1SPICE-CLIENT(1) Spice-GTK Documentation SPICE-CLIENT(1)
2
3
4
6 Spice-GTK - a client-side library to access remote SPICE displays
7
9 Spice-GTK is a library allowing access to remote displays over the
10 SPICE protocol. At the moment It's mainly used to access remote virtual
11 machines.
12
13 The Spice-GTK library provides a set of command line options which can
14 be used to tweak some SPICE-specific option.
15
17 To initiate a plain SPICE connection (the connection will be
18 unencrypted) to hostname.example.com and port 5900, use the following
19 URI:
20
21 spice://hostname.example.com:5900
22
23 In order to start a TLS connection, one would use:
24
25 spice+tls://hostname.example.com:5900
26
27 Note: 'spice+tls' is available since v0.35, you have to use the
28 spice:// query string with the 'tls-port' parameter before that.
29
31 spice URI accepts query string. Several parameters can be specified at
32 once if they are separated by & or ;
33
34 spice://hostname.example.com?port=5900;tls-port=5901
35
36 When using 'tls-port', it's recommended to not specify any non-TLS
37 port. If you give both 'port' and 'tls-port', make sure you use the
38 --spice-secure-channels options to indicate which channels must be
39 secure. Otherwise, Spice-GTK first attempts a connection to the non-
40 TLS port, and then try to use the TLS port. This means a man-in-the-
41 middle could force the whole SPICE session to go in clear text
42 regardless of the TLS settings of the SPICE server.
43
44 Other valid URI parameters are 'username' and 'password'. Be careful
45 that passing a password through a SPICE URI might cause the password to
46 be visible by any local user through 'ps'.
47
49 The following options are accepted when running a SPICE client which
50 makes use of the default Spice-GTK options:
51
52 --spice-secure-channels=<main,display,inputs,...,all>
53 Force the specified channels to be secured
54
55 This instructs the SPICE client that it must use a TLS connection
56 for these channels. If the server only offers non-TLS connections
57 for these channels, the client will not use these. If the special
58 value "all" is used, this indicates that all SPICE channels must be
59 encrypted.
60
61 The current SPICE channels are: main, display, inputs, cursor,
62 playback, record, smartcard, usbredir.
63
64 --spice-disable-effects=<wallpaper,font-smooth,animation,all>
65 Disable guest display effects
66
67 This tells the SPICE client that it should attempt to disable some
68 guest features in order to lower bandwidth usage. This requires
69 guest support, usually through a SPICE agent. This is currently
70 only supported on Windows guests.
71
72 "wallpaper" will disable the guest wallpaper, "font-smooth" will
73 disable font antialiasing, "animation" will try to disable some of
74 the desktop environment animations. "all" will attempt to disable
75 everything which can be disabled.
76
77 --spice-color-depth=<16,32>
78 Guest display color depth - DEPRECATED
79
80 This tells the SPICE client that it should attempt to force the
81 guest OS color depth. A lower color depth should lower bandwith
82 usage. This requires guest support, usually through a SPICE agent.
83 This is currently only supported on Windows 7 and older guests.
84
85 --spice-ca-file=<file>
86 Truststore file for secure connections
87
88 This option is used to specify a .crt file containing the CA
89 certificate with which the SPICE server TLS certificates are
90 signed. This is useful when using self-signed TLS certificates
91 rather than certificates signed by an official CA.
92
93 --spice-host-subject=<host-subject>
94 Subject of the host certificate (field=value pairs separated by
95 commas)
96
97 When using self-signed certificates, or when the guest is migrated
98 between different hosts, the subject/altSubject of the TLS
99 certificate the SPICE server will provide will not necessarily
100 match the hostname we are connecting to. This option makes it
101 possible to override the expected subject of the TLS certificate.
102
103 The subject must correspond to the "Subject:" line returned by:
104 openssl x509 -noout -text -in server-cert.pem
105
106 --spice-debug
107 Enable Spice-GTK debugging. This can also be toggled on with the
108 SPICE_DEBUG environment variable, or using G_MESSAGES_DEBUG=all
109
110 --spice-disable-audio
111 Disable audio support
112
113 --spice-disable-usbredir
114 Disable USB redirection support
115
116 --spice-usbredir-auto-redirect-filter=<filter-string>
117 Filter selecting USB devices to be auto-redirected when plugged in
118
119 This filter specifies which USB devices should be automatically
120 redirected when they are plugged in during the lifetime of a SPICE
121 session.
122
123 A rule has the form of: "class,vendor,product,version,allow"
124
125 -1 can be used instead of class, vendor, product or version in
126 order to accept any value. Several rules can be concatenated with
127 '|': "rule1|rule2|rule3"
128
129 --spice-usbredir-redirect-on-connect=<filter-string>
130 Filter selecting USB devices to redirect on connect
131
132 This filter specifies which USB devices should be automatically
133 redirected when a SPICE connection to a remote display has been
134 established.
135
136 --spice-gtk-version
137 Display Spice-GTK version information
138
139 --spice-smartcard
140 Enable smartcard support
141
142 --spice-smartcard-db=<certificate-db>
143 Path to the local certificate database to use for software
144 smartcard certificates
145
146 This option is only useful for testing purpose. Instead of having a
147 hardware smartcard reader, and a physical smartcard, you can
148 specify a file containing 3 certificates which will be used to
149 emulate a smartcard in software. See
150 "http://www.spice-space.org/page/SmartcardUsage#Using_a_software_smartcard"
151 for more details about how to generate these certificates.
152
153 --spice-smartcard-certificates=<certificates>
154 Certificates to use for software smartcards (field=values separated
155 by commas)
156
157 This option is only useful for testing purpose. This allows to
158 specify which certificates from the certificate database specified
159 with --spice-smartcard-db should be used for smartcard emulation.
160
161 --spice-cache-size=<bytes>
162 Image cache size - DEPRECATED
163
164 This option should only be used for testing/debugging.
165
166 --spice-glz-window-size=<bytes>
167 Glz compression history size - DEPRECATED
168
169 This option should only be used for testing/debugging.
170
172 Report bugs to the mailing list
173 "http://lists.freedesktop.org/mailman/listinfo/spice-devel"
174
176 Copyright (C) 2011, 2014 Red Hat, Inc., and various contributors. This
177 is free software. You may redistribute copies of it under the terms of
178 the GNU Lesser General Public License
179 "https://www.gnu.org/licenses/old-licenses/lgpl-2.1.html". There is NO
180 WARRANTY, to the extent permitted by law.
181
183 "virt-viewer(1)", the project website "http://spice-space.org"
184
185
186
187perl v5.30.0 2019-10-04 SPICE-CLIENT(1)