On Wed, Jan 02, 2013 at 11:06:34AM +0100, Michal Privoznik wrote:
The Spice session isn't tunneled over libvirt's connection
whereas
libvirt's APIs are tunneled. virt-viewer finds the desired domain, then
asks for XML and cut 'listen' attribute
(/domain/devices/graphics/@listen). Same goes for 'port'. Obtained
values are used to establish a new TCP connection to Spice session.
But that TCP connection is obviously tunelled over ssh.
On the host executing virt-viewer, virt-viewer spawns two ssh processes:
bash,29341
`-virt-viewer,29462 --connect=qemu+ssh://mh@fan.zugschlus.de/system <domain>
|-ssh,29463 -l mh fan.zugschlus.de sh -c 'if 'nc' -q 2>&1 | grep
"requires an argument" >/dev/null 2>&1; then ARG=-q0;else
ARG=;fi;'nc' $ARG -U /var/run/libvirt/libvirt-sock-ro'
`-ssh,29465 -l mh fan.zugschlus.de nc fan.zugschlus.de 5900
The first is obviously the connection to libvirt, the second is the
session carrying SPICE. Aside from the ssh connections, tcpdump does
not show any communication between the host running virt-viewer and
the host running the VM.
On the host running the vm, two ssh receiving processes can be seen:
|-sshd,12739
| `-sshd,12744
| `-sh,12745 -c...
| `-nc,12748 -q0 -U /var/run/libvirt/libvirt-sock-ro
`-sshd,12749
`-sshd,12751
`-nc,12752 fan.zugschlus.de 5900
If you want the connection to inherit usage of ssh from libvirt
connection, don't use '--direct' then.
That doesn't work without tweaking, see my original e-mail. This is my
original problem.
Or if you want to connect directly, without any tunnel magic, use
'--direct'.
I don't, since I want authentication and encryption. I would like
virt-viewer --connect=qemu+ssh://mh@fan.zugschlus.de/system <domain>
to work as advertised without tweaks.
I think I'm getting something wrong here. What am I doing wrong?
Greetings
Marc
--
-----------------------------------------------------------------------------
Marc Haber | "I don't trust Computers. They | Mailadresse im Header
Mannheim, Germany | lose things." Winona Ryder | Fon: *49 621 31958061
Nordisch by Nature | How to make an American Quilt | Fax: *49 621 31958062