• Note 1: It is assumed that the IP of your Debian 12 64-bit KVM server is 192.168.1.251. Change this if necessary.
• Note 2: It is assumed that the gateway IP of your Debian 12 64-bit KVM server is 192.168.1.1. Change this if necessary.
• Note 3: It is assumed that the broadcast IP of your Debian 12 64-bit KVM server is 192.168.1.255. Change this if necessary.
• Note 4: The KVM server setup here will use 192.168.1.1 as the DNS.

###Setup server for remote access:

• # Install minimal Debian 12 64-bit. Create a regular user “regular”. I deselected everything in the “Software selection” (tasksel) window.

• # Remove installation media.

• # Make sure CD-ROM is commented out in “/etc/apt/sources.list”, and that you have configured an official Debian mirror there.

    apt-get -y update
    apt-get -y upgrade
    apt-get -y install net-tools openssh-server openssh-client
  

• cp -p /etc/network/interfaces /etc/network/interfaces.orig ; vi /etc/network/interfaces # Have the following contents. You may modify the contents if necessary.

    # This file describes the network interfaces available on your system
    # and how to activate them. For more information, see interfaces(5).
  
    source /etc/network/interfaces.d/*
  
    # The loopback network interface
    auto lo
    iface lo inet loopback
  
    # The primary network interface
    allow-hotplug enp3s0
    iface enp3s0 inet static
    	address 192.168.1.251/24
    	network 192.168.1.0
    	broadcast 192.168.1.255
    	gateway 192.168.1.1
    	dns-nameservers 192.168.1.1
  

• reboot

###You may now remotely access the server:

ssh [email protected]
su -
cp -p /etc/ssh/sshd_config /etc/ssh/sshd_config.orig

• vi /etc/ssh/sshd_config # Make sure the following is uncommented:

    ListenAddress 0.0.0.0
  

• systemctl reload ssh.service

• # Proceed to setup UFW:

    apt-get -y install ufw
    ufw default deny incoming
    ufw default allow outgoing
    # Substitute the "192.168.1.217" IP address in the next command with the IP address you are using for your SSH client:
    ufw allow proto tcp from 192.168.1.217 to any port 22
    ufw enable
    ufw status numbered
  

• # Reference: https://www.cyberciti.biz/faq/install-kvm-server-debian-linux-9-headless-server/

    egrep --color 'vmx|svm' /proc/cpuinfo # To confirm if CPU supports virtualization
    apt-get -y install qemu-kvm libvirt-clients libvirt-daemon-system bridge-utils libguestfs-tools genisoimage virtinst libosinfo-bin
  

• # Make user “regular” able to manage virtual machines:

    usermod -aG libvirt regular
    usermod -aG libvirt-qemu regular
  

• # Reload Linux group membership with the help of newgrp command:

    newgrp libvirt
    newgrp libvirt-qemu
  

• vi /etc/network/interfaces # Modify if necessary.

    # This file describes the network interfaces available on your system
    # and how to activate them. For more information, see interfaces(5).
  
    source /etc/network/interfaces.d/*
  
    # The loopback network interface
    auto lo
    iface lo inet loopback
  
    # The primary network interface
    allow-hotplug enp3s0
    iface enp3s0 inet manual
    #iface enp3s0 inet static
    #	address 192.168.1.251/24
    #	network 192.168.1.0
    #	broadcast 192.168.1.255
    #	gateway 192.168.1.1
    #	dns-nameservers 192.168.1.1
  
    auto br0
    iface br0 inet static
    	address 192.168.1.251
    	broadcast 192.168.1.255
    	netmask 255.255.255.0
    	gateway 192.168.1.1
    	dns-nameservers 192.168.1.1
    	bridge_ports enp3s0    # replace enp3s0 with your actual interface name
    	bridge_stp off       # disable Spanning Tree Protocol
    	bridge_waitport 0    # no delay before a port becomes available
    	bridge_fd 0          # no forwarding delay
  

• reboot

• # Do the additional following steps to setup bridged networking in KVM:

    ssh [email protected]
    su -
  

• vi /root/bridged.xml #Content of file bridged.xml is following:

    <network>
    	<name>br0</name>
    	<forward mode="bridge"/>
    	<bridge name="br0"/>
    </network>
  

• # Execute the following virsh commands:

    virsh net-define --file /root/bridged.xml
    virsh net-autostart br0
    virsh net-start br0
  

• reboot

Setup client:

• # Install Debian 12 64-bit with X.org and a window manager.

• # Remove installation media.

• # The following instructions is for setting up a Debian 12 64-bit virt-manager client with X.org.

    su -
    # Make sure CD-ROM is commented out in "/etc/apt/sources.list".
    apt-get -y install virt-manager ssh-askpass --no-install-recommends
    apt-get -y install gir1.2-spiceclientgtk-3.0
    exit
  

• # Proceed to setup UFW:

    apt-get -y install ufw
    ufw default deny incoming
    ufw default allow outgoing
    ufw enable
    ufw status numbered
  

• # Setup passwordless SSH in client machine(be a regular, non-root user):

    ssh-keygen # Client; Use defaults, and do not set a passphrase.
    scp ~/.ssh/id_rsa.pub [email protected]:~/ # Client
    ssh [email protected] # Client
    mkdir .ssh ; cat ~/id_rsa.pub >> ~/.ssh/authorized_keys ; chmod 600 ~/.ssh/authorized_keys ; exit # Remote server
    ssh [email protected] # Client; You should successfully SSH without a password here.
    exit # Remote server
    su - # Client
    reboot # Client
  

• # The client machine should be able to run virt-manager, and you can add the KVM server into it. Proceed with clicking “File->Add Connection”. Use “QEMU/KVM” for the “Hypervisor:”. Make sure “Connect to remote host” is ticked. “Method:” should be SSH. You should use the regular. non-root user you made in the KVM server for the “Username:”. It is “regular” in this documentation. “Hostname:” should have the port number used by SSH(In this documentation, the value for “Hostname:” is “192.168.1.251”. You may modify it if necessary.). You may tick “Autoconnect:” if you like.

• # When creating a Virtual Machine, please make sure “Virtual network ‘br0’ : Bridge network” is selected under “Network selection” of the “New VM” window.