[libvirt-users] virt-viewer via ssh to a remote host

Marc Haber mh+libvirt-users at zugschlus.de
Thu Jan 3 13:31:27 UTC 2013 

On Wed, Jan 02, 2013 at 11:06:34AM +0100, Michal Privoznik wrote:
> The Spice session isn't tunneled over libvirt's connection whereas
> libvirt's APIs are tunneled. virt-viewer finds the desired domain, then
> asks for XML and cut 'listen' attribute
> (/domain/devices/graphics/@listen). Same goes for 'port'. Obtained
> values are used to establish a new TCP connection to Spice session.

But that TCP connection is obviously tunelled over ssh. 

On the host executing virt-viewer, virt-viewer spawns two ssh processes:

bash,29341
  `-virt-viewer,29462 --connect=qemu+ssh://mh@fan.zugschlus.de/system <domain>
      |-ssh,29463 -l mh fan.zugschlus.de sh -c 'if 'nc' -q 2>&1 | grep "requires an argument" >/dev/null 2>&1; then ARG=-q0;else ARG=;fi;'nc' $ARG -U /var/run/libvirt/libvirt-sock-ro'
      `-ssh,29465 -l mh fan.zugschlus.de nc fan.zugschlus.de 5900

The first is obviously the connection to libvirt, the second is the
session carrying SPICE. Aside from the ssh connections, tcpdump does
not show any communication between the host running virt-viewer and
the host running the VM.

On the host running the vm, two ssh receiving processes can be seen:

  |-sshd,12739
  |   `-sshd,12744
  |       `-sh,12745 -c...
  |           `-nc,12748 -q0 -U /var/run/libvirt/libvirt-sock-ro
  `-sshd,12749
      `-sshd,12751
          `-nc,12752 fan.zugschlus.de 5900

>  If you want the connection to inherit usage of ssh from libvirt
>  connection, don't use '--direct' then.

That doesn't work without tweaking, see my original e-mail. This is my
original problem.

>  Or if you want to connect directly, without any tunnel magic, use
>  '--direct'.

I don't, since I want authentication and encryption. I would like 
virt-viewer --connect=qemu+ssh://mh@fan.zugschlus.de/system <domain>
to work as advertised without tweaks.

I think I'm getting something wrong here. What am I doing wrong?

Greetings
Marc

-- 
-----------------------------------------------------------------------------
Marc Haber         | "I don't trust Computers. They | Mailadresse im Header
Mannheim, Germany  |  lose things."    Winona Ryder | Fon: *49 621 31958061
Nordisch by Nature |  How to make an American Quilt | Fax: *49 621 31958062

More information about the libvirt-users mailing list