Beginner's Guide to KVM Administration
-
Ok this guide is to help anyone else who was in the same boat as I was in while setting up a lab. I had KVM setup and running on my server (using Fedora), and I had access to the server using my Fedora Workstation and Virt-Manager.
Trouble was I was constantly being asked for the password (non-root) to login to the server or access the console of the VM's I was wanting to manage.
The following assumptions are made:
- You have a user account outside of root on both your Server and Workstation
- You are using Fedora Server and Fedora Workstation
- You are using a user who is not root, but has administrative access.
- You have Virt-Manager installed on your Fedora Workstation
- You have confirmed you can connect to your KVM server using Virt-Manager (and repeated passwords eventually get you logged in)
So with thanks to @JaredBusch for helping sort me out here is what you'll need to do.
From your workstation:
sudo hostnamectl set-hostname FEDORA-WORKSTATION-NAMEObviously name your management station whatever you want. Naming your systems is what you have to do in any case (I just happened to do it here), and it makes life easier below to know where you're connected to. As this wasn't one of the assumptions I made above, now is your time to do this.
sudo gpasswd -a USERNAME libvirt
The above command adds your user account to the libvirt group, while retaining the permissions they already have.ssh-keygen -t rsa
The above generates the rsa keys required to connect without a password.ssh-copy-id -i /home/USERNAME/.ssh/id_rsa.pub USERNAME@SERVER-IP-ADDRESS
The above will copy your public rsa key from your workstation to your server, this is how you avoid being asked for your user password repeatedly.At this point you should be able to ssh into your KVM server by simply typing
ssh USERNAME@SERVER-IP-ADDRESS
Above you are connecting to your server via SSH, and shouldn't be prompted for a password. If you are asked for a password something is wrong.sudo gpasswd -a USERNAME libvirt
The above command adds your user to the libvirt group, while retaining the permissions they already have.sudo hostnamectl set-hostname SERVER-HOSTNAME
Again name your server whatever you want.exitNow back on your Workstation launch Virt-Manager.
Initially virt-manage likely has a "local" connection named "QEMU/KVM". If your hardware supports virtualization, just delete this connection. It's your desktop or laptop or VM, trying to act as an Hypervisor.
The local connection is not at all required.
- Click File
- New Connection
- QEMU/KVM
- Check "Connect to remote host"
- Method: SSH
- Username, enter your username who you added to the libvirt group on both systems.
- Hostname - Enter in your KVM server IP address.
Optionally you can check "Autoconnect"
- Click Connect
At this point you should be able to connect to your KVM server without any password entries.
Thanks again, and have a great time setting up KVM.
-
@dustinb3403 said in Beginner's Guide to KVM Administration:
ssh-keygen -t rsa
The above generates the rsa keys required to connect without a password.You only need to do
ssh-keygenin the above case (-t rsanot needed), as RSA is default, and 2048 is default.It's now generally recommended to use RSA 4096.
In this case,
ssh-keygen -b 4096would be the recommended command.However, YMMV.
Example: you may be renewing your 2048 keys frequently enough in which, at least in present-day, it doesn't matter. -
@dustinb3403 said in Beginner's Guide to KVM Administration:
From your workstation:
sudo hostnamectl set-hostname FEDORA-WORKSTATION-NAME@dustinb3403 said in Beginner's Guide to KVM Administration:
sudo hostnamectl set-hostname SERVER-HOSTNAME
Again name your server whatever you want.Just a friendly note here, to prevent any confusion:
If you set a hostname for your workstation and server during the OS installation process, you don't need to worry about these steps.
-
@dustinb3403 said in Beginner's Guide to KVM Administration:
Now back on your Workstation launch Virt-Manager.
Initially virt-manage likely has a "local" connection named "QEMU/KVM". If your hardware supports virtualization, just delete this connection. It's your desktop or laptop or VM, trying to act as an Hypervisor.
The local connection is not at all required.
For me, I don't & will not delete this "local" connection.
I use this a lot, for my "permanent" Win 10 desktop (aka vm) and to make/test quickie, throw away vm's. Comes in real handy!!
-
@fateknollogee said in Beginner's Guide to KVM Administration:
@dustinb3403 said in Beginner's Guide to KVM Administration:
Now back on your Workstation launch Virt-Manager.
Initially virt-manage likely has a "local" connection named "QEMU/KVM". If your hardware supports virtualization, just delete this connection. It's your desktop or laptop or VM, trying to act as an Hypervisor.
The local connection is not at all required.
For me, I don't & will not delete this "local" connection.
I use this a lot, for my "permanent" Win 10 desktop (aka vm) and to make/test quickie, throw away vm's. Comes in real handy!!
Same. On my laptop anyways, hosts my permanent Win10 VM.
-
I can see deleting this connection if one's machine doesnt have enough resources to run vm's.
For me, that is not the case, I've got plenty of horsepower...
-
@fateknollogee said in Beginner's Guide to KVM Administration:
I can see deleting this connection if one's machine doesnt have enough resources to run vm's.
For me, that is not the case, I've got plenty of horsepower...
No need to delete it. Just don't create VMs locally if you don't want to.
-
@dustinb3403 said in Beginner's Guide to KVM Administration:
ssh-keygen -t rsa
The above generates the rsa keys required to connect without a password.I'm using ecdsa (instead of rsa) per this info: Choosing an Algorithm & Key Size
ssh-keygen -t ecdsa -b 521 -
@fateknollogee said in Beginner's Guide to KVM Administration:
@dustinb3403 said in Beginner's Guide to KVM Administration:
ssh-keygen -t rsa
The above generates the rsa keys required to connect without a password.I'm using ecdsa (instead of rsa) per this info: Choosing an Algorithm & Key Size
ssh-keygen -t ecdsa -b 521Nice. That's the equivalent to 15,360 bit RSA!
I want to see if e everything I use including GitLab can support that.
-
@tim_g said in Beginner's Guide to KVM Administration:
@fateknollogee said in Beginner's Guide to KVM Administration:
@dustinb3403 said in Beginner's Guide to KVM Administration:
ssh-keygen -t rsa
The above generates the rsa keys required to connect without a password.I'm using ecdsa (instead of rsa) per this info: Choosing an Algorithm & Key Size
ssh-keygen -t ecdsa -b 521Nice. That's the equivalent to 15,360 bit RSA!
I want to see if e everything I use including GitLab can support that.
From my reading, it should.
