On Tue, May 02, 2017 at 01:19:03PM -0400, Frediano Ziglio wrote: > > This runs over a WAN connection so most ports, including SPICE, are > > firewalled by default, I only tested it briefly with that port open. Is > > it considered safe to allow access to that port? > > > > Absolutely not! Unless you configure SSL on top and disable not > encrypted connections (not sure how).
Do you mean disable such connections on spice-server side? Just don't specify a clear-text port, and you'll only be able to connect through SSL (-spice tls-port=xxx on qemu command line, <graphics type='spice' autoport='yes' defaultMode='secure'/> if you use libvirt according to https://www.spice-space.org/docs/manual/#_tls Christophe
signature.asc
Description: PGP signature
_______________________________________________ Spice-devel mailing list Spice-devel@lists.freedesktop.org https://lists.freedesktop.org/mailman/listinfo/spice-devel
