pm

Yes, I mean just a simple password-based authentication, without any additional functionalities etc.

I see, and one final question. How are you planning to use VNC and for what purposes? Is the authentication feature vital for your project?

Since you’re asking for authentication, I assume you’re going to be using this in production then, correct?

Also are you using VNC for debugging purposes or remote monitoring of the UI, or something else? If you’re interesting in remote monitoring of the device we do have something like this planned in the near future.

Reason I’m asking all this, is sure I can just go ahead and submit a feature request for VNC authentication. But, this really doesn’t guarantee anything, it might not even get done. In which case that doesn’t really help you. Which is why maybe if you explain your use-case, perhaps we can find an alternative solutions.

Best Regards,
Jeremias

matay1 · April 28, 2022, 8:43am

Yes, it is vital for our project. We need to have the possibility to remotly monitor UI and sometimes, for debugging purposes, take control of our application as well (I mean like simply click somewhere on the screen with a mouse or pass pressed key). And yes, you are guessing it right - it is going to be used on production, that is why I’m wondering about a way of protecting it from freely access.

Best Regards,
Mateusz

jeremias.tx · April 28, 2022, 5:45pm

I believe I have a grasp on your use-case now. In short you want to be able to securely monitor and access your product’s UI in production.

I see two options then, either we add authentication support to the VNC we use. Or, we are also working on a remote access feature with Torizon platforms. But, I’m not sure at the moment if the remote access includes VNC-like UI access.

As I said before I can make the request internally, but I can’t guarantee that a solution would be available in time for your project’s timeline. Since this is a vital part of your project, I’d consider alternative solutions in the short-term.

Edit: After I made this comment I recalled that we had the following article: OpenVPN and Weston's VNC/RDP on Torizon OS | Toradex Developer Center

The VPN connection can be password/certificate protected. Would this be a suitable workaround? Since then someone has to authenticate the VPN connection before accessing the VNC connection. Or do you really require authentication specifically on VNC?

Best Regards,
Jeremias

matay1 · May 26, 2022, 9:50am

Sorry for late reply.
Unfortunately, a VPN connection will not be possible in this case as most of our customers will not allow us to install a VPN server inside their internal network.
I tried to create a docker image using Sway instead of Weston to be able to use wayvnc, but I can’t run it in any way. So after further research, nothing comes to mind except this internal request.

Regards,
Mateusz

jeremias.tx · May 26, 2022, 8:06pm

Since nothing we have currently seems to be able to fit your use-case I’ll go ahead and make an internal ticket for our team to address this. However, as I’ve said previously there’s no guarantee when this task will be complete.

Best Regards,
Jeremias

matay1 · June 1, 2022, 6:57am

Ok, thank you. I would be grateful for any information on the progress in resolving this issue.

Best regards,
Mateusz

LukRo · August 14, 2024, 11:15am

Hi

Is there any update on this topic?
I have a customer request with a similar use-case having the need of password authentication.

Thanks

allan.tx · August 14, 2024, 2:26pm

Hi @LukRo

Could you please open a new thread with your issue, that way we can keep a better track of it.

Also, please give more details of what exactly is that you need.

You can check this new feature from the Torizon Cloud and see if it fits your use case.

LukRo · August 19, 2024, 7:32am

Hi Allan,

I have added to this thread, because the technical requirements are the same
→ " VNC access with password authentication"
I was wondering if something happend in this direction. The remote access feature is not applicable in this situation.

If it still makes sense to create a new thread with the same request, I will do so.

Thanks,
Luke

jeremias.tx · August 23, 2024, 7:41pm

A separate thread would help us from an organizational point of view. It would also be a good opportunity for you to describe your full use-case and requirements for this in an independent thread.

Best Regards,
Jeremias