Virt-manager image

Connect to a KVM host through an ssh tunnel and arbitrary port in Windows 11 and WSL 2

Jan Reilink Windows Server

If you need to connect virt-manager to a KVM host over ssh in Windows, then Windows 11 and WSL 2 made things a whole lot easier for you. Even if you need to connect virt-manager through an ssh tunnel and arbitrary port because your network is reachable only through a bastion host with ssh key authentication. Here is how.

In Februari 2020 I wrote a Dutch blog post explaining how to manage KVM virtual machines in Windows 10 over ssh. Because the Windows version of virt-manager doesn’t support qemu+ssh, you need WSL 2 and an X Server – VcXsrv – in Windows to connect to.

KVM VM’s beheren met virt-manager in Windows 10 (in Dutch)

Windows 11 and WSL 2 made this a whole lot easier with WSLg. On Microsoft Developer Blogs, Steve Pronovost wrote a pretty in-depth post outlining the WSLg Architecture. Basically, WSLg enables you to run Linux GUI apps on the Windows Subsystem for Linux.

Requirements to use virt-manager (qemu+ssh) in Windows 11

There are a few requirements you need to have. They’re pretty obvious:

  1. Windows 11
  2. WSLg
  3. Virt-manager installed in WSL (sudo apt install virt-manager)
  4. ssh key authentication set up

Retrieve SSH public key from Active Directory for SSH authentication

Unfortunately, WSLg is not supported on Windows 10, see https://github.com/microsoft/wslg#pre-requisites. Win 10 is supported now!

What made my tasks extra difficult is that the KVM host is only reachable by IPv6, which isn’t supported in WSL 2. Schematic, the traffic flow is like this:

Windows 11
Windows 11
WSL
WSL
Bastion host
Bastion host
KVM host
KVM hostText is not SVG – cannot display

From WSL in Windows 11, I need to connect to my bastion host over IPv4, and from there I need to connect to the KVM host over IPv6. Since WSL 2 doesn’t support IPv6, I create a ssh tunnel to the bastion host. In WSL, execute:

ssh -L 8822:kvm-3:22 bastion.example.com -l username -NCode language: Bash (bash)

Tunnel RDP through SSH & PuTTY

Once the tunnel is established, I can use that to connect virt-manager through to kvm-3 using localhost and the arbitrary port 8822:

virt-manager -c 'qemu+ssh://username@localhost:8822/system'Code language: Bash (bash)

If all goes well, virt-manager connects and opens its screen (I munged the info in the following screenshot a bit):

As you can see, this exercise is a lot easier than it was in Windows 10 using WSL 2 virt-manager, and VcXsrv in Windows. Of course, you can skip the ssh tunneling part if your KVM host is directly reachable.

Related Posts

Share this post

Share on LinkedIn Share on Reddit

Jan Reilink

Hi, my name is Jan. I am not a hacker, coder, developer or guru. I am merely an application manager / systems administrator, doing my daily thing at Embrace - The Human Cloud. In the past I worked for clidn and Vevida. With over 20 years of experience, my specialties include Windows Server, IIS, Linux (CentOS, Debian), security, PHP, websites & optimization. I blog at https://www.saotn.org.

1 Comment
Newest
Oldest Most Voted
Inline Feedbacks
View all comments
KVM VM's beheren met virt-manager in Windows 10 - ITFAQ-nl
19/12/2022 08:55

[…] Connect to a KVM host through an ssh tunnel and arbitrary port in Windows 11 and WSL 2 […]

0