You are here: Sysadmins of the North » Windows Server » Connect to a KVM host through an ssh tunnel and arbitrary port in Windows 11 and WSL 2

Connect to a KVM host through an ssh tunnel and arbitrary port in Windows 11 and WSL 2

Windows Server / By /

If you need to connect virt-manager to a KVM host over ssh in Windows, then Windows 11 and WSL 2 made things a whole lot easier for you. Even if you need to connect virt-manager through an ssh tunnel and arbitrary port because your network is reachable only through a bastion host with ssh key authentication. Here is how.

In Februari 2020 I wrote a Dutch blog post explaining how to manage KVM virtual machines in Windows 10 over ssh. Because the Windows version of virt-manager doesn’t support qemu+ssh, you need WSL 2 and an X Server – VcXsrv – in Windows to connect to.

KVM VM’s beheren met virt-manager in Windows 10 (in Dutch)

Windows 11 and WSL 2 made this a whole lot easier with WSLg. On Microsoft Developer Blogs, Steve Pronovost wrote a pretty in-depth post outlining the WSLg Architecture. Basically, WSLg enables you to run Linux GUI apps on the Windows Subsystem for Linux.

Requirements to use virt-manager (qemu+ssh) in Windows 11

There are a few requirements you need to have. They’re pretty obvious:

  1. Windows 11
  2. WSLg
  3. Virt-manager installed in WSL (sudo apt install virt-manager)
  4. ssh key authentication set up

Retrieve SSH public key from Active Directory for SSH authentication

Unfortunately, WSLg is not supported on Windows 10, see https://github.com/microsoft/wslg#pre-requisites. Win 10 is supported now!

What made my tasks extra difficult is that the KVM host is only reachable by IPv6, which isn’t supported in WSL 2. Schematic, the traffic flow is like this:

Windows 11
Windows 11
WSL
WSL
Bastion host
Bastion host
KVM host
KVM hostText is not SVG – cannot display

From WSL in Windows 11, I need to connect to my bastion host over IPv4, and from there I need to connect to the KVM host over IPv6. Since WSL 2 doesn’t support IPv6, I create a ssh tunnel to the bastion host. In WSL, execute:

ssh -L 8822:kvm-3:22 bastion.example.com -l username -NCode language: Bash (bash)

Tunnel RDP through SSH & PuTTY

Once the tunnel is established, I can use that to connect virt-manager through to kvm-3 using localhost and the arbitrary port 8822:

virt-manager -c 'qemu+ssh://username@localhost:8822/system'Code language: Bash (bash)

If all goes well, virt-manager connects and opens its screen (I munged the info in the following screenshot a bit):

As you can see, this exercise is a lot easier than it was in Windows 10 using WSL 2 virt-manager, and VcXsrv in Windows. Of course, you can skip the ssh tunneling part if your KVM host is directly reachable.

Show Your Support

donate with Paypal

If you want to step in to help me cover the costs for running this website, that would be awesome. Just use this link to donate a cup of coffee ☕($10 USD or €10 EUR for example). And please share the love and help others make use of this website. Thank you very much! <3 ❤️

Tweet
Share
Share
Pin
0 Shares

Leave a Comment

Your email address will not be published. Required fields are marked *

Scroll to Top