|
|
|
@ -1,6 +1,6 @@
|
|
|
|
|
--- |
|
|
|
|
title: Qemu SSH tunnel |
|
|
|
|
updated: 2017-04-26 20:00 |
|
|
|
|
updated: 2017-10-22 18:00 |
|
|
|
|
tags: [qemu, vnc, ssh tunnel] |
|
|
|
|
description: How to use qemu via VNC and SSH |
|
|
|
|
--- |
|
|
|
@ -40,10 +40,8 @@ a remote server. Let's see a trivial scheme of the VNC setup
|
|
|
|
|
|
|
|
|
|
``` |
|
|
|
|
port 22 port 5900 |
|
|
|
|
client <--> intermediary server <--> remote server |
|
|
|
|
^ (it's in a localhost location |
|
|
|
|
| in respect to the intermediary |
|
|
|
|
| server) |
|
|
|
|
client <--> server.ssh_interface <--> server.vnc_interface |
|
|
|
|
^ |
|
|
|
|
| |
|
|
|
|
| |
|
|
|
|
| port 5901 |
|
|
|
@ -53,71 +51,51 @@ a remote server. Let's see a trivial scheme of the VNC setup
|
|
|
|
|
|
|
|
|
|
## Terminology |
|
|
|
|
|
|
|
|
|
- `<-->`: connection or forwarding |
|
|
|
|
- `127.0.0.1`: local address (a.k.a `localhost`) |
|
|
|
|
- `server.address`: address of the intermediary server |
|
|
|
|
- `server-user`: login name of the intermediary server |
|
|
|
|
- `server.address`: address of the server |
|
|
|
|
- `server-user`: login name of the server |
|
|
|
|
- `vm-user`: login name of the virual machine |
|
|
|
|
|
|
|
|
|
Note: `server.vnc_interface` is in a localhost location in respect to the |
|
|
|
|
`server.ssh_interface`, so we will not use the term *intermediary server* |
|
|
|
|
anymore. |
|
|
|
|
|
|
|
|
|
## Server |
|
|
|
|
|
|
|
|
|
First thing: since my server does not have a GUI I installed the |
|
|
|
|
`qemu-headless` package. |
|
|
|
|
|
|
|
|
|
Here is the modified version of the install function of qvm |
|
|
|
|
|
|
|
|
|
```shell |
|
|
|
|
installs() |
|
|
|
|
{ |
|
|
|
|
qemu-system-x86_64 -m "$vm_memory" \ |
|
|
|
|
-enable-kvm \ |
|
|
|
|
-monitor pty -vnc 127.0.0.1:0 \ |
|
|
|
|
-cdrom "$img_name" \ |
|
|
|
|
-boot order=d \ |
|
|
|
|
"$vhd_name" & |
|
|
|
|
} |
|
|
|
|
``` |
|
|
|
|
|
|
|
|
|
This line does the magic: |
|
|
|
|
```shell |
|
|
|
|
-monitor pty -vnc 127.0.0.1:0 \ |
|
|
|
|
``` |
|
|
|
|
|
|
|
|
|
The run function has now that same magic line: |
|
|
|
|
```shell |
|
|
|
|
[...] |
|
|
|
|
qemu-system-x86_64 \ |
|
|
|
|
-m "$vm_memory" \ |
|
|
|
|
-enable-kvm \ |
|
|
|
|
-monitor pty -vnc 127.0.0.1:0 \ |
|
|
|
|
-device e1000,netdev=user.0 \ |
|
|
|
|
-netdev user,\ |
|
|
|
|
id=user.0,hostfwd=tcp::"$host_port"-:"$guest_port",\ |
|
|
|
|
hostfwd=tcp::"$ssh_host_port"-:"$ssh_guest_port" \ |
|
|
|
|
-virtfs local,path="$shared_data_path",\ |
|
|
|
|
security_model=none,mount_tag="$mount_tag" \ |
|
|
|
|
"$vhd" & |
|
|
|
|
[...] |
|
|
|
|
-monitor pty -vnc 127.0.0.1:0 |
|
|
|
|
``` |
|
|
|
|
|
|
|
|
|
Make sure to have the following configurations in the OpenSSH configuration |
|
|
|
|
(`/etc/ssh/ssh_config`) otherwise the next steps won't work |
|
|
|
|
(`/etc/ssh/sshd_config`) otherwise the next steps won't work |
|
|
|
|
|
|
|
|
|
AllowTcpForwarding yes |
|
|
|
|
PermitOpen yes |
|
|
|
|
|
|
|
|
|
## Client |
|
|
|
|
In case you don't, you must also restart the SSH daemon. |
|
|
|
|
|
|
|
|
|
Before starting the VNC client, you must create an SSH socket (tunnel). |
|
|
|
|
You can now use the appropriate QVM vnc command. |
|
|
|
|
|
|
|
|
|
```shell |
|
|
|
|
$ ssh -N -f -L 5901:127.0.0.1:5900 server-user@server.address |
|
|
|
|
``` |
|
|
|
|
## Client |
|
|
|
|
|
|
|
|
|
Download the QVM script on the client also. |
|
|
|
|
|
|
|
|
|
You must now install vnc clients like |
|
|
|
|
You must now install one of the vnc clients like |
|
|
|
|
[gtk-vnc](https://wiki.gnome.org/Projects/gtk-vnc) or |
|
|
|
|
[TigerVNC](http://www.tigervnc.org). |
|
|
|
|
I've noticed that TigerVNC seems to handle window resizes better, so I decided |
|
|
|
|
to go for that. |
|
|
|
|
to go for that one. |
|
|
|
|
|
|
|
|
|
Before starting the VNC client, an SSH socket (tunnel) is created. |
|
|
|
|
|
|
|
|
|
```shell |
|
|
|
|
$ ssh -N -f -L 5901:127.0.0.1:5900 server-user@server.address |
|
|
|
|
``` |
|
|
|
|
TigerVNC is then called on the forwarded port. |
|
|
|
|
|
|
|
|
|
```shell |
|
|
|
|
$ vncviewer 127.0.0.1:1 |
|
|
|
@ -131,7 +109,7 @@ The next thing was to connect to the SSH daemon on the virtual machine just
|
|
|
|
|
like what qvm enables you to do. I thought I could use the same method of VNC. |
|
|
|
|
|
|
|
|
|
Once the SSH daemon is up and running you can connect to it with the following |
|
|
|
|
command from the intermediary server: |
|
|
|
|
command from the server: |
|
|
|
|
|
|
|
|
|
```shell |
|
|
|
|
$ ssh -p 2222 vm-user@127.0.0.1 |
|
|
|
@ -155,6 +133,18 @@ $ ssh -p 2223 vm-user@127.0.0.1
|
|
|
|
|
|
|
|
|
|
You should now see the login. |
|
|
|
|
|
|
|
|
|
### A simpler way to connect through SSH |
|
|
|
|
|
|
|
|
|
As I later found out, it is possible to connect to SSH, as well as any ohter |
|
|
|
|
service, by simply using the host address and the forwarded port, for example: |
|
|
|
|
|
|
|
|
|
```shell |
|
|
|
|
$ ssh -p 2222 vm-user@server.address |
|
|
|
|
``` |
|
|
|
|
|
|
|
|
|
This happens because with this configuration the guest network is bridged with |
|
|
|
|
the host network. |
|
|
|
|
|
|
|
|
|
## Final considerations |
|
|
|
|
|
|
|
|
|
You can use this method also for internet browsing and lots of other stuff. |
|
|
|
@ -162,5 +152,9 @@ Infact, using SSH implies that the traffic between the client and remote server
|
|
|
|
|
is encrypted, but using VNC directly by default is NOT so pay |
|
|
|
|
attention. |
|
|
|
|
|
|
|
|
|
Cheers! |
|
|
|
|
*Please notice that every step described here, except installations and file |
|
|
|
|
configurations have now been integrated directly in the QVM script. For this |
|
|
|
|
reason you should follow the instructions reported on the |
|
|
|
|
[readme](https://github.com/frnmst/qvm/blob/master/README.md)* |
|
|
|
|
|
|
|
|
|
Cheers! |
|
|
|
|