Logging in into a Linux machine and executing the hundreds commands available is just one of the most common usages of OpenSSH. Another interesting and very useful usage is tunneling some specific (or even all) traffic from your local machine to an external machine you have access to.
Today we’ll analyze how to access a certain virtual machine’s console by tunneling the relevant VNC port locally and accessing it through your favorite VNC client. The scenario:
- Machine A is our main virtualization machine and hosts several virtual machines. (VMs)
- Each VM has its own VNC port assigned. (usually the port range goes from 5900 to 5910 or even more if the hosted VMs are more than 10)
- We’ll be using libvirt, thus virsh.
We first need to find out which port got assigned to the VM we want to have console access to:
sudo virsh virsh # list Id Name Status ---------------------------------------------------- 5 foo running 6 bar running 7 foobar running virsh # vncdisplay foobar :3
We, then, create a tunnel which redirects all the traffic from the main virtualization machine’s port to the port we gonna specify in the next command:
ssh -f -N -L 5910:localhost:5903 user@machine-A.com
A few details about the previous command:
- -N tells SSH to not execute any command after logging in.
- -f tells SSH to hide into the background just before the command gets executed.
- -L enables the port forwarding between the local (client) host and the host on the remote side.
And…why did I choose respectively port 5903 and 5910?
While you can adjust port 5910 with your own choice (that will just move the tunneled traffic from port 5910 to your favorite port), that won’t work as expected with port 5903 since each VNC port is binded to the number of display virsh assigned to it. (for example, the bar VM may be running on display 5, thus its vncdisplay port will be 5905)
When done, fire up your favorite VNC client and create a new connection with the following details:
Protocol: VNC - Virtual Network Computing Server: localhost - 127.0.0.1 Port: 5910
The connection will load and you’ll be put in front of your ‘foobar’ VM console.