On Tue, Mar 27, 2012 at 11:29:15AM +0200, Stef Walter wrote:
On 2012-03-27 11:17, Daniel P. Berrange wrote:
Actually, it is possible to remotely connect to any libvirtd instance using an SSH tunnel, which works out of the box. Only the direct, non-tunnelled TLS/SASL based connections require manual setup.
Doesn't this require setting installing an ssh server on your machine? openssh-server doesn't seem to be installed/enabled by default on many (most?) distros, including Fedora.
Yes you need an SSH server.
In addition doesn't this only work when you ssh as root to the box that the libvirtd instance is running on? I couldn't get this working with my user account and a qemu-ssh uri. I'm probably missing something ...
You can ssh in as non-root, but it requires some manual config steps with policykit to allow libvirtd access first. You can't use the qemu:///session instance remotely either.
I hope that makes sense. Let me know if I've gotten something wrong.
Would you accept a patch to do this? Or would you suggest that we try and do this downstream in the Fedora/RHEL packages instead?
Our policy for Fedora / RHEL is to not change upstream behaviour, so this kind of policy decision should be resolved here.
Okay, good to know.
Cheers,
Stef
-- |: http://berrange.com -o- http://www.flickr.com/photos/dberrange/ :| |: http://libvirt.org -o- http://virt-manager.org :| |: http://autobuild.org -o- http://search.cpan.org/~danberr/ :| |: http://entangle-photo.org -o- http://live.gnome.org/gtk-vnc :|