18.1. Remote management with ssh

18.1. Remote management with ssh

The ssh tool can be used to manage remote virtual machines. The method described uses the libvirt management connection securely tunneled over an SSH connection to manage the remote machines. All the authentication is done using SSH public key cryptography and passwords or passphrases gathered by your local SSH agent. In addition the VNC console for each guest virtual machine will be tunneled over SSH.

SSH is usually configured by default so you probably already have SSH keys setup and no extra firewall rules needed to access the management service or VNC console.

Be aware of the issues with using SSH for remotely managing your virtual machines, including:

Configuring SSH access for virt-manager

The following instructions assume you are starting from scratch and do not already have SSH keys set up.

  1. You need a public key pair on the machine where you will run virt-manager. If ssh is already configured you can skip this command.

    $ ssh-keygen -t rsa
    
  2. To permit remote log in, virt-manager needs a copy of the public key on each remote machine running libvirt. Copy the file $HOME/.ssh/id_rsa.pub from the machine you want to use for remote management using the scp command:

    $ scp $HOME/.ssh/id_rsa.pub  root@somehost:/root/key-dan.pub
    
  3. After the file has copied, use ssh to connect to the remote machines as root and add the file that you copied to the list of authorized keys. If the root user on the remote host does not already have an list of authorized keys, make sure the file permissions are correctly set

    $ ssh root@somehost
    # mkdir /root/.ssh
    # chmod go-rwx /root/.ssh
    # cat /root/key-dan.pub >> /root/.ssh/authorized_keys
    # chmod go-rw /root/.ssh/authorized_keys
    

The libvirt daemon (libvirtd)

The libvirt daemon provide an interface for managing virtual machines. You must have the libvirtd daemon installed and running on every remote host that you need to manage. Using Red Hat Virtualization may require a special kernel or CPU hardware support, see Chapter 1, System requirements for details.

$ ssh root@somehost
# chkconfig libvirtd on
# service libvirtd start

After libvirtd and SSH are configured you should be able to remotely access and manage your virtual machines. You should also be able to access your guests with VNC at this point.


Note: This documentation is provided {and copyrighted} by Red Hat®, Inc. and is released via the Open Publication License. The copyright holder has added the further requirement that Distribution of substantively modified versions of this document is prohibited without the explicit permission of the copyright holder. The CentOS project redistributes these original works (in their unmodified form) as a reference for CentOS-5 because CentOS-5 is built from publicly available, open source SRPMS. The documentation is unmodified to be compliant with upstream distribution policy. Neither CentOS-5 nor the CentOS Project are in any way affiliated with or sponsored by Red Hat®, Inc.