Re: libvirt tools and keyfiles

To: debian-user@lists.debian.org
Subject: Re: libvirt tools and keyfiles
From: Celejar <celejar@gmail.com>
Date: Sat, 2 Apr 2022 22:02:51 -0400
Message-id: <[🔎] 20220402220251.b90e19ab834435667f38b415@gmail.com>
In-reply-to: <[🔎] 0436ef736201437e69cee319d20d085903d400f6.camel@gmail.com>
References: <[🔎] 20220401114027.90880d0cafc5d8c77408a856@gmail.com> <[🔎] 0436ef736201437e69cee319d20d085903d400f6.camel@gmail.com>

On Sat, 02 Apr 2022 09:53:18 +0200
didier gaumet <didier.gaumet@gmail.com> wrote:

> 
> 
> Hello,
> 
> Disclaimer: I do not use ssh, nor remote virtual machines, so this is
> far from an expert answer :-)

Thanks for the suggestions!

> You could be confronted to several possible problems:
> - root access: you could try using an ordinary user instead

I'm not sure if I understand what you're saying, but I am using an
ordinary user on the client side. The VMs are running on the remote
machine using qemu:///system.

> - "system" problem: virt-manager/virt-viewer propose "system" and
> "session" options and in this case, trying an ordinary user "session"
> instead of a root "system" could be beneficial

Not sure if I understand what you're saying - as above, the VMs are
running on the remote machine using qemu:///system - are you
suggesting that I try reconfiguring them to run as qemu:///session?
According to the documentation:

> You will definitely want to use qemu:///system if your VMs are acting
> as servers. VM autostart on host boot only works for 'system', and the
> root libvirtd instance has necessary permissions to use proper
> networkings via bridges or virtual networks. qemu:///system is
> generally what tools like virt-manager default to.
> 
> qemu:///session has a serious drawback: since the libvirtd instance
> does not have sufficient privileges, the only out of the box network
> option is qemu's usermode networking, which has nonobvious limitations,
> so its usage is discouraged. More info on qemu networking options:
> http://people.gnome.org/~markmc/qemu-networking.html 

https://wiki.libvirt.org/page/FAQ#What_is_the_difference_between_qemu:.2F.2F.2Fsystem_and_qemu:.2F.2F.2Fsession.3F_Which_one_should_I_use.3F

> - ssh tunnel or not (virt-manager/virt-viewer have different options
> for that)

I don't understand this point.

> - double authentication: "When using a SSH tunnel to connect to a SPICE
> console, it's recommended to have ssh-agent running to avoid getting
> multiple authentication prompts."

Thanks - this might be the solution. I'll have to look into this
further.

> (take a look at virtsh, virt-manager, virt-viewer manpages)

-- 
Celejar

Reply to:

Follow-Ups:
- Re: libvirt tools and keyfiles
  - From: didier gaumet <didier.gaumet@gmail.com>

References:
- libvirt tools and keyfiles
  - From: Celejar <celejar@gmail.com>
- Re: libvirt tools and keyfiles
  - From: didier gaumet <didier.gaumet@gmail.com>

Prev by Date: Re: fluxbox partial installation
Next by Date: Re: libvirt tools and keyfiles
Previous by thread: Re: libvirt tools and keyfiles
Next by thread: Re: libvirt tools and keyfiles
Index(es):
- Date
- Thread