With JetKVM and other Chineese LAN KVMs we can encounter serious security issues, so to prevent even possibility I prever host myself webpage for kvm access locally and connect using chrome browser on the same machine with "non lan" KVM USB hardware to target machine.
The emergency variant is to set another one PC with less strict OS and KVM USB connected to it when access locally hosted KVM webpage on openbsd server or the same machine with less strict os. One PC for this goal will be better, than two. On Sunday, November 2nd, 2025 at 12:47 PM, Stuart Henderson <[email protected]> wrote: > On 2025-10-29, Martin [email protected] wrote: > > > First time some tests have been performed with OpenBSD 7.7 + Iridium and > > Chromium browsers with connected NanoKVM USB (USB camera + audio + uhid > > input device emulation) composite device. > > > > The same machine (OpenBSD 7.7 and 7.8 after upgrade) hosts nginx server > > with web page to access NanoKVM USB. > > > > By opening a link http://nanokvm.local in Iridium or Chromium browser on > > the same machine resolves and opens NanoKVM access page with drop down menu > > which asks to access camera and microphone device. Once permissions are > > granted "Select USB device" drop down menu has appeared with "USB3 Video" > > and "Select Serial Device" button to access NanoKVM USB video from remote > > PC where NanoKVM is connected. > > > > Once "Select Serial Device" button is pressed on the nanokvm.local web > > page, Iridium and Chromium browsers crash with core dump. > > > No idea if it will help but you could try building a kernel with a > quirk added to prevent the hid interface from attaching to uhid so that > it falls back to ugen. See UQ_BAD_HID in usb_quirks.c. Seems the serial > port device is attached behind the HID presumably so browsers can get > access to it with webhid-like mechanisms (as also used for fido keys > etc) rather than webusb. I guess you may need to disable some pledge/ > unveil too. > > Generally OpenBSD is not the right OS for accessing random USB hardware > from userland. > > FWIW I used to take a usb hdmi capture stick (and small keyboard) for this > use-case (iirc I used vlc or ffplay with our v4l2 compat) but gave up > on it and got a jetkvm instead which I'm pretty happy with. Much easier > to handle via network than USB.
