Browse Source

Updated QVM post.

frnmst/Franco Masotti 5 years ago
  1. 94


@ -1,6 +1,6 @@
title: Qemu SSH tunnel
updated: 2017-04-26 20:00
updated: 2017-10-22 18:00
tags: [qemu, vnc, ssh tunnel]
description: How to use qemu via VNC and SSH
@ -40,10 +40,8 @@ a remote server. Let's see a trivial scheme of the VNC setup
port 22 port 5900
client <--> intermediary server <--> remote server
^ (it's in a localhost location
| in respect to the intermediary
| server)
client <--> server.ssh_interface <--> server.vnc_interface
| port 5901
@ -53,71 +51,51 @@ a remote server. Let's see a trivial scheme of the VNC setup
## Terminology
- `<-->`: connection or forwarding
- ``: local address (a.k.a `localhost`)
- `server.address`: address of the intermediary server
- `server-user`: login name of the intermediary server
- `server.address`: address of the server
- `server-user`: login name of the server
- `vm-user`: login name of the virual machine
Note: `server.vnc_interface` is in a localhost location in respect to the
`server.ssh_interface`, so we will not use the term *intermediary server*
## Server
First thing: since my server does not have a GUI I installed the
`qemu-headless` package.
Here is the modified version of the install function of qvm
qemu-system-x86_64 -m "$vm_memory" \
-enable-kvm \
-monitor pty -vnc \
-cdrom "$img_name" \
-boot order=d \
"$vhd_name" &
This line does the magic:
-monitor pty -vnc \
The run function has now that same magic line:
qemu-system-x86_64 \
-m "$vm_memory" \
-enable-kvm \
-monitor pty -vnc \
-device e1000,netdev=user.0 \
-netdev user,\
hostfwd=tcp::"$ssh_host_port"-:"$ssh_guest_port" \
-virtfs local,path="$shared_data_path",\
security_model=none,mount_tag="$mount_tag" \
"$vhd" &
-monitor pty -vnc
Make sure to have the following configurations in the OpenSSH configuration
(`/etc/ssh/ssh_config`) otherwise the next steps won't work
(`/etc/ssh/sshd_config`) otherwise the next steps won't work
AllowTcpForwarding yes
PermitOpen yes
## Client
In case you don't, you must also restart the SSH daemon.
Before starting the VNC client, you must create an SSH socket (tunnel).
You can now use the appropriate QVM vnc command.
$ ssh -N -f -L 5901: server-user@server.address
## Client
Download the QVM script on the client also.
You must now install vnc clients like
You must now install one of the vnc clients like
[gtk-vnc]( or
I've noticed that TigerVNC seems to handle window resizes better, so I decided
to go for that.
to go for that one.
Before starting the VNC client, an SSH socket (tunnel) is created.
$ ssh -N -f -L 5901: server-user@server.address
TigerVNC is then called on the forwarded port.
$ vncviewer
@ -131,7 +109,7 @@ The next thing was to connect to the SSH daemon on the virtual machine just
like what qvm enables you to do. I thought I could use the same method of VNC.
Once the SSH daemon is up and running you can connect to it with the following
command from the intermediary server:
command from the server:
$ ssh -p 2222 vm-user@
@ -155,6 +133,18 @@ $ ssh -p 2223 vm-user@
You should now see the login.
### A simpler way to connect through SSH
As I later found out, it is possible to connect to SSH, as well as any ohter
service, by simply using the host address and the forwarded port, for example:
$ ssh -p 2222 vm-user@server.address
This happens because with this configuration the guest network is bridged with
the host network.
## Final considerations
You can use this method also for internet browsing and lots of other stuff.
@ -162,5 +152,9 @@ Infact, using SSH implies that the traffic between the client and remote server
is encrypted, but using VNC directly by default is NOT so pay
*Please notice that every step described here, except installations and file
configurations have now been integrated directly in the QVM script. For this
reason you should follow the instructions reported on the