Man1 - spice-client.1
Table of Contents
NAME
Spice-GTK - a client-side library to access remote SPICE displays
DESCRIPTION
Spice-GTK is a library allowing access to remote displays over the SPICE protocol. At the moment It’s mainly used to access remote virtual machines.
The Spice-GTK library provides a set of command line options which can be used to tweak some SPICE-specific option.
URI
To initiate a plain SPICE connection (the connection will be unencrypted) to hostname.example.com and port 5900, use the following URI:
spice://hostname.example.com:5900
In order to start a TLS connection, one would use:
spice+tls://hostname.example.com:5900
Note: ’spice+tls’ is available since v0.35, you have to use the spice:// query string with the ’tls-port’ parameter before that.
URI query string
spice URI accepts query string. Several parameters can be specified at once if they are separated by & or ;
spice://hostname.example.com?port=5900;tls-port=5901
When using ’tls-port’, it’s recommended to not specify any non-TLS port. If you give both ’port’ and ’tls-port’, make sure you use the –spice-secure-channels options to indicate which channels must be secure. Otherwise, Spice-GTK first attempts a connection to the non-TLS port, and then try to use the TLS port. This means a man-in-the-middle could force the whole SPICE session to go in clear text regardless of the TLS settings of the SPICE server.
Other valid URI parameters are ’username’ and ’password’. Be careful that passing a password through a SPICE URI might cause the password to be visible by any local user through ’ps’.
OPTIONS
The following options are accepted when running a SPICE client which makes use of the default Spice-GTK options:
- –spice-secure-channels=<main,display,inputs,…,all>
- Force the specified channels to be secured This instructs the SPICE client that it must use a TLS connection for these channels. If the server only offers non-TLS connections for these channels, the client will not use these. If the special value all is used, this indicates that all SPICE channels must be encrypted. The current SPICE channels are: main, display, inputs, cursor, playback, record, smartcard, usbredir.
- –spice-disable-effects=<wallpaper,font-smooth,animation,all>
- Disable guest display effects This tells the SPICE client that it should attempt to disable some guest features in order to lower bandwidth usage. This requires guest support, usually through a SPICE agent. This is currently only supported on Windows guests. wallpaper will disable the guest wallpaper, font-smooth will disable font antialiasing, animation will try to disable some of the desktop environment animations. all will attempt to disable everything which can be disabled.
- –spice-color-depth=<16,32>
- Guest display color depth - DEPRECATED This tells the SPICE client that it should attempt to force the guest OS color depth. A lower color depth should lower bandwith usage. This requires guest support, usually through a SPICE agent. This is currently only supported on Windows 7 and older guests.
- –spice-ca-file=<file>
- Truststore file for secure connections This option is used to specify a .crt file containing the CA certificate with which the SPICE server TLS certificates are signed. This is useful when using self-signed TLS certificates rather than certificates signed by an official CA.
- –spice-host-subject=<host-subject>
- Subject of the host certificate (field=value pairs separated by commas) When using self-signed certificates, or when the guest is migrated between different hosts, the subject/altSubject of the TLS certificate the SPICE server will provide will not necessarily match the hostname we are connecting to. This option makes it possible to override the expected subject of the TLS certificate. The subject must correspond to the Subject: line returned by: openssl x509 -noout -text -in server-cert.pem
- –spice-debug
- Enable Spice-GTK debugging. This can also be toggled on with the SPICE_DEBUG environment variable, or using G_MESSAGES_DEBUG=all
- –spice-disable-audio
- Disable audio support
- –spice-disable-usbredir
- Disable USB redirection support
- –spice-usbredir-auto-redirect-filter=<filter-string>
- Filter
selecting USB devices to be auto-redirected when plugged in This
filter specifies which USB devices should be automatically redirected
when they are plugged in during the lifetime of a SPICE session. A
rule has the form of:
class,vendor,product,version,allow
-1 can be used instead of class, vendor, product or version in order to accept any value. Several rules can be concatenated with ’|’:rule1|rule2|rule3
- –spice-usbredir-redirect-on-connect=<filter-string>
- Filter selecting USB devices to redirect on connect This filter specifies which USB devices should be automatically redirected when a SPICE connection to a remote display has been established.
- –spice-gtk-version
- Display Spice-GTK version information
- –spice-smartcard
- Enable smartcard support
- –spice-smartcard-db=<certificate-db>
- Path to the local certificate
database to use for software smartcard certificates This option is
only useful for testing purpose. Instead of having a hardware
smartcard reader, and a physical smartcard, you can specify a file
containing 3 certificates which will be used to emulate a smartcard in
software. See
http://www.spice-space.org/page/SmartcardUsage#Using_a_software_smartcard
for more details about how to generate these certificates. - –spice-smartcard-certificates=<certificates>
- Certificates to use for software smartcards (field=values separated by commas) This option is only useful for testing purpose. This allows to specify which certificates from the certificate database specified with –spice-smartcard-db should be used for smartcard emulation.
- –spice-cache-size=<bytes>
- Image cache size - DEPRECATED This option should only be used for testing/debugging.
- –spice-glz-window-size=<bytes>
- Glz compression history size - DEPRECATED This option should only be used for testing/debugging.
BUGS
Report bugs to the mailing list
http://lists.freedesktop.org/mailman/listinfo/spice-devel
COPYRIGHT
Copyright (C) 2011, 2014 Red Hat, Inc., and various contributors. This
is free software. You may redistribute copies of it under the terms of
the GNU Lesser General Public License
https://www.gnu.org/licenses/old-licenses/lgpl-2.1.html
. There is NO
WARRANTY, to the extent permitted by law.
SEE ALSO
virt-viewer(1)
, the project website http://spice-space.org