Bug 1041128 - [RFE][nova]: Reset established vnc connections
Summary: [RFE][nova]: Reset established vnc connections
Keywords:
Status: CLOSED UPSTREAM
Alias: None
Product: Red Hat OpenStack
Classification: Red Hat
Component: RFEs
Version: unspecified
Hardware: Unspecified
OS: Unspecified
unspecified
unspecified
Target Milestone: ---
: ---
Assignee: RHOS Maint
QA Contact:
URL: https://blueprints.launchpad.net/nova...
Whiteboard: upstream_milestone_none upstream_stat...
Depends On:
Blocks:
TreeView+ depends on / blocked
 
Reported: 2013-12-12 13:44 UTC by RHOS Integration
Modified: 2015-03-19 17:35 UTC (History)
2 users (show)

Fixed In Version:
Doc Type: Enhancement
Doc Text:
Clone Of:
Environment:
Last Closed: 2015-03-19 17:35:10 UTC
Target Upstream Version:

Attachments (Terms of Use)
Add an attachment (proposed patch, testcase, etc.)

Description RHOS Integration 2013-12-12 13:44:56 UTC 
Cloned from launchpad blueprint https://blueprints.launchpad.net/nova/+spec/reset-vnc-console.

Description:

Currently a vnc console access token provides unlimited time access to the VM once a connection is established. While the token validity period can be controlled, an established connection cannot be torn without altering either vm state or proxy service. 

This has security implications. Suppose a token leaks to an adversary, by means of active snooping or human carelessness, and the adversary makes a connection, she can then passively watch the VM console and gather sufficient information to get an ssh connection. While it is difficult to prevent user errors, Nova can help an alerted user by providing a safety abort mechanism. The aim of this blueprint is to provide such a mechanism to a user to reset all established vnc connections to a given VM.

Specification URL (additional information):

None
Note You need to log in before you can comment on or make changes to this bug.