4.5 KiB
| title | updated | tags | description |
|---|---|---|---|
| Qemu SSH tunnel | 2017-04-26 20:00 | [qemu vnc ssh tunnel] | How to use qemu via VNC and SSH |
Hello readers,
I was in need to run a virtual machine to do some experiments an archiso
(sic) and parabolaiso. My Intel(R) Core(TM)2 Quad CPU Q8200 @ 2.33GHz PC desktop processor does not support virtualization technology which
means that when I run a virtual machine it's very, very slow (barely usable).
So I thought: why not use the home server which has newer hardware and
supports virtualization:
$ lscpu | grep Virtualization
Virtualization: VT-x
Now, some time ago I've written a simple script to handle my "QEMU needs", VirtualBox is not available on Parabola and I don't like the available QEMU frontends.
So, after about 1 hour of information retrieval throughout Internet articles I was able to connect all the dots... Here it is.
Premise
The technique used here is called "SSH tunneling" and enables you to use an SSH server as an intermediary between the client and a remote server. Let's see a trivial scheme of the VNC setup
port 22 port 5900
client <--> intermediary server <--> remote server
^ (it's in a localhost location
| in respect to the intermediary
| server)
|
|
| port 5901
|
$ vncviewer 127.0.0.1:1 (:1 is equivalent to :5901)
Terminology
127.0.0.1: local address (a.k.alocalhost)server.address: address of the intermediary serverserver-user: login name of the intermediary servervm-user: login name of the virual machine
Server
First thing: since my server does not have a GUI I installed the
qemu-headless package.
Here is the modified version of the install function of qvm
installs()
{
qemu-system-x86_64 -m "$vm_memory" \
-enable-kvm \
-monitor pty -vnc 127.0.0.1:0 \
-cdrom "$img_name" \
-boot order=d \
"$vhd_name" &
}
This line does the magic:
-monitor pty -vnc 127.0.0.1:0 \
The run function has now that same magic line:
[...]
qemu-system-x86_64 \
-m "$vm_memory" \
-enable-kvm \
-monitor pty -vnc 127.0.0.1:0 \
-device e1000,netdev=user.0 \
-netdev user,\
id=user.0,hostfwd=tcp::"$host_port"-:"$guest_port",\
hostfwd=tcp::"$ssh_host_port"-:"$ssh_guest_port" \
-virtfs local,path="$shared_data_path",\
security_model=none,mount_tag="$mount_tag" \
"$vhd" &
[...]
Make sure to have the following configurations in the OpenSSH configuration
(/etc/ssh/ssh_config) otherwise the next steps won't work
AllowTcpForwarding yes
PermitOpen yes
Client
Before starting the VNC client, you must create an SSH socket (tunnel).
$ ssh -N -f -L 5901:127.0.0.1:5900 server-user@server.address
You must now install vnc clients like gtk-vnc or TigerVNC. I've noticed that TigerVNC seems to handle window resizes better, so I decided to go for that.
$ vncviewer 127.0.0.1:1
You should now see the virtual machine.
SSH
The next thing was to connect to the SSH daemon on the virtual machine just like what qvm enables you to do. I thought I could use the same method of VNC.
Once the SSH daemon is up and running you can connect to it with the following command from the intermediary server:
$ ssh -p 2222 vm-user@127.0.0.1
The SSH port of the virual machine is the default one (22). qvm exposes the
port 2222 by default so you can connect from localhost with it.
We need another step to be able to connect remotely and directly to the virtual machine from our client:
$ ssh -N -f -L 2223:127.0.0.1:2222 server-user@server.address
then
$ ssh -p 2223 vm-user@127.0.0.1
You should now see the login.
Final considerations
You can use this method also for internet browsing and lots of other stuff. Infact, using SSH implies that the traffic between the client and remote server is encrypted, but using VNC directly by default is NOT so pay attention.
Cheers!