VNC Password Keygen

Generate VNC Password keys instead of using plain text passwords

To directly use the Password Key Generator please scroll to the bottom of the page or click here.

Since a long time, most VMware administrators use VNC to access their virtual machines without having to actually log into the vSphere Client or Web client.

From my experience with VMware, which was ESXi 5.5 and then straight to 6.7, the VNC session could be secured using a password by adding the below text inside the .vmx file for the virtual machine. Below is a sample text to be added.

RemoteDisplay.vnc.enabled = "TRUE"
RemoteDisplay.vnc.password = "12345678"
RemoteDisplay.vnc.port = "4901"

The RemoteDisplay.vnc.password string in the file intercepts any VNC request to the virtual machine and requests for a password. Only upon successful authentication, is VNC access allowed.

Upon research I found out that the later versions of ESXi, no longer support the RemoteDisplay.vnc.password string as anyone could just right click the .vmx file and open it with a text editor to reveal the password.

VMware now support a new encrypted version of the string which RemoteDisplay.vnc.key. This string holds and encrypted hash of the password, so in case anyone did open the .vmx file, they would see the encrypted hash and not the actual password itself. This is beneficial from a security standpoint.

To create a hash, VMware and other third-party sources did release hash generators using python, but most of them use outdated modules and work on Python 2 (the current at time of writing is python 3.8).

After a lot of troubleshooting and days of work, I was successfully able to write my own code and test it out. As of this writing, it was successfully tested with a server with details listed below. I assume it should also work for other versions as well.

ESXi version: 6.7.0
ESXi build number: 8169922

Since building the Python code, getting the right environment, and troubleshooting is a painful task, I have developed a web-based generator to directly generate a hash key for VNC users.

Please find the key generator below this page. Feel free to leave feedback on my email listed below.


Note: Remote Access via VNC is no longer supported from ESXi 7.0 onwards. To access the virtual machine from ESXi 7.0 onwards, you VMware’s VMRC tool.

Regards
Rustom Billimoria (rustom@rstforum.net)
www.rstforum.net

Also, a special thanks to Rahul Sharma, Pallavi Billimoria, Vagish Dwivedi, Chinmay Dwivedi, Pragya Dwivedi for helping me out to publish this code.