You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.

165 lines
4.7 KiB

title: Qemu SSH tunnel
updated: 2019-08-11 19:35
6 years ago
tags: [qemu, vnc, ssh tunnel]
description: How to use qemu via VNC and SSH
Hello readers,
1 year ago
I was in need to run a virtual machine to do some experiments on `archiso`
(sic) and `parabolaiso`.
1 year ago
My `Intel(R) Core(TM)2 Quad CPU Q8200 @
2.33GHz` PC desktop processor does not support virtualization technology which
means that when I run a virtual machine it's very, very slow (barely usable).
So I thought: why not use the home server which has newer hardware and
supports virtualization:
$ lscpu | grep Virtualization
Virtualization: VT-x
1 year ago
*Please note that every step described here, except installations and file
configurations have now been integrated directly in the QVM script. For this
reason you should follow the instructions reported on the
[readme file](*
Now, some time ago I've written a
1 year ago
[simple script]( to handle my "QEMU needs",
VirtualBox is not available on Parabola and I don't like the available QEMU
1 year ago
So, after about 1 hour of information
I was able to connect all the dots... Here it is.
## Premise
1 year ago
The technique used here is called ["SSH
and enables you to use an SSH server as an intermediary between the client and
a remote server. Let's see a trivial scheme of the VNC setup
port 22 port 5900
client <--> server.ssh_interface <--> server.vnc_interface
| port 5901
$ vncviewer (:1 is equivalent to :5901)
## Terminology
- `<-->`: connection or forwarding
- ``: local address (a.k.a `localhost`)
- `server.address`: address of the server
- `server-user`: login name of the server
- `vm-user`: login name of the virual machine
1 year ago
Note: `server.vnc_interface` is in a localhost location in respect to the
`server.ssh_interface`, so we will not use the term *intermediary server*
## Server
1 year ago
First thing: since my server does not have a GUI I installed the
`qemu-headless` package.
This line does the magic:
-monitor pty -vnc
1 year ago
Make sure to have the following configurations in the OpenSSH configuration
(`/etc/ssh/sshd_config`) otherwise the next steps won't work
AllowTcpForwarding yes
In case you don't, you must also restart the SSH daemon.
You can now use the appropriate QVM vnc command.
## Client
Download the QVM script on the client also.
1 year ago
You must now install one of the vnc clients like
[gtk-vnc]( or
1 year ago
I've noticed that TigerVNC seems to handle window resizes better, so I decided
to go for that one.
Before starting the VNC client, an SSH socket (tunnel) is created.
$ ssh -N -f -L 5901: server-user@server.address
TigerVNC is then called on the forwarded port.
$ vncviewer
You should now see the virtual machine.
## SSH
1 year ago
The next thing was to connect to the SSH daemon on the virtual machine just
like what qvm enables you to do. I thought I could use the same method of VNC.
1 year ago
Once the SSH daemon is up and running you can connect to it with the following
command from the server:
$ ssh -p 2222 vm-user@
1 year ago
The SSH port of the virual machine is the default one (22). qvm exposes the
port 2222 by default so you can connect from `localhost` with it.
1 year ago
We need another step to be able to connect remotely and directly to the virtual
machine from our client:
$ ssh -N -f -L 2223: server-user@server.address
$ ssh -p 2223 vm-user@
You should now see the login.
### A simpler way to connect through SSH
1 year ago
As I later found out, it is possible to connect to SSH, as well as any ohter
service, by simply using the host address and the forwarded port, for example:
$ ssh -p 2222 vm-user@server.address
1 year ago
This happens because with this configuration the guest network is bridged with
the host network.
## Final considerations
1 year ago
You can use this method also for internet browsing and lots of other stuff.
Infact, using SSH implies that the traffic between the client and remote server
is encrypted, but using VNC directly by default is NOT so pay