VNC access with password authentication

Hi,

I’m wondering if there is any chance of enabling VNC connections with password authentication feature on weston?

VNC is working great with ENABLE_VNC=1 environment variable and
command=/usr/bin/weston --backend=vnc-backend.so --shell=fullscreen-shell.so in weston.ini, but I can’t see away to enable any authentication method.

Greetings @matay1,

The VNC implementation we use with Weston does not have support for authentication at this time. That said, it seems your use-case here isn’t possible at the moment.

I can make a request internally to see if this would be possible, but I can’t promise anything at this time.

Just to make sure I understand, you’re just looking for simple password-based authentication with VNC in Weston, correct? Are there any other details here that might complicate things?

Best Regards,
Jeremias

Thank you for reply.
Yes, I mean just a simple password-based authentication, without any additional functionalities etc.
I would be very grateful for submitting such request.

Regards,
Mateusz

Yes, I mean just a simple password-based authentication, without any additional functionalities etc.

I see, and one final question. How are you planning to use VNC and for what purposes? Is the authentication feature vital for your project?

Since you’re asking for authentication, I assume you’re going to be using this in production then, correct?

Also are you using VNC for debugging purposes or remote monitoring of the UI, or something else? If you’re interesting in remote monitoring of the device we do have something like this planned in the near future.

Reason I’m asking all this, is sure I can just go ahead and submit a feature request for VNC authentication. But, this really doesn’t guarantee anything, it might not even get done. In which case that doesn’t really help you. Which is why maybe if you explain your use-case, perhaps we can find an alternative solutions.

Best Regards,
Jeremias

Yes, it is vital for our project. We need to have the possibility to remotly monitor UI and sometimes, for debugging purposes, take control of our application as well (I mean like simply click somewhere on the screen with a mouse or pass pressed key). And yes, you are guessing it right - it is going to be used on production, that is why I’m wondering about a way of protecting it from freely access.

Best Regards,
Mateusz

I believe I have a grasp on your use-case now. In short you want to be able to securely monitor and access your product’s UI in production.

I see two options then, either we add authentication support to the VNC we use. Or, we are also working on a remote access feature with Torizon platforms. But, I’m not sure at the moment if the remote access includes VNC-like UI access.

As I said before I can make the request internally, but I can’t guarantee that a solution would be available in time for your project’s timeline. Since this is a vital part of your project, I’d consider alternative solutions in the short-term.

Edit: After I made this comment I recalled that we had the following article: OpenVPN and Weston's VNC/RDP on TorizonCore

The VPN connection can be password/certificate protected. Would this be a suitable workaround? Since then someone has to authenticate the VPN connection before accessing the VNC connection. Or do you really require authentication specifically on VNC?

Best Regards,
Jeremias

Sorry for late reply.
Unfortunately, a VPN connection will not be possible in this case as most of our customers will not allow us to install a VPN server inside their internal network.
I tried to create a docker image using Sway instead of Weston to be able to use wayvnc, but I can’t run it in any way. So after further research, nothing comes to mind except this internal request.

Regards,
Mateusz

Since nothing we have currently seems to be able to fit your use-case I’ll go ahead and make an internal ticket for our team to address this. However, as I’ve said previously there’s no guarantee when this task will be complete.

Best Regards,
Jeremias

Ok, thank you. I would be grateful for any information on the progress in resolving this issue.

Best regards,
Mateusz