Hi,
how do I connect to a VM running on a removte machine with some sort of spice client? There doesn´t seem to be any spice client available in Centos 7 that works.
Felipe Salvador wrote:
That only says it´s unable to connect.
The XML-dump says:
<graphics type='spice' port='5901' autoport='no' listen='0.0.0.0'> <listen type='address' address='0.0.0.0'/> </graphics>
I remember it was working somehow, now it doesn´t. And I don´t remember what client I used.
A VM can have spice console listen only on the loopback interface, so the only way to connect would be to tunnel the spice connection via SSH. This is so 'by design'.
You'll certainly need an SSH keypair for authentication along with the ssh-agent (if your private key is password protected). I'm using something like:
virt-viewer --connect qemu+ssh://<hypervisor_hostname>/system <vm_id>
Regards, Milos.
Quoting hw hw@gc-24.de:
milos.blazevic wrote:
A VM can have spice console listen only on the loopback interface, so the only way to connect would be to tunnel the spice connection via SSH. This is so 'by design'.
I specified to listen on all addresses --- in my understanding, that are the addresses of the host rather than those of any particular VM.
You'll certainly need an SSH keypair for authentication along with the ssh-agent (if your private key is password protected). I'm using something like:
That´s way too complicated and awkward.
Why would I use ssh-agent? Specifying a passphrase to use a key means that I do *not* want everything/everyone to be able to use it. Not specifying a passphrase shouldn´t require an ssh-agent.
And how would I set this up, i. e. how would I tell the spice-client which keys to use, and how the host which keys to use? It´s not like I´m providing a user name to the host I´m connecting to which would allow it to pick a key.
Then there are five bazillion different versions of encryption methods and the overall extreme difficulty to deal with it.
In this case, no encryption is needed. That is my decision, and if spice thinks it could make that decision for me, it needs to be fixed.
On Wed, Aug 30, 2017 at 08:05:18PM +0200, hw wrote:
In this case, no encryption is needed. That is my decision, and if spice thinks it could make that decision for me, it needs to be fixed.
So I think you can replace
virt-viewer --connect qemu+ssh://<hypervisor_hostname>/system <vm_id>
with[1]
virt-viewer --connect qemu+tcp://example.com/system <vm_id>
[1] http://libvirt.org/drvqemu.html#uris
Felipe Salvador wrote:
Thanks! That doesn´t work, either:
(virt-viewer:24879): virt-viewer-DEBUG: connecting ... (virt-viewer:24879): virt-viewer-DEBUG: Opening connection to libvirt with URI qemu+tcp://vm/system (virt-viewer:24879): virt-viewer-DEBUG: Error: unable to connect to server at 'vm:16509': Connection refused
I used vnc with a new VM I created yesterday, and that works fine. Seems like I´ll have to stick with that.
Looking at [1], which mentions complications introduced by security issues, I´m finding it very questionable why and how it should be a good idea to connect to what you could call the administration interface of the very thing that accesses the host with pretty much root privileges and determines and runs the VMs on a server merely to be able to view what a VM would display on a display that could be connected to it if it wasn´t a VM.
Isn´t vnc much more secure from that perspective?
If memory serves me, spice client (i.e. spicec) is obsoleted. virt-viewer is now the remote viewer of choice on EL7. I'm using it for 8+ months now and it's working like a charm.
Quoting hw hw@gc-24.de:
-
Felipe Salvador -
hw -
milos.blazevic