I’m trying to get port forwarding to work (for SSH) between a host and a guest using passt via the userspace connection. But the host’s ssh client can’t connect to the guest’s ssh server. The guest OS is Windows 11 running as a virtual machine using QEMU-Virtual Machine Manager. The host OS is running Manjaro (25.0.10, 6.12.48-1).
Below is the relevant libvirt XML of the NIC device:
<interface type="user">
<mac address="##:##:##:##:##:##"/>
<portForward proto="tcp">
<range start="8022" to="22"/>
</portForward>
<model type="virtio"/>
<backend type="passt"/>
<alias name="net0"/>
<address type="pci" domain="0x0000" bus="0x01" slot="0x00" function="0x0"/>
</interface>
I manually added the passt backend and portForward elements using virsh edit domain.
I can see that libvirt / Virtual Machine Manager is initiating passt when the Windows guest is booted. See https://libvirt.org/formatdomain.html#userspace-connection-using-passt
For example:
ps -ef | grep passt
<user> 432277 1 0 09:22 ? 00:00:00 passt --one-off --socket /run/user/1000/libvirt/qemu/run/passt/10-win11-net0.socket --pid /run/user/1000/libvirt/qemu/run/passt/10-win11-net0-passt.pid --tcp-ports 8022:22
The SSH server is running on the guest (I’ve confirmed this by connecting locally on the guest); the Windows firewall sshd rule is configured to allow in-bound traffic; the host’s firewall is configured to allow traffic on the local 8022 port.
On the host-side, I can successfully connect to port 8022, but nothing is getting to the guest via ssh:
nc -v 127.0.0.1 8022
Connection to 127.0.0.1 8022 port [tcp/oa-system] succeeded!
ssh -p 8022 127.0.0.1
kex_exchange_identification: read: Connection reset by peer
Connection reset by 127.0.0.1 port 8022
I also don’t see any logs related to the host connection attempts in Windows Event Viewer.
Thanks for any help.
