Michael Balcos GNU/Linux SysAd in the Philippines

• Note 1: It is assumed that the IP of your Debian 12 64-bit KVM server is 192.168.1.251. Change this if necessary.
• Note 2: It is assumed that the gateway IP of your Debian 12 64-bit KVM server is 192.168.1.1. Change this if necessary.
• Note 3: It is assumed that the broadcast IP of your Debian 12 64-bit KVM server is 192.168.1.255. Change this if necessary.
• Note 4: The KVM server setup here will use 192.168.1.1 as the DNS.

Setup server for remote access:

• # Install minimal Debian 12 64-bit. Create a regular user "regular". I deselected everything in the "Software selection" (tasksel) window.
• # Remove installation media.

• # Make sure CD-ROM is commented out in "/etc/apt/sources.list", and that you have configured an official Debian mirror there.

  apt-get -y update
  apt-get -y upgrade
  apt-get -y install net-tools openssh-server openssh-client
  

• cp -p /etc/network/interfaces /etc/network/interfaces.orig ; vi /etc/network/interfaces # Have the following contents. You may modify the contents if necessary.

  # This file describes the network interfaces available on your system
  # and how to activate them. For more information, see interfaces(5).
  
  source /etc/network/interfaces.d/*
  
  # The loopback network interface
  auto lo
  iface lo inet loopback
  
  # The primary network interface
  allow-hotplug enp3s0
  iface enp3s0 inet static
      address 192.168.1.251/24
      network 192.168.1.0
      broadcast 192.168.1.255
      gateway 192.168.1.1
      dns-nameservers 192.168.1.1
  

• reboot

You may now remotely access the server:

ssh regular@192.168.1.251
su -
cp -p /etc/ssh/sshd_config /etc/ssh/sshd_config.orig

• vi /etc/ssh/sshd_config # Make sure the following is uncommented:

  ListenAddress 0.0.0.0
  

• systemctl reload ssh.service

• # Proceed to setup UFW:

  apt-get -y install ufw
  ufw default deny incoming
  ufw default allow outgoing
  # Substitute the "192.168.1.217" IP address in the next command with the IP address you are using for your SSH client:
  ufw allow proto tcp from 192.168.1.217 to any port 22
  ufw enable
  ufw status numbered
  

• # Reference: https://www.cyberciti.biz/faq/install-kvm-server-debian-linux-9-headless-server/

  egrep --color 'vmx|svm' /proc/cpuinfo # To confirm if CPU supports virtualization
  apt-get -y install qemu-kvm libvirt-clients libvirt-daemon-system bridge-utils libguestfs-tools genisoimage virtinst libosinfo-bin
  

• # Make user "regular" able to manage virtual machines:

  usermod -aG libvirt regular
  usermod -aG libvirt-qemu regular
  

• # Reload Linux group membership with the help of newgrp command:

  newgrp libvirt
  newgrp libvirt-qemu
  

• vi /etc/network/interfaces # Modify if necessary.

  # This file describes the network interfaces available on your system
  # and how to activate them. For more information, see interfaces(5).
  
  source /etc/network/interfaces.d/*
  
  # The loopback network interface
  auto lo
  iface lo inet loopback
  
  # The primary network interface
  allow-hotplug enp3s0
  iface enp3s0 inet manual
  #iface enp3s0 inet static
  #   address 192.168.1.251/24
  #   network 192.168.1.0
  #   broadcast 192.168.1.255
  #   gateway 192.168.1.1
  #   dns-nameservers 192.168.1.1
  
  auto br0
  iface br0 inet static
      address 192.168.1.251
      broadcast 192.168.1.255
      netmask 255.255.255.0
      gateway 192.168.1.1
      dns-nameservers 192.168.1.1
      bridge_ports enp3s0    # replace enp3s0 with your actual interface name
      bridge_stp off       # disable Spanning Tree Protocol
      bridge_waitport 0    # no delay before a port becomes available
      bridge_fd 0          # no forwarding delay
  

• reboot

• # Do the additional following steps to setup bridged networking in KVM:

  ssh regular@192.168.1.251
  su -
  

• vi /root/bridged.xml #Content of file bridged.xml is following:

  <network>
      <name>br0</name>
      <forward mode="bridge"/>
      <bridge name="br0"/>
  </network>
  

• # Execute the following virsh commands:

  virsh net-define --file /root/bridged.xml
  virsh net-autostart br0
  virsh net-start br0
  

• reboot

Setup client:

• # Install Debian 12 64-bit with X.org and a window manager.
• # Remove installation media.

• # The following instructions is for setting up a Debian 12 64-bit virt-manager client with X.org.

  su -
  # Make sure CD-ROM is commented out in "/etc/apt/sources.list".
  apt-get -y install virt-manager ssh-askpass --no-install-recommends
  apt-get -y install gir1.2-spiceclientgtk-3.0
  exit
  

• # Proceed to setup UFW:

  apt-get -y install ufw
  ufw default deny incoming
  ufw default allow outgoing
  ufw enable
  ufw status numbered
  

• # Setup passwordless SSH in client machine(be a regular, non-root user):

  ssh-keygen # Client; Use defaults, and do not set a passphrase.
  scp ~/.ssh/id_rsa.pub regular@192.168.1.251:~/ # Client
  ssh regular@192.168.1.251 # Client
  mkdir .ssh ; cat ~/id_rsa.pub >> ~/.ssh/authorized_keys ; chmod 600 ~/.ssh/authorized_keys ; exit # Remote server
  ssh regular@192.168.1.251 # Client; You should successfully SSH without a password here.
  exit # Remote server
  su - # Client
  reboot # Client
  

• # The client machine should be able to run virt-manager, and you can add the KVM server into it. Proceed with clicking "File->Add Connection". Use "QEMU/KVM" for the "Hypervisor:". Make sure "Connect to remote host" is ticked. "Method:" should be SSH. You should use the regular. non-root user you made in the KVM server for the "Username:". It is "regular" in this documentation. "Hostname:" should have the port number used by SSH(In this documentation, the value for "Hostname:" is "192.168.1.251". You may modify it if necessary.). You may tick "Autoconnect:" if you like.

• # When creating a Virtual Machine, please make sure "Virtual network 'br0' : Bridge network" is selected under "Network selection" of the "New VM" window.