Accessing KVMs on servers can be problematic even on mainstream systems like Windows or Linux. In this article, we will use the Linux binary through Linux-FreeBSD compatibility to be able to access 99% of the KVMs on the market without any problems.
We must keep in mind that the linux-oracle-jdk18 port requires access to certain parts of the system. Depending on our security configuration, it is possible that a regular user may not be able to access it. We have two options: disable the security measure or run javaws as root using sudo.
To disable it:
security.bsd.unprivileged_proc_debug=1
If we choose the solution using sudo:
kr0m ALL=(ALL) NOPASSWD: /usr/local/linux-oracle-jdk1.8.0/bin/javaws
kr0m ALL=(ALL) NOPASSWD: /usr/local/linux-oracle-jdk1.8.0/bin/jcontrol
I personally will use sudo.
Some of the errors that usually occur are:
no ikvm64 in java.library.path
No appropriate protocol (protocol is disabled or cipher suites are inappropriate)
Disabling Java as it is too old and likely to be out of date. To reenable use jcontrol utility
The first error is due to the applet being only compatible with Windows, MacOSX, and Linux, therefore it looks for binaries that do not exist in FreeBSD. To solve the problem, we will have to use the Java binary from Linux through the FreeBSD binary compatibility .
We load the Linux compatibility module for both 32 and 64 bits:
kldload linux64
We check that both modules are loaded:
13 2 0xffffffff8425f000 3df60 linux.ko
24 1 0xffffffff84319000 35b20 linux64.ko
We install the base Linux binaries and libraries:
We enable compatibility at boot:
linux_enable="yes"
The only way to install Oracle JDK for Linux is through ports since it is restricted software due to licensing issues:
RESTRICTED: Redistribution of repackaged binaries not permitted
A package is not available for ports marked as: Forbidden / Broken / Ignore / Restricted
There is no problem in mixing binary packages and ports in this case because this software is only available through ports, and it is not installed in the system as such, but rather in the directory where the Linux binaries reside.
We install the prerequisites:
Before compiling the port, we need to download a file from the Oracle website :
jdk-8u241-linux-x64.tar.gz
NOTE: The version of the file will change over time. To find out which version we will try to compile the port, as indicated a few steps below, and it will show us the version to download.
We download it to the directory:
We compile and install the linux-oracle-jdk18 port:
make install clean
Java will try to obtain certain information from the system by accessing the Linux proc directory. To make this information available, we need to load the linprocfs module and mount the /compat/linux/proc directory.
We load the linprocfs module:
We edit the fstab:
linprocfs /compat/linux/proc linprocfs rw 0 0
We mount the directory:
In theory, you can configure the browser to open the file directly with the Linux binary, but I prefer to save the file and open it manually:
Usually, access to KVM is necessary in some kind of emergency where we need quick access to the server. For this purpose, I use a very simple bash script:
#!/usr/bin/env bash
if [ $# -eq 0 ]; then
echo "ERROR: No arguments supplied"
exit
fi
sudo /usr/local/linux-oracle-jdk1.8.0/bin/javaws -verbose $1
We just have to pass it the filename:
The second error regarding encryption protocols is solved by allowing all protocols. I know it will be insecure, but it’s better than not being able to access it when there’s an emergency.
We edit the Java configuration file and comment out the statement that disables algorithms:
#jdk.tls.disabledAlgorithms=SSLv3, RC4, DES, MD5withRSA, DH keySize < 1024, EC keySize < 224, 3DES_EDE_CBC, anon, NULL
The third error can be solved by whitelisting the connection URL:
We go to the Security tab and add the URLs of the KVMs. It is important to note that we must add both http and https even if the access is https.
Another interesting option is to enable the Java console so that we can see the errors in more detail: