Remote management over SSH
The quick and easy way to manage virtual machines remotely is to leverage SSH. In essence the libvirt management connection will be securely tunnelled over an SSH connection. All the authentication is done using SSH keys and passwords/passphrases are gathered by your local SSH agent. In addition the VNC console for each guest virtual machine will be tunnelled over SSH.
Pros/Cons of SSH
- Pro: You probably already have SSH keys setup
- Note: If you don't, or if you wish to be asked for the password, you will need the "openssh-askpass" package. Otherwise you may recieve an error about libvirtd not running, even when it is.
- Pro: No extra firewall rules needed to access the management service or VNC console
- Con: Requires root login access to the remote machine for users managing virtual machines
- Con: Initial connection setup process is slow
- Con: No standard easy way to revoke a user's key on all hosts
Steps to setup SSH access for virt-manager
The following short guide assuming you are starting from scratch and don't have any SSH keys setup before. You can probably skip the first steps if you already know all about SSH.
Creating your local public key pair
The first step is to make sure you have a public key pair on the machine where you will run virt-manager.
$ ssh-keygen -t rsa
If you password protect the private key, you may need to run ssh-agent in order for the authentication to work.
Copying the public key to a remote host
To allow virt-manager to login to a remote host it is necessary to add the public key from your local desktop to the allowed keys on each remote machine running libvirt. To add your public key to the list of allowed keys for the user root@somehost, run:
$ ssh-copy-id -i ~/.ssh/id_rsa.pub root@somehost
Starting the libvirt daemon
The libvirt daemon must be run on every remote host that needs to be managed. In addition, either Xen, KVM or QEMU packages should be installed on the host, depending on which hypervisor you wish to use. NB Using Xen requires a special kernel. NB Using KVM requires hardware support in your CPUs.
$ ssh root@somehost # chkconfig libvirtd on # service libvirtd start
The two commands above are suitable for a Fedora / RHEL Linux machine. Other operating systems may have slightly different ways to start the libvirt daemon at boot time.