If you need to connect virt-manager to a KVM host over ssh in Windows, then Windows 11 and WSL 2 made things a whole lot easier for you. Even if you need to connect virt-manager through an ssh tunnel and arbitrary port because your network is reachable only through a bastion host with ssh key authentication. Here is how.
In Februari 2020 I wrote a Dutch blog post explaining how to manage KVM virtual machines in Windows 10 over ssh. Because the Windows version of virt-manager doesn't support qemu+ssh, you need WSL 2 and an X Server - VcXsrv - in Windows to connect to.
Windows 11 and WSL 2 made this a whole lot easier with WSLg. On Microsoft Developer Blogs, Steve Pronovost wrote a pretty in-depth post outlining the WSLg Architecture. Basically, WSLg enables you to run Linux GUI apps on the Windows Subsystem for Linux.
Requirements to use virt-manager (qemu+ssh) in Windows 11
There are a few requirements you need to have. They're pretty obvious:
- Windows 11
- WSLg
- Virt-manager installed in WSL (
sudo apt install virt-manager) - ssh key authentication set up
Unfortunately, WSLg is not supported on Windows 10, see https://github.com/microsoft/wslg#pre-requisites. Win 10 is supported now!
What made my tasks extra difficult is that the KVM host is only reachable by IPv6, which isn't supported in WSL 2. Schematic, the traffic flow is like this:
From WSL in Windows 11, I need to connect to my bastion host over IPv4, and from there I need to connect to the KVM host over IPv6. Since WSL 2 doesn't support IPv6, I create a ssh tunnel to the bastion host. In WSL, execute:
ssh -L 8822:kvm-3:22 bastion.example.com -l username -NOnce the tunnel is established, I can use that to connect virt-manager through to kvm-3 using localhost and the arbitrary port 8822:
virt-manager -c 'qemu+ssh://username@localhost:8822/system'If all goes well, virt-manager connects and opens its screen (I munged the info in the following screenshot a bit):
As you can see, this exercise is a lot easier than it was in Windows 10 using WSL 2 virt-manager, and VcXsrv in Windows. Of course, you can skip the ssh tunneling part if your KVM host is directly reachable.
Thank you very much! <3 ❤️
Hi, my name is Jan. I am not a hacker, coder, developer or guru. I am merely an application manager / systems administrator, doing my daily thing at Embrace – The Human Cloud. In the past I worked at CLDIN (CLouDINfra) and Vevida. With over 20 years of experience, my specialties include Windows Server, IIS, Linux (CentOS, Debian), security, PHP, websites & optimization. I blog at https://www.saotn.org.
Pingback: IPv6 support for WSL2! 🥳