Re: [Qemu-discuss] QEMU with pre-created TAP in user mode

[anatoly techtonik]

On Thu, Jun 28, 2012 at 5:27 PM, Mike Lovell <address@hidden> wrote:
> On 06/28/2012 08:05 AM, anatoly techtonik wrote:
>>
>> Hi,
>>
>> I've read that QEMU should work in user mode without sudo if TAP
>> interface is pre-created. But I can not make it work. The interface is
>> created with sudo:
>>
>> $ sudo tunctl
>> Set 'tap0' persistent and owned by uid 0
>> $ sudo ifconfig tap0 192.168.16.1/24
>>
>> But when I launch QEMU in user mode - it fails:
>> $ qemu-kvm -hda linux.img -net user -net nic -net nic -net
>> tap,ifname=tap0,script=no
>> qemu-kvm: -net tap,ifname=tap0,script=no: could not configure
>> /dev/net/tun (tap0): Operation not permitted
>> qemu-kvm: -net tap,ifname=tap0,script=no: Device 'tap' could not be
>> initialized
>>
>> Is that possible to run QEMU with TAP device to access guest from host
>> without giving up admin rights?
>> Did I miss something?
>
>
> it is possible to do this and you are close. since you didn't specify a -u
> option to tunctl, the newly created tap device is only usable by root, or
> uid 0. try 'sudo tunctl -u <your username>' and then running qemu. this
> option to tunctl specifies which user has ownership of the tap device. you
> will also need to make sure that your user has the ability to read and write
> to /dev/net/tun.

Thanks. Now QEMU starts ok, but I still unable to connect to guest
using SSH after giving both guest eth1 and host tap0 IPs from the same
network. Pings work ok both sides. SSH to other virtual machines on
the same host (under libvirt) works ok. The error:

$ ssh -vvv address@hidden
OpenSSH_5.9p1, OpenSSL 1.0.0j-fips 10 May 2012
debug1: Reading configuration data /etc/ssh/ssh_config
debug1: /etc/ssh/ssh_config line 50: Applying options for *
debug2: ssh_connect: needpriv 0
debug1: Connecting to 192.168.16.15 [192.168.16.15] port 22.
debug1: Connection established.
debug3: Incorrect RSA1 identifier
debug3: Could not load "/home/user/.ssh/id_rsa" as a RSA1 public key
debug1: identity file /home/user/.ssh/id_rsa type 1
debug1: identity file /home/user/.ssh/id_rsa-cert type -1
debug1: identity file /home/user/.ssh/id_dsa type -1
debug1: identity file /home/user/.ssh/id_dsa-cert type -1
ssh_exchange_identification: read: Connection reset by peer

/var/logs/auth.log on guest shows this:
... sshd[1446]: Did not receive identification string from 192.168.16.1

For other machines output is different:
...
debug1: identity file /home/user/.ssh/id_dsa-cert type -1
debug1: Remote protocol version 2.0, remote software version
OpenSSH_5.5p1 Debian-6+squeeze2
debug1: match: OpenSSH_5.5p1 Debian-6+squeeze2 pat OpenSSH*
debug1: Enabling compatibility mode for protocol 2.0
...


P.S. Sorry for double posting. Some address@hidden keeps
sending mails about invalid commands, so I was confused if I should
subscribe and resend the mail. It still sends those emails.
--
anatoly t.