Remote Spice access *without* using web manager

ramaza

Member
Jun 21, 2017
8
0
6
42
In the meantime I modified my script slightly to also power on the VM in case it isn't.

Only the "GET VM STATUS" part was added. Everything else remained the same.

Code:
#!/bin/bash

#
# SETTINGS
#
# Fill the following section with your prefered settings.
# Leaving the password field empty is much more secure. It will be prompted on the command line.
# Alternatively create a Proxmox user with limited privileges like shown in this template.
#

NODE="hostname"
VMID="100"
PROXY=""
USERNAME="spice@pve"
PASSWORD="spice"

#
# INITIALIZATION
#

if ! type "jq" > /dev/null; then
    echo 'Command line tool "jq" is needed. Please install.'
fi

if [ -z "$PASSWORD" ]; then
    read -s -p "Password: " PASSWORD
    echo
fi

if [ -z "$USERNAME" ]; then
    USERNAME=root@pam
fi

if [ -z "$PROXY" ]; then
    PROXY=$NODE
fi

#
# AUTHENTICATION PROCESS
#

RESPONSE=$(curl -f -s -S -k -d "username=$USERNAME&password=$PASSWORD"  "https://$PROXY:8006/api2/json/access/ticket")

if [ $? -ne 0 ]; then
    echo "ERROR: Authentication failed"
    exit 1
fi

TICKET=$(echo $RESPONSE | jq -r '.data.ticket')
CSRF=$(echo $RESPONSE | jq -r '.data.CSRFPreventionToken')

if [ -z "$TICKET" ] || [ -z "$CSRF" ]; then
    echo "ERROR: Could not process Authentication Ticket"
    exit 1
fi

#
# GET VM STATUS
#

RESPONSE=$(curl -f -s -S -k -b "PVEAuthCookie=$TICKET" -H "CSRFPreventionToken: $CSRF" "https://$PROXY:8006/api2/json/nodes/$NODE/qemu/$VMID/status/current")

STATUS=$(echo $RESPONSE | jq -r '.data.qmpstatus')

if [ $STATUS = "stopped" ]; then
    echo "ERROR: VM not running. Trying to start"
    RESPONSE=$(curl -d "" -f -s -S -k -b "PVEAuthCookie=$TICKET" -H "CSRFPreventionToken: $CSRF" "https://$PROXY:8006/api2/json/nodes/$NODE/qemu/$VMID/status/start")

    echo "Waiting 10 seconds before trying Spice connection ..."
    sleep 10
fi

#
# GET SPICE CONFIGURATION
#

RESPONSE=$(curl -f -s -S -k -b "PVEAuthCookie=$TICKET" -H "CSRFPreventionToken: $CSRF" "https://$PROXY:8006/api2/json/nodes/$NODE/qemu/$VMID/spiceproxy" -d "proxy=$PROXY")

if [ $? -ne 0 ]; then
    echo "ERROR: Maybe Proxmox-API changed?"
    exit 1
fi

#
# PARSING JSON RESPONSE
#

ATTENTION=$(echo $RESPONSE | jq -r '.data."secure-attention"')
DELETE=$(echo $RESPONSE | jq -r '.data."delete-this-file"')
PROXY=$(echo $RESPONSE | jq -r '.data.proxy')
TYPE=$(echo $RESPONSE | jq -r '.data.type')
CA=$(echo $RESPONSE | jq -r '.data.ca')
FULLSCREEN=$(echo $RESPONSE | jq -r '.data."toggle-fullscreen"')
TITLE=$(echo $RESPONSE | jq -r '.data.title')
HOST=$(echo $RESPONSE | jq -r '.data.host')
PASSWORD=$(echo $RESPONSE | jq -r '.data.password')
SUBJECT=$(echo $RESPONSE | jq -r '.data."host-subject"')
CURSOR=$(echo $RESPONSE | jq -r '.data."release-cursor"')
PORT=$(echo $RESPONSE | jq -r '.data."tls-port"')

#
# GENERATING REMOTE-VIEWER CONNECTION FILE
#

TMP=$(mktemp)

echo "[virt-viewer]" > $TMP
echo "secure-attention=${ATTENTION}" >> $TMP
echo "delete-this-file=${DELETE}" >> $TMP
echo "proxy=${PROXY}" >> $TMP
echo "type=${TYPE}" >> $TMP
echo "ca=${CA}" >> $TMP
echo "toggle-fullscreen=${FULLSCREEN}" >> $TMP
echo "title=${TITLE}" >> $TMP
echo "host=${HOST}" >> $TMP
echo "password=${PASSWORD}" >> $TMP
echo "host-subject=${SUBJECT}" >> $TMP
echo "release-cursor=${CURSOR}" >> $TMP
echo "tls-port=${PORT}" >> $TMP

#
# STARTING REMOTE-VIEWER
#

remote-viewer $TMP &
 
Dec 19, 2012
429
12
38
Hi.
I tried your script today (proxmox 5.3.6) and got this (same output on two different clients):
Code:
./proxmox-connect.sh
Password:
curl: (22) The requested URL returned error: 596 tls_process_server_certificate: certificate verify failed
./proxmox-connect.sh: Zeile 64: [: =: Einstelliger (unärer) Operator erwartet.
curl: (22) The requested URL returned error: 596 tls_process_server_certificate: certificate verify failed
ERROR: Maybe Proxmox-API changed?
Any ideas?
 
Aug 22, 2018
7
1
8
43
Hi.
I tried your script today (proxmox 5.3.6) and got this (same output on two different clients):
Code:
./proxmox-connect.sh
Password:
curl: (22) The requested URL returned error: 596 tls_process_server_certificate: certificate verify failed
./proxmox-connect.sh: Zeile 64: [: =: Einstelliger (unärer) Operator erwartet.
curl: (22) The requested URL returned error: 596 tls_process_server_certificate: certificate verify failed
ERROR: Maybe Proxmox-API changed?
Any ideas?
Hello,

for me i find a Solution, it is depending on parts in the RESPONSE url. if $NODE is different from the hostname.

therefore I added another Variable called $NODENAME
and changed every part starting with

RESPONSE=..../$NODE/...
by
RESPONSE=.../$NODENAME/...

I set $NODENAME to the name you see for the host in the "Sverver View" on the WebGui

after that I can connect to the VM
 
Aug 22, 2018
7
1
8
43
Code:
#!/bin/bash

#
# SETTINGS
#
# Fill the following section with your prefered settings.
# Leaving the password field empty is much more secure. It will be prompted on the command line.
# Alternatively create a Proxmox user with limited privileges like shown in this template.
#

NODE="-IP-"
NODENAME="-NODENAME-"
VMID="-VMID-"
PROXY=""
USERNAME="user@pve"
PASSWORD="secretpassword"

#
# INITIALIZATION
#

if ! type "jq" > /dev/null; then
    echo 'Command line tool "jq" is needed. Please install.'
fi

if [ -z "$PASSWORD" ]; then
    read -s -p "Password: " PASSWORD
    echo
fi

if [ -z "$USERNAME" ]; then
    USERNAME=root@pam
fi

if [ -z "$PROXY" ]; then
    PROXY=$NODE
fi

#
# AUTHENTICATION PROCESS
#

RESPONSE=$(curl -f -s -S -k -d "username=$USERNAME&password=$PASSWORD"  "https://$PROXY:8006/api2/json/access/ticket")

if [ $? -ne 0 ]; then
    echo "ERROR: Authentication failed"
    exit 1
fi

TICKET=$(echo $RESPONSE | jq -r '.data.ticket')
CSRF=$(echo $RESPONSE | jq -r '.data.CSRFPreventionToken')

if [ -z "$TICKET" ] || [ -z "$CSRF" ]; then
    echo "ERROR: Could not process Authentication Ticket"
    exit 1
fi

#
# GET VM STATUS
#

RESPONSE=$(curl -f -s -S -k -b "PVEAuthCookie=$TICKET" -H "CSRFPreventionToken: $CSRF" "https://$PROXY:8006/api2/json/nodes/$NODENAME/qemu/$VMID/status/current")


STATUS=$(echo $RESPONSE | jq -r '.data.qmpstatus')

if [ $STATUS = "stopped" ]; then
    echo "ERROR: VM not running. Trying to start"
    RESPONSE=$(curl -d "" -f -s -S -k -b "PVEAuthCookie=$TICKET" -H "CSRFPreventionToken: $CSRF" "https://$PROXY:8006/api2/json/nodes/$NODENAME/qemu/$VMID/status/start")

    echo "Waiting 10 seconds before trying Spice connection ..."
    sleep 10
fi

#
# GET SPICE CONFIGURATION
#

RESPONSE=$(curl -f -s -S -k -b "PVEAuthCookie=$TICKET" -H "CSRFPreventionToken: $CSRF" "https://$PROXY:8006/api2/json/nodes/$NODENAME/qemu/$VMID/spiceproxy" -d "proxy=$PROXY")

if [ $? -ne 0 ]; then
    echo "ERROR: Maybe Proxmox-API changed?"
    exit 1
fi

#
# PARSING JSON RESPONSE
#

ATTENTION=$(echo $RESPONSE | jq -r '.data."secure-attention"')
DELETE=$(echo $RESPONSE | jq -r '.data."delete-this-file"')
PROXY=$(echo $RESPONSE | jq -r '.data.proxy')
TYPE=$(echo $RESPONSE | jq -r '.data.type')
CA=$(echo $RESPONSE | jq -r '.data.ca')
FULLSCREEN=$(echo $RESPONSE | jq -r '.data."toggle-fullscreen"')
TITLE=$(echo $RESPONSE | jq -r '.data.title')
HOST=$(echo $RESPONSE | jq -r '.data.host')
PASSWORD=$(echo $RESPONSE | jq -r '.data.password')
SUBJECT=$(echo $RESPONSE | jq -r '.data."host-subject"')
CURSOR=$(echo $RESPONSE | jq -r '.data."release-cursor"')
PORT=$(echo $RESPONSE | jq -r '.data."tls-port"')

#
# GENERATING REMOTE-VIEWER CONNECTION FILE
#

TMP=$(mktemp)

echo "[virt-viewer]" > $TMP
echo "secure-attention=${ATTENTION}" >> $TMP
echo "delete-this-file=${DELETE}" >> $TMP
echo "proxy=${PROXY}" >> $TMP
echo "type=${TYPE}" >> $TMP
echo "ca=${CA}" >> $TMP
echo "toggle-fullscreen=${FULLSCREEN}" >> $TMP
echo "title=${TITLE}" >> $TMP
echo "host=${HOST}" >> $TMP
echo "password=${PASSWORD}" >> $TMP
echo "host-subject=${SUBJECT}" >> $TMP
echo "release-cursor=${CURSOR}" >> $TMP
echo "tls-port=${PORT}" >> $TMP

#
# STARTING REMOTE-VIEWER
#

remote-viewer $TMP &
 
Dec 19, 2012
429
12
38
Hi. Super .. .jetzt hat's geklappt. Man sollte aber dazu schreiben, dass auch der Port 3128 erreichbar sein muss. ich hatte mich vorher über die Meldung "Zeitüberschreitung bei Ein-/Ausgabeoperartion des Sockets" gewundert ...
Jetzt läuft es aber. Danke!

Sorry, english answer follows .. it works now but it should be mentioned that port 3128 must be reachable as well.
 
Last edited:

trefmanic

New Member
Mar 5, 2019
3
0
1
36
I wrote a python3 wrapper that uses Remmina with SPICE plugin to connect to VM's SPICE console. It's still a WIP, but somewhat useable.
It's trefmanic/rpspice on the Github.
 
Dec 19, 2012
429
12
38
trefmanic/rpspice
Hi. I tried your script in a shell -- but it didn't work.
Would be nice to see some screenshots -- escpecially the settings for remmina.
Greetings.


Errorcode (better on github??):
Code:
./rpspice.py -u vmuser@pve -c my.proxmox-host.com -i 199

Traceback (most recent call last):
  File "/usr/lib/python3/dist-packages/urllib3/connectionpool.py", line 601, in urlopen
    chunked=chunked)
  File "/usr/lib/python3/dist-packages/urllib3/connectionpool.py", line 346, in _make_request
    self._validate_conn(conn)
  File "/usr/lib/python3/dist-packages/urllib3/connectionpool.py", line 852, in _validate_conn
    conn.connect()
  File "/usr/lib/python3/dist-packages/urllib3/connection.py", line 346, in connect
    _match_hostname(cert, self.assert_hostname or hostname)
  File "/usr/lib/python3/dist-packages/urllib3/connection.py", line 356, in _match_hostname
    match_hostname(cert, asserted_hostname)                                                                                                                                     
  File "/usr/lib/python3.6/ssl.py", line 327, in match_hostname                                                           
    % (hostname, ', '.join(map(repr, dnsnames))))             
....
 
Last edited:

trefmanic

New Member
Mar 5, 2019
3
0
1
36
There is no need for any specific settings for Remmina, because it's connection file is generated dynamically by this script. The only problem is when you have tray icon enabled, temporary connection files are not always removed. I'll write some way to detect this eventually.

Code:
./rpspice.py -u vmuser@pve -c my.proxmox-host.com -i 199

Traceback (most recent call last):
  File "/usr/lib/python3/dist-packages/urllib3/connectionpool.py", line 601, in urlopen
    chunked=chunked)
  File "/usr/lib/python3/dist-packages/urllib3/connectionpool.py", line 346, in _make_request
    self._validate_conn(conn)
  File "/usr/lib/python3/dist-packages/urllib3/connectionpool.py", line 852, in _validate_conn
    conn.connect()
  File "/usr/lib/python3/dist-packages/urllib3/connection.py", line 346, in connect
    _match_hostname(cert, self.assert_hostname or hostname)
  File "/usr/lib/python3/dist-packages/urllib3/connection.py", line 356, in _match_hostname
    match_hostname(cert, asserted_hostname)                                                                                                                                   
  File "/usr/lib/python3.6/ssl.py", line 327, in match_hostname                                                         
    % (hostname, ', '.join(map(repr, dnsnames))))           
....

First, if you are using default Proxmox install, it's listening on the port 8006. Set PVE_PORT constant in the script to 8006 (it should read PVE_PORT = '8006'). The automatic port detection feature is not implemented yet. Second, you may be using self-signed certificate for your cluster. The solution will be to get a valid certificate (from letsencrypt, for example) or to add cluster CA certificate (/etc/pve/pve-root-ca.pem) to trusted in your system.
Make sure you have requests installed (pip3 install requests).

Also, right now it only supports connections to the VM, running at the same node as the cluster. But this will be the first feature to be added.
 

jluc2808

New Member
Mar 22, 2019
16
0
1
67
code with the last version
hello, i tried your script and everytime i get an error when launch remote-viewer :
Unable to init server: Could not connect: Connection refused
(remote-viewer:6195): Gtk-WARNING **: cannot open display

the tmp.xxxx file is generated and seems OK

Code:
[virt-viewer]
secure-attention=Ctrl+Alt+Ins
delete-this-file=1
proxy=http://192.168.1.176:3128
type=spice
ca=-----BEGIN CERTIFICATE-----\nMIIFwjCCA6qgAwIBAgIJAIq5hWtzgqUyMA0GCSqGSIb3DQEBCwUAMHYxJDAiBgNV..........lKgAv/KjVnw=\n-----END CERTIFICATE-----\n\
toggle-fullscreen=Shift+F11
title=VM 102 - Proxmox-Android8.1
host=pvespiceproxy:5ca0ff1e:102:proxmox::5f79cb6c2723099f90c0b336bd8a9bd08e9f9ed5
password=xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
host-subject=OU=PVE Cluster Node,O=Proxmox Virtual Environment,CN=proxmox.com
release-cursor=Ctrl+Alt+R
tls-port=61000

so i couldn't understand why this error ?
any help is welcome
 

GUENTER

New Member
Oct 14, 2015
26
3
3
Hello Elbandi,

after a lot of try and error I was able to compile your go script into a windows executable which works like a charm!

Many thank's for your support!

Best regards
Günter
 
Jun 24, 2019
8
4
8
42
[QUOTE
Just compile with golang, and you can use with command line params:
-host pvenodeip -user foobar@pve -pass secret -vmid 123

or from a config file:
Code:
host=pvenodeip
user=foobar@pve
pass=secret
vmid=123
viewer=path/to/remote-viewer.exe

use: -config path/to/configfile[/QUOTE]

Thanks for your work and your tool!
I had the same hard way to compile your tool to an EXE (3 packages have to copy manually from Github into the local src folder) but after solve this I got an EXE file.
But currently I have a problem to connect it with a virtual Win10 machine. It works with the spice ticket from the web interface an the local virt-viewer but with your tool, it open the viewer and wait for a "connection with the graphic server."
Do you have any tips for me to get it working?
I use Proxmox 5.4.4, Windows 10 VM with spice guest tool, your tool and the virtual machine viewer 8.0-256 on a Win7 machine.
Connection with Spice ticket from web interface work well but the one-click-solution with your tool does not work.
 
  • Like
Reactions: mikeboiko

moxmox

Member
Aug 14, 2019
50
8
13
42
I have created a small windows command line app (.net) that achieves the same result if anyone wants it. I can put the code on github or provide a built exe.
 
  • Like
Reactions: Marc_in_the_dark
Jun 24, 2019
8
4
8
42
I have created a small windows command line app (.net) that achieves the same result if anyone wants it. I can put the code on github or provide a built exe.

I'm very interested in your app. It would be great to get it as an executable file. I hope to get a solution for the proxmox 6.0 and spice. Because the old app doesn't work anymore.
Thanks for your work!
 

moxmox

Member
Aug 14, 2019
50
8
13
42
I'm very interested in your app. It would be great to get it as an executable file. I hope to get a solution for the proxmox 6.0 and spice. Because the old app doesn't work anymore.
Thanks for your work!

OK will do a build for you.

Only did it this morning so only been tested on one proxmox install but hopefully should work..

I am on latest proxmox 6 so should hopefully work for you.
 

moxmox

Member
Aug 14, 2019
50
8
13
42
I'm very interested in your app. It would be great to get it as an executable file. I hope to get a solution for the proxmox 6.0 and spice. Because the old app doesn't work anymore.
Thanks for your work!

Here is a link to it - if there are any errors it will show the message in the command window and wait for you to press enter before terminating.

Its pretty rough code but let me know if it works.

https://moxhamconsultants.com/proxmox/ProxmoxSpiceLauncher.zip

it needs to be run with the following arguments, should hopefully work with other virt viewer versions but this is the version I am using (note the quotes around the remote viewer path)

ProxmoxSpiceLauncher.exe host=x.x.x.x port=8006 username=root@pam password=xxx node=pve vm=121 viewer="C:\Program Files\VirtViewer v8.0-256\bin\remote-viewer.exe"
 
Jun 24, 2019
8
4
8
42
Here is a link to it - if there are any errors it will show the message in the command window and wait for you to press enter before terminating.

Its pretty rough code but let me know if it works.

https://moxhamconsultants.com/proxmox/ProxmoxSpiceLauncher.zip

it needs to be run with the following arguments, should hopefully work with other virt viewer versions but this is the version I am using (note the quotes around the remote viewer path)

ProxmoxSpiceLauncher.exe host=x.x.x.x port=8006 username=root@pam password=xxx node=pve vm=121 viewer="C:\Program Files\VirtViewer v8.0-256\bin\remote-viewer.exe"

It works fantastic and with the new version of Proxmox. :) Thank you so much for sharing your tool!
Now it's easy to make a one-click-solution.
 

About

The Proxmox community has been around for many years and offers help and support for Proxmox VE, Proxmox Backup Server, and Proxmox Mail Gateway.
We think our community is one of the best thanks to people like you!

Get your subscription!

The Proxmox team works very hard to make sure you are running the best software and getting stable updates and security enhancements, as well as quick enterprise support. Tens of thousands of happy customers have a Proxmox subscription. Get your own in 60 seconds.

Buy now!