Connect to a KVM host through an ssh tunnel and arbitrary port in Windows 11 and WSL 2

Jan Reilink


GamesGames

If you need to connect virt-manager to a KVM host over ssh in Windows, then Windows 11 and WSL 2 made things a whole lot easier for you. Even if you need to connect virt-manager through an ssh tunnel and arbitrary port because your network is reachable only through a bastion host with ssh key authentication. Here is how.

Table of Contents show

In Februari 2020 I wrote a Dutch blog post explaining how to manage KVM virtual machines in Windows 10 over ssh. Because the Windows version of virt-manager doesn’t support qemu+ssh, you need WSL 2 and an X Server – VcXsrv – in Windows to connect to.

KVM VM’s beheren met virt-manager in Windows 10 (in Dutch)

Windows 11 and WSL 2 made this a whole lot easier with WSLg. On Microsoft Developer Blogs, Steve Pronovost wrote a pretty in-depth post outlining the WSLg Architecture. Basically, WSLg enables you to run Linux GUI apps on the Windows Subsystem for Linux.

Requirements to use virt-manager (qemu+ssh) in Windows 11

There are a few requirements you need to have. They’re pretty obvious:

  1. Windows 11
  2. WSLg
  3. Virt-manager installed in WSL (sudo apt install virt-manager)
  4. ssh key authentication set up

Retrieve SSH public key from Active Directory for SSH authentication

Unfortunately, WSLg is not supported on Windows 10, see https://github.com/microsoft/wslg#pre-requisites. Win 10 is supported now!

What made my tasks extra difficult is that the KVM host is only reachable by IPv6, which isn’t supported in WSL 2. Schematic, the traffic flow is like this:

Windows 11
Windows 11
WSL
WSL
Bastion host
Bastion host
KVM host
KVM hostText is not SVG – cannot display

From WSL in Windows 11, I need to connect to my bastion host over IPv4, and from there I need to connect to the KVM host over IPv6. Since WSL 2 doesn’t support IPv6, I create a ssh tunnel to the bastion host. In WSL, execute:

ssh -L 8822:kvm-3:22 bastion.example.com -l username -NCode language: Bash (bash)

Tunnel RDP through SSH & PuTTY

Once the tunnel is established, I can use that to connect virt-manager through to kvm-3 using localhost and the arbitrary port 8822:

virt-manager -c 'qemu+ssh://username@localhost:8822/system'Code language: Bash (bash)

If all goes well, virt-manager connects and opens its screen (I munged the info in the following screenshot a bit):

As you can see, this exercise is a lot easier than it was in Windows 10 using WSL 2 virt-manager, and VcXsrv in Windows. Of course, you can skip the ssh tunneling part if your KVM host is directly reachable.

More OpenSSH in Windows Server and Windows 11 / Windows 10, the series

Here on Sysadmins of the North are more posts in a series of posts about OpenSSH in Windows. Whether it’s Windows Server or Windows 11 / 10. You may find these posts interesting:

I hope you like it, let me know.

Related Posts

Share this post

Share on LinkedIn Share on Reddit
foto van Jan Reilink

About the author

Hi, my name is Jan. I am not a hacker, coder, developer or guru. I am merely a systems administrator, doing my daily SysOps/DevOps thing at cldin. With over 15 years of experience, my specialties include Windows Server, IIS, Linux (CentOS, Debian), security, PHP, websites & optimization.

0 0 votes
Article Rating
Subscribe
Notify of
1 Comment
Newest
Oldest Most Voted
Inline Feedbacks
View all comments
KVM VM's beheren met virt-manager in Windows 10 - ITFAQ-nl
3 months ago

[…] Connect to a KVM host through an ssh tunnel and arbitrary port in Windows 11 and WSL 2 […]

0
Reply

© Sysadmins of the North

Privacy Policy
1
0
Would love your thoughts, please comment.x
()
x