Browse Source

Updated QVM post.

dev
frnmst/Franco Masotti 5 years ago
parent
commit
1993487e49
  1. 94
      _posts/2017-04-24-qemu-ssh-tunnel.md

94
_posts/2017-04-24-qemu-ssh-tunnel.md

@ -1,6 +1,6 @@
---
title: Qemu SSH tunnel
updated: 2017-04-26 20:00
updated: 2017-10-22 18:00
tags: [qemu, vnc, ssh tunnel]
description: How to use qemu via VNC and SSH
---
@ -40,10 +40,8 @@ a remote server. Let's see a trivial scheme of the VNC setup
```
port 22 port 5900
client <--> intermediary server <--> remote server
^ (it's in a localhost location
| in respect to the intermediary
| server)
client <--> server.ssh_interface <--> server.vnc_interface
^
|
|
| port 5901
@ -53,71 +51,51 @@ a remote server. Let's see a trivial scheme of the VNC setup
## Terminology
- `<-->`: connection or forwarding
- `127.0.0.1`: local address (a.k.a `localhost`)
- `server.address`: address of the intermediary server
- `server-user`: login name of the intermediary server
- `server.address`: address of the server
- `server-user`: login name of the server
- `vm-user`: login name of the virual machine
Note: `server.vnc_interface` is in a localhost location in respect to the
`server.ssh_interface`, so we will not use the term *intermediary server*
anymore.
## Server
First thing: since my server does not have a GUI I installed the
`qemu-headless` package.
Here is the modified version of the install function of qvm
```shell
installs()
{
qemu-system-x86_64 -m "$vm_memory" \
-enable-kvm \
-monitor pty -vnc 127.0.0.1:0 \
-cdrom "$img_name" \
-boot order=d \
"$vhd_name" &
}
```
This line does the magic:
```shell
-monitor pty -vnc 127.0.0.1:0 \
```
The run function has now that same magic line:
```shell
[...]
qemu-system-x86_64 \
-m "$vm_memory" \
-enable-kvm \
-monitor pty -vnc 127.0.0.1:0 \
-device e1000,netdev=user.0 \
-netdev user,\
id=user.0,hostfwd=tcp::"$host_port"-:"$guest_port",\
hostfwd=tcp::"$ssh_host_port"-:"$ssh_guest_port" \
-virtfs local,path="$shared_data_path",\
security_model=none,mount_tag="$mount_tag" \
"$vhd" &
[...]
-monitor pty -vnc 127.0.0.1:0
```
Make sure to have the following configurations in the OpenSSH configuration
(`/etc/ssh/ssh_config`) otherwise the next steps won't work
(`/etc/ssh/sshd_config`) otherwise the next steps won't work
AllowTcpForwarding yes
PermitOpen yes
## Client
In case you don't, you must also restart the SSH daemon.
Before starting the VNC client, you must create an SSH socket (tunnel).
You can now use the appropriate QVM vnc command.
```shell
$ ssh -N -f -L 5901:127.0.0.1:5900 server-user@server.address
```
## Client
Download the QVM script on the client also.
You must now install vnc clients like
You must now install one of the vnc clients like
[gtk-vnc](https://wiki.gnome.org/Projects/gtk-vnc) or
[TigerVNC](http://www.tigervnc.org).
I've noticed that TigerVNC seems to handle window resizes better, so I decided
to go for that.
to go for that one.
Before starting the VNC client, an SSH socket (tunnel) is created.
```shell
$ ssh -N -f -L 5901:127.0.0.1:5900 server-user@server.address
```
TigerVNC is then called on the forwarded port.
```shell
$ vncviewer 127.0.0.1:1
@ -131,7 +109,7 @@ The next thing was to connect to the SSH daemon on the virtual machine just
like what qvm enables you to do. I thought I could use the same method of VNC.
Once the SSH daemon is up and running you can connect to it with the following
command from the intermediary server:
command from the server:
```shell
$ ssh -p 2222 vm-user@127.0.0.1
@ -155,6 +133,18 @@ $ ssh -p 2223 vm-user@127.0.0.1
You should now see the login.
### A simpler way to connect through SSH
As I later found out, it is possible to connect to SSH, as well as any ohter
service, by simply using the host address and the forwarded port, for example:
```shell
$ ssh -p 2222 vm-user@server.address
```
This happens because with this configuration the guest network is bridged with
the host network.
## Final considerations
You can use this method also for internet browsing and lots of other stuff.
@ -162,5 +152,9 @@ Infact, using SSH implies that the traffic between the client and remote server
is encrypted, but using VNC directly by default is NOT so pay
attention.
Cheers!
*Please notice that every step described here, except installations and file
configurations have now been integrated directly in the QVM script. For this
reason you should follow the instructions reported on the
[readme](https://github.com/frnmst/qvm/blob/master/README.md)*
Cheers!

Loading…
Cancel
Save