Hi there,
Sorry if I am off-topic, but I got no useful replies on the fedora users
list and found no spice users list.
I'm trying to configure secure remote access to guest VM consoles. Some
hosts are RHEL6 machines, others are Fedora 18 ones. Ideally, I'd like
being able to get direct remote access to the guests from windows
workstations.
I made a lot of progress but have not reached my goal. Any help will be
appreciated.
If I use ssh -X (or putty + Xming) I can run virt-manager on the host
and access the guest consoles. So far no surprises, but this
remote-graphics-inside-other-remote-graphis is not very eficient.
If I use qemu+ssh URLs for virt-manager and virt-viewer from Linux
clients I cannot get any console at all on the default setups for Fedora
and RHEL. I'm disapointed that those tools cannot use the ssh tunnel for
the consoles, only for libvirtd.
I managed to get virsh and virt-viewer (with both vnc and spice) working
on windows if I create an ssh tunnel using putty. No surprises here, but
not very user-friendly. Besides, this needs remote root logins, which I
want to disable. Same from Linux clients (ssh -L and virt-viewer or
remote-viewer from another shell).
Then I configured TLS certificates for libvirtd and qemu. Virsh fine
from both windows and linux using qemu+tls URLs, and virt-manager /
virt-viewer from linux works fine, but when I open a guest console,
netstat shows it's using non-secure ports. I can't find how to force
virt-manager and virt-viewer on Linux to use only the TLS port for VNC
and Spice. So I don't know if the qemu side is really ok. Virt-manager
shows all guests have both secure and non-secure ports enabled, both auto.
On both windows and linux, remote-viewer can connect only to the
non-secure ports. I cannot find how to make it use tls for guest console
access. TLS setup seems to be configured ok on the clients (both windows
and linux) but I don't know how to troubleshoot them.
On Windows, I cannot make the bundled virsh and virt-viewer to work,
tried many builds on windows. I have also another build with virsh only
and this works but of course cannot open guest consoles. I didn't built
anything myself, downloaded prebuild windows binaries from spice.org and
libvirt.org. On Fedora and RHEL, I'm using distro packages.
How do I force remote-viewer to use tls? It won't accept spice+tls or
vnc+tls URLs.
And as I said, if I try qemu+tls from virt-viewer and virt-manager I get
a spice or vnc conection using the non-secure port. :-( How to force
them to use the tls port?
It's very strange: while virt-manager tells my guests are listening on
127.0.0.1, netstat tells they are listeing on 0.0.0.0.
[]s, Fernando Lozano
_______________________________________________
Spice-devel mailing list
Spice-devel@xxxxxxxxxxxxxxxxxxxxx
http://lists.freedesktop.org/mailman/listinfo/spice-devel