spice-client (1) - Linux Manuals
spice-client: a client-side library to access remote SPICE displays
NAME
Spice-GTK - a client-side library to access remote SPICE displays
DESCRIPTION
Spice-GTK is a library allowing access to remote displays over the SPICE protocol. At the moment It's mainly used to access remote virtual machines.The Spice-GTK library provides a set of command line options which can be used to tweak some SPICE-specific option.
URI
The most basic SPICE URI which can be used is in the form
This will try to initiate a SPICE connection to hostname.example.com
to port 5900. This connection will be unencrypted. This URI is
equivalent to
In order to start a TLS connection, one would use
Other valid URI parameters are 'username' and 'password'. Be careful that
passing a password through a SPICE URI might cause the password to be
visible by any local user through 'ps'.
Several parameters can be specified at once if they are separated
by & or ;
When using 'tls-port', it's recommended to not specify any non-TLS port.
If you give both 'port' and 'tls-port', make sure you use the
--spice-secure-channels options to indicate which channels must be secure.
Otherwise, Spice-GTK first attempts a connection to the non-TLS port, and
then try to use the TLS port. This means a man-in-the-middle could force
the whole SPICE session to go in clear text regardless of the TLS settings
of the SPICE server.
This instructs the SPICE client that it must use a TLS connection for these
channels. If the server only offers non-TLS connections for these channels,
the client will not use these. If the special value ``all'' is used, this
indicates that all SPICE channels must be encrypted.
The current SPICE channels are: main, display, inputs, cursor, playback,
record, smartcard, usbredir.
This tells the SPICE client that it should attempt to disable some guest
features in order to lower bandwidth usage. This requires guest support,
usually through a SPICE agent. This is currently only supported on Windows
guests.
``wallpaper'' will disable the guest wallpaper, ``font-smooth'' will disable
font antialiasing, ``animation'' will try to disable some of the desktop
environment animations. ``all'' will attempt to disable everything which
can be disabled.
This tells the SPICE client that it should attempt to force the guest OS
color depth. A lower color depth should lower bandwith usage. This requires
guest support, usually through a SPICE agent. This is currently only
supported on Windows guests.
This option is used to specify a .crt file containing the CA certificate with which
the SPICE server TLS certificates are signed. This is useful when using self-signed
TLS certificates rather than certificates signed by an official CA.
When using self-signed certificates, or when the guest is migrated between
different hosts, the subject/altSubject of the TLS certificate the SPICE
server will provide will not necessarily match the hostname we are connecting to.
This option makes it possible to override the expected subject of the TLS certificate.
The subject must correspond to the ``Subject:'' line returned by:
This filter specifies which USB devices should be automatically redirected
when they are plugged in during the lifetime of a SPICE session.
A rule has the form of:
"class,vendor,product,version,allow"
-1 can be used instead of class, vendor, product or version in order to accept
any value. Several rules can be concatenated with '|':
"rule1|rule2|rule3"
This filter specifies which USB devices should be automatically redirected
when a SPICE connection to a remote display has been established.
This option is only useful for testing purpose. Instead of having a hardware
smartcard reader, and a physical smartcard, you can specify a file containing 3
certificates which will be used to emulate a smartcard in software. See
"http://www.spice-space.org/page/SmartcardUsage#Using_a_software_smartcard"
for more details about how to generate these certificates.
This option is only useful for testing purpose. This allows to specify which
certificates from the certificate database specified with --spice-smartcard-db
should be used for smartcard emulation.
This option should only be used for testing/debugging.
This option should only be used for testing/debugging.
OPTIONS
The following options are accepted when running a SPICE client which
makes use of the default Spice-GTK options:
BUGS
Report bugs to the mailing list "http://lists.freedesktop.org/mailman/listinfo/spice-devel"
COPYRIGHT
Copyright (C) 2011, 2014 Red Hat, Inc., and various contributors.
This is free software. You may redistribute copies of it under the terms of
the GNU Lesser General Public License
"https://www.gnu.org/licenses/old-licenses/lgpl-2.1.html".
There is NO WARRANTY, to the extent permitted by law.