1SPICE-CLIENT(1)             Spice-GTK Documentation            SPICE-CLIENT(1)
2
3
4

NAME

6       Spice-GTK - a client-side library to access remote SPICE displays
7

DESCRIPTION

9       Spice-GTK is a library allowing access to remote displays over the
10       SPICE protocol. At the moment It's mainly used to access remote virtual
11       machines.
12
13       The Spice-GTK library provides a set of command line options which can
14       be used to tweak some SPICE-specific option.
15

URI

17       The most basic SPICE URI which can be used is in the form
18         spice://hostname.example.com:5900
19
20       This will try to initiate a SPICE connection to hostname.example.com to
21       port 5900. This connection will be unencrypted. This URI is equivalent
22       to
23         spice://hostname.example.com?port=5900
24
25       In order to start a TLS connection, one would use
26         spice://hostname.example.com?tls-port=5900
27
28       Other valid URI parameters are 'username' and 'password'. Be careful
29       that passing a password through a SPICE URI might cause the password to
30       be visible by any local user through 'ps'.
31
32       Several parameters can be specified at once if they are separated by &
33       or ;
34         spice://hostname.example.com?port=5900;tls-port=5901
35
36       When using 'tls-port', it's recommended to not specify any non-TLS
37       port.  If you give both 'port' and 'tls-port', make sure you use the
38       --spice-secure-channels options to indicate which channels must be
39       secure.  Otherwise, Spice-GTK first attempts a connection to the non-
40       TLS port, and then try to use the TLS port. This means a man-in-the-
41       middle could force the whole SPICE session to go in clear text
42       regardless of the TLS settings of the SPICE server.
43

OPTIONS

45       The following options are accepted when running a SPICE client which
46       makes use of the default Spice-GTK options:
47
48       --spice-secure-channels=<main,display,inputs,...,all>
49           Force the specified channels to be secured
50
51           This instructs the SPICE client that it must use a TLS connection
52           for these channels. If the server only offers non-TLS connections
53           for these channels, the client will not use these. If the special
54           value "all" is used, this indicates that all SPICE channels must be
55           encrypted.
56
57           The current SPICE channels are: main, display, inputs, cursor,
58           playback, record, smartcard, usbredir.
59
60       --spice-disable-effects=<wallpaper,font-smooth,animation,all>
61           Disable guest display effects
62
63           This tells the SPICE client that it should attempt to disable some
64           guest features in order to lower bandwidth usage. This requires
65           guest support, usually through a SPICE agent. This is currently
66           only supported on Windows guests.
67
68           "wallpaper" will disable the guest wallpaper, "font-smooth" will
69           disable font antialiasing, "animation" will try to disable some of
70           the desktop environment animations. "all" will attempt to disable
71           everything which can be disabled.
72
73       --spice-color-depth=<16,32>
74           Guest display color depth
75
76           This tells the SPICE client that it should attempt to force the
77           guest OS color depth. A lower color depth should lower bandwith
78           usage. This requires guest support, usually through a SPICE agent.
79           This is currently only supported on Windows guests.
80
81       --spice-ca-file=<file>
82           Truststore file for secure connections
83
84           This option is used to specify a .crt file containing the CA
85           certificate with which the SPICE server TLS certificates are
86           signed. This is useful when using self-signed TLS certificates
87           rather than certificates signed by an official CA.
88
89       --spice-host-subject=<host-subject>
90           Subject of the host certificate (field=value pairs separated by
91           commas)
92
93           When using self-signed certificates, or when the guest is migrated
94           between different hosts, the subject/altSubject of the TLS
95           certificate the SPICE server will provide will not necessarily
96           match the hostname we are connecting to.  This option makes it
97           possible to override the expected subject of the TLS certificate.
98
99           The subject must correspond to the "Subject:" line returned by:
100             openssl x509 -noout -text -in server-cert.pem
101
102       --spice-debug
103           Enable Spice-GTK debugging. This can also be toggled on with the
104           SPICE_DEBUG environment variable, or using G_MESSAGES_DEBUG=all
105
106       --spice-disable-audio
107           Disable audio support
108
109       --spice-disable-usbredir
110           Disable USB redirection support
111
112       --spice-usbredir-auto-redirect-filter=<filter-string>
113           Filter selecting USB devices to be auto-redirected when plugged in
114
115           This filter specifies which USB devices should be automatically
116           redirected when they are plugged in during the lifetime of a SPICE
117           session.
118
119           A rule has the form of: "class,vendor,product,version,allow"
120
121           -1 can be used instead of class, vendor, product or version in
122           order to accept any value. Several rules can be concatenated with
123           '|': "rule1|rule2|rule3"
124
125       --spice-usbredir-redirect-on-connect=<filter-string>
126           Filter selecting USB devices to redirect on connect
127
128           This filter specifies which USB devices should be automatically
129           redirected when a SPICE connection to a remote display has been
130           established.
131
132       --spice-gtk-version
133           Display Spice-GTK version information
134
135       --spice-smartcard
136           Enable smartcard support
137
138       --spice-smartcard-db=<certificate-db>
139           Path to the local certificate database to use for software
140           smartcard certificates
141
142           This option is only useful for testing purpose. Instead of having a
143           hardware smartcard reader, and a physical smartcard, you can
144           specify a file containing 3 certificates which will be used to
145           emulate a smartcard in software. See
146           "http://www.spice-space.org/page/SmartcardUsage#Using_a_software_smartcard"
147           for more details about how to generate these certificates.
148
149       --spice-smartcard-certificates=<certificates>
150           Certificates to use for software smartcards (field=values separated
151           by commas)
152
153           This option is only useful for testing purpose. This allows to
154           specify which certificates from the certificate database specified
155           with --spice-smartcard-db should be used for smartcard emulation.
156
157       --spice-cache-size=<bytes>
158           Image cache size
159
160           This option should only be used for testing/debugging.
161
162       --spice-glz-window-size=<bytes>
163           Glz compression history size
164
165           This option should only be used for testing/debugging.
166

BUGS

168       Report bugs to the mailing list
169       "http://lists.freedesktop.org/mailman/listinfo/spice-devel"
170

172       Copyright (C) 2011, 2014 Red Hat, Inc., and various contributors.  This
173       is free software. You may redistribute copies of it under the terms of
174       the GNU Lesser General Public License
175       "https://www.gnu.org/licenses/old-licenses/lgpl-2.1.html".  There is NO
176       WARRANTY, to the extent permitted by law.
177

SEE ALSO

179       "virt-viewer(1)", the project website "http://spice-space.org"
180
181
182
183perl v5.18.4                      2014-09-23                   SPICE-CLIENT(1)
Impressum