Transparent Multi-hop SSH

Doing It Manually

Generate keys on local desktop:

ssh-keygen -t rsa -b 4096 -C ""

Append public key to server “” as
Then repeat this to create connection from to internal account: root@

Not you can access root@ from desktop over in one cmd:

ssh -A -t  ssh -A root@ 
  • -A to enable agent forwarding
  • -t to force a pseudo-tty to be allocated.

A Better Way

vim ~/.ssh/config

and add lines:

Host server-kvm

Host server-internal
  ProxyCommand ssh -q server-kvm nc -q0  22

Now that the proxy command is set up, you can connect to the ‘aoraki’ host simply by typing:

ssh server-internal

Configure static guest IP on KVM

List all machines to get their names:

virsh list --all
 Id    Name                           State
 12    vps-1                  running

Get machine mac address:

virsh  dumpxml  $VPS_NAME | grep 'mac address'
<mac address='xx:xx:xx:xx:xx:xx'/>

Then edit the network

virsh  net-list
 Name                 State      Autostart     Persistent
 default              active     yes           yes

NETWORK_NAME='default'     # Probably "default"
virsh  net-edit  $NETWORK_NAME

Edit xml config of network

virsh net-dumpxml default > default.xml
vim default.xml

Change section:
– restrict the dynamic IP range
– host entries for your VPS

  <range start='' end=''/>
  <host mac='xx:xx:xx:xx:xx:01' name='vps-1' ip=''/>
  <host mac='xx:xx:xx:xx:xx:02' name='vps-2' ip=''/>
  <host mac='xx:xx:xx:xx:xx:03' name='vps-3' ip=''/>

Restart network service:

virsh net-destroy default
virsh net-define default.xml
virsh net-start default

RDC access to remote VirtualBox guest

First need to install Oracle Extension package:
and download VirtualBox 5.1.2 Oracle VM VirtualBox Extension Pack ex: “Oracle_VM_VirtualBox_Extension_Pack-5.0.26-108824.vbox-extpack”

VBoxManage extpack install Oracle_VM_VirtualBox_Extension_Pack-5.0.26-108824.vbox-extpack

You can also do it with GUI: Menu -> Settings -> Extensions

Setting VBox guest remote display

I use port range: 5100-5120

VBoxManage modifyvm "${VBNAME}" --vrde on
VBoxManage modifyvm "${VBNAME}" --vrdeauthtype external
VBoxManage modifyvm "${VBNAME}" --vrdeport 5100-5120
VBoxManage modifyvm "${VBNAME}" --vrdemulticon on

Check machine settings:

VBoxManage showvminfo "${VBNAME}" | grep 'VRDE:'
# VRDE:            enabled (Address, Ports 5100-5120, MultiConn: on, ReuseSingleConn: off, Authentication type: external)

Start it headless:

VBoxManage startvm "${VBNAME}" --type headless

Running machine should use first port for VRDE

netstat -ntlp |  grep VBoxHeadless
# tcp        0      0  *               LISTEN      3967/VBoxHeadless


I use apt-get install remmina or krdc
Use your remote host user and password, its your ssh user if remote system is on Linux/


Usefull IO monitoring commands:

pidstat -d 5 
13:53:12      UID       PID   kB_rd/s   kB_wr/s kB_ccwr/s iodelay  Command
13:53:17        0      1655      0,00      0,80      0,00     453  jbd2/dm-0-8
13:53:17     4031      5986      0,00      0,80      0,00       0  VBoxHeadless
13:53:17       33     12126      0,00      0,80      0,00       0  apache2
13:53:17     4031     25320    406,50      0,00      0,00       0  VBoxHeadless
13:53:17      111     28478      6,40    162,40      0,00       0  mysqld
iostat -d 5