No CSS, no Javascript,
No ads, no tracking, no cookies.
Tags: howto,cloudstack,vnc
Date: 20230121
If you ever wanted to open a KVM Cloudstack guest in say virt-manager you were prompted for a VNC password.
This password is kept in the Cloudstack DB in an encrypted string, so you can't just use it as is.
Here's how to decrypt it.
First get the encrypted vnc password out of the DB. For example:
MariaDB [cloud]> select vnc_password from cloud.vm_instance where instance_name="i-2-5-VM";
+----------------------------------------------+
| vnc_password |
+----------------------------------------------+
| jwbbbihpS9HeAGcUs64okbuWzNSwPbr+1dPpt3FG8kw= |
+----------------------------------------------+
1 row in set (0.00 sec)
|
~]# java -classpath /usr/share/cloudstack-common/lib/jasypt-1.9.3.jar org.jasypt.intf.cli.JasyptPBEStringDecryptionCLI \
decrypt.sh input=jwbbbihpS9HeAGcUs64okbuWzNSwPbr+1dPpt3FG8kw= password=password verbose=true
----ENVIRONMENT-----------------
Runtime: Red Hat, Inc. OpenJDK 64-Bit Server VM 11.0.17+8-LTS
----ARGUMENTS-------------------
input: jwbbbihpS9HeAGcUs64okbuWzNSwPbr+1dPpt3FG8kw=
password: password
verbose: true
----OUTPUT----------------------
HtITdLk8kvDQ0w7V9g-8LQ <=== here's our vnc password
|
If you want to turn this command line into a script it would look something like this:
#!/usr/bin/env bash
# this script expects the encrypted string as 1st argument, ie $1, so you can call the script as "./decvnc.sh string"
# let's find out the exact jasypt file, as filename changes with version in time
jasyptlib=$(find /usr/share/cloudstack-common/lib/ -name "jasypt*")
# then decode the string, note we use "$1" for "input"
java -classpath "$jasyptlib" org.jasypt.intf.cli.JasyptPBEStringDecryptionCLI decrypt.sh input="$1" password=password verbose=false
|