Accessing libvirt VMs via telnet

There are many “tricks” floating around how to connect to VM when you have a networking issue and ssh is not available. The idea is to use serial console to get shell access. Here is how to do this properly with RHEL7 host and guest.

First, create a VM with serial console configured with remote TCP server. There are multiple options, I find TCP server in ‘telnet’ mode the most flexible configuration because most scripting languages has the protocol built-in. You can use virt-manager or virt-install to do that:

  <serial type="tcp">
    <source mode="connect" host="" service="4555"/>
    <protocol type="telnet"/>
    <target port="0"/>

Boot the VM and then enable getty:

$ systemctl enable serial-getty@ttyS0.service
$ systemctl start serial-getty@ttyS0.service

That’s all, access the console interactively:

$ telnet localhost 4555

To access ‘raw’ console (protocol type in the XML snippet above), use netcat or similar tool. Other options in libvirt are logfile, UDP, pseudo TTY, named pipe, unix socket or null. You get the idea.

When creating multiple serial devices, only the first one (ttyS0) is allowed for root access by default. To enable second one, do:

$ echo ttyS1 >> /etc/securetty

That’s all for today.

20 February 2018 | linux | fedora | rhel | libvirt