Hi Uri, >> I want access to the guest consoles, which means spice connections to >> the host. But I want those connections secured either by TLS or SSH. >> So far can get only plain insecure spice connections from a windows >> workstation to the kvm host. > > You should be able to use secure ports both on Linux and on Windows. Yes, I managed to to that using the correct URL syntax, something like spice://kvmhost?tls-port=5901 Setting up tls on the kvm host is not easy. It would be very nice of remote-viewer for windows was able to setup ssh tunnels. I am also worried about authentication using spice+tls. Any user, from any machine, can connect to the spice+tl port. But using an ssh tunnel means each user needs his own ssh password or key. > This can be done by specifying the secure channels either on the > spice-server side (qemu-kvm -spice command line option), or on a the > client side (with spice-gtk >= 0.20). If you only provide a > secure-port (and no insecure port), all channels are secured. The problem is, virt-manager and virsh allways configure an insecure port. Either it is fixed, or it is auto, but never disabled. I had to block the insecure ports on the host using iptables, else virt-viewer and virt-manager never use the tls port. Looks like this is a libvirt fault, not qemu. But on remote-viewer, using the correct URL syntax opens connections using the tls port even if the insecure one is not blocked. []s, Fernando Lozano _______________________________________________ virt-tools-list mailing list virt-tools-list@xxxxxxxxxx https://www.redhat.com/mailman/listinfo/virt-tools-list
