Chapter 5. Remote Management of Guests
sshor TLS and SSL. More information on SSH can be found in the Red Hat Enterprise Linux Deployment Guide.
5.1. Remote Management with SSH
libvirtmanagement connection securely tunneled over an SSH connection to manage the remote machines. All the authentication is done using SSH public key cryptography and passwords or passphrases gathered by your local SSH agent. In addition the VNC console for each guest is tunneled over SSH.
- you require root log in access to the remote machine for managing virtual machines,
- the initial connection setup process may be slow,
- there is no standard or trivial way to revoke a user's key on all hosts or guests, and
- ssh does not scale well with larger numbers of remote machines.
The following instructions assume you are starting from scratch and do not already have SSH keys set up. If you have SSH keys set up and copied to the other systems you can skip this procedure.
virt-managermust be run by the user who owns the keys to connect to the remote host. That means, if the remote systems are managed by a non-root user
virt-managermust be run in unprivileged mode. If the remote systems are managed by the local root user then the SSH keys must be owned and created by root.
Optional: Changing userChange user, if required. This example uses the local root user for remotely managing the other hosts and the local host.
Generating the SSH key pairGenerate a public key pair on the machine
virt-manageris used. This example uses the default key location, in the
ssh-keygen -t rsa
Copying the keys to the remote hostsRemote login without a password, or with a passphrase, requires an SSH key to be distributed to the systems being managed. Use the
ssh-copy-idcommand to copy the key to root user at the system address provided (in the example,
ssh-copy-id -i ~/.ssh/id_rsa.pub email@example.com@host2.example.com's password:Now try logging into the machine, with the
ssh firstname.lastname@example.org and check in the
.ssh/authorized_keysfile to make sure unexpected keys have not been added.Repeat for other systems, as required.
Optional: Add the passphrase to the ssh-agentThe instructions below describe how to add a passphrase to an existing ssh-agent. It will fail to run if the ssh-agent is not running. To avoid errors or conflicts make sure that your SSH parameters are set correctly. Refer to the Red Hat Enterprise Linux Deployment Guide for more information.Add the passphrase for the SSH key to the
ssh-agent, if required. On the local host, use the following command to add the passphrase (if there was one) to enable password-less login.
ssh-add ~/.ssh/id_rsaThe SSH key is added to the remote system.
libvirt daemon provides an interface for managing virtual machines. You must have the
libvirtd daemon installed and running on every remote host that needs managing.
# chkconfig libvirtd on
# service libvirtd start
libvirtdand SSH are configured you should be able to remotely access and manage your virtual machines. You should also be able to access your guests with
VNCat this point.
Remote hosts can be managed with the virt-manager GUI tool. SSH keys must belong to the user executing virt-manager for password-less login to work.
- Start virt-manager.
- Open the File->Add Connection menu.
Figure 5.1. Add connection menu
- Use the drop down menu to select hypervisor type, and click the Connect to remote host check box to open the Connection Method (in this case Remote tunnel over SSH), and enter the desired User name and Hostname, then click Connect.