7 Remote virtual machines • Finally, the “guest” authentication method performs authentication with a special compo- nent that comes with the Guest Additions as a result, authentication is not performed on the host, but with the guest user accounts. This method is currently still in testing and not yet supported. In addition to the methods described above, you can replace the default “external” authenti- cation module with any other module. For this, VirtualBox provides a well-defined interface that allows you to write your own authentication module. This is described in detail in the VirtualBox Software Development Kit (SDK) reference please see chapter 11, VirtualBox programming in- terfaces, page 163 for details. 7.1.6 RDP encryption RDP features data stream encryption, which is based on the RC4 symmetric cipher (with keys up to 128bit). The RC4 keys are being replaced in regular intervals (every 4096 packets). RDP provides three different authentication methods: 1. Historically, RDP4 authentication was used, with which the RDP client does not perform any checks in order to verify the identity of the server it connects to. Since user creden- tials can be obtained using a “man in the middle” (MITM) attack, RDP4 authentication is insecure and should generally not be used. 2. RDP5.1 authentication employs a server certificate for which the client possesses the public key. This way it is guaranteed that the server possess the corresponding private key. How- ever, as this hard-coded private key became public some years ago, RDP5.1 authentication is also insecure and cannot be recommended. 3. RDP5.2 authentication is based on TLS 1.0 with customer-supplied certificates. The server supplies a certificate to the client which must be signed by a certificate authority (CA) that the client trusts (for the Microsoft RDP Client 5.2, the CA has to be added to the Windows Trusted Root Certificate Authorities database). VirtualBox allows you to supply your own CA and server certificate and uses OpenSSL for encryption. While VirtualBox supports all of the above, only RDP5.2 authentication should be used in environments where security is a concern. As the client that connects to the server determines what type of encryption will be used, with rdesktop, the Linux RDP viewer, use the -4 or -5 options. 7.1.7 Multiple connections to the VRDP server The VRDP server of VirtualBox supports multiple simultaneous connections to the same running VM from different clients. All connected clients see the same screen output and share a mouse pointer and keyboard focus. This is similar to several people using the same computer at the same time, taking turns at the keyboard. The following command enables multiple connection mode: VBoxManage modifyvm "VM name" --vrdemulticon on 7.1.8 Multiple remote monitors To access two or more remote VM displays you have to enable the VRDP multiconnection mode (see chapter 7.1.7, Multiple connections to the VRDP server, page 95). The RDP client can select the virtual monitor number to connect to using the domain logon parameter (-d). If the parameter ends with @ followed by a number, VirtualBox interprets this 95