You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.

4.5 KiB

title updated tags description
Qemu SSH tunnel 2017-04-26 20:00 [qemu vnc ssh tunnel] How to use qemu via VNC and SSH

Hello readers,

I was in need to run a virtual machine to do some experiments an archiso (sic) and parabolaiso. My Intel(R) Core(TM)2 Quad CPU Q8200 @ 2.33GHz PC desktop processor does not support virtualization technology which means that when I run a virtual machine it's very, very slow (barely usable). So I thought: why not use the home server which has newer hardware and supports virtualization:

$ lscpu | grep Virtualization
Virtualization:        VT-x

Now, some time ago I've written a simple script to handle my "QEMU needs", VirtualBox is not available on Parabola and I don't like the available QEMU frontends.

So, after about 1 hour of information retrieval throughout Internet articles I was able to connect all the dots... Here it is.


The technique used here is called "SSH tunneling" and enables you to use an SSH server as an intermediary between the client and a remote server. Let's see a trivial scheme of the VNC setup

            port 22               port 5900
    client <--> intermediary server <--> remote server
      ^                                  (it's in a localhost location
      |                                   in respect to the intermediary 
      |                                   server)
      | port 5901
    $ vncviewer (:1 is equivalent to :5901)


  • local address (a.k.a localhost)
  • server.address: address of the intermediary server
  • server-user: login name of the intermediary server
  • vm-user: login name of the virual machine


First thing: since my server does not have a GUI I installed the qemu-headless package.

Here is the modified version of the install function of qvm

    qemu-system-x86_64 -m "$vm_memory" \
-enable-kvm \
-monitor pty -vnc \
-cdrom "$img_name" \
-boot order=d \
"$vhd_name" &

This line does the magic:

-monitor pty -vnc \

The run function has now that same magic line:

        qemu-system-x86_64 \
-m "$vm_memory" \
-enable-kvm \
-monitor pty -vnc \
-device e1000,netdev=user.0 \
-netdev user,\
hostfwd=tcp::"$ssh_host_port"-:"$ssh_guest_port" \
-virtfs local,path="$shared_data_path",\
security_model=none,mount_tag="$mount_tag" \
"$vhd" &

Make sure to have the following configurations in the OpenSSH configuration (/etc/ssh/ssh_config) otherwise the next steps won't work

AllowTcpForwarding yes
PermitOpen yes


Before starting the VNC client, you must create an SSH socket (tunnel).

$ ssh -N -f -L 5901: server-user@server.address

You must now install vnc clients like gtk-vnc or TigerVNC. I've noticed that TigerVNC seems to handle window resizes better, so I decided to go for that.

$ vncviewer

You should now see the virtual machine.


The next thing was to connect to the SSH daemon on the virtual machine just like what qvm enables you to do. I thought I could use the same method of VNC.

Once the SSH daemon is up and running you can connect to it with the following command from the intermediary server:

$ ssh -p 2222 vm-user@

The SSH port of the virual machine is the default one (22). qvm exposes the port 2222 by default so you can connect from localhost with it.

We need another step to be able to connect remotely and directly to the virtual machine from our client:

$ ssh -N -f -L 2223: server-user@server.address


$ ssh -p 2223 vm-user@

You should now see the login.

Final considerations

You can use this method also for internet browsing and lots of other stuff. Infact, using SSH implies that the traffic between the client and remote server is encrypted, but using VNC directly by default is NOT so pay attention.