-vnc display[,option[,option[,...]]]
Normally, if QEMU is compiled with graphical window support, it displays output such as guest graphics, guest console, and the QEMU monitor in a window. With this option, you can have QEMU listen on VNC display display and redirect the VGA display over the VNC session. It is very useful to enable the usb tablet device when using this option (option -device usb-tablet). When using the VNC display, you must use the -k parameter to set the keyboard layout if you are not using en-us. Valid syntax for the display is
to=L
With this option, QEMU will try next available VNC displays, until the number L, if the origianlly defined “-vnc display” is not available, e.g. port 5900+display is already used by another application. By default, to=0.
host:d
TCP connections will only be allowed from host on display d. By convention the TCP port is 5900+d. Optionally, host can be omitted in which case the server will accept connections from any host.
相信上面的选项比较熟悉
unix:path
Connections will be allowed over UNIX domain sockets where path is the location of a unix socket to listen for connections on.
none
VNC is initialized but not started. The monitor change command can be used to later start the VNC server.
Following the display value there may be one or more option flags separated by commas. Valid options are
reverse
Connect to a listening VNC client via a “reverse” connection. The client is specified by the display. For reverse network connections (host:d,reverse), the d argument is a TCP port number, not a display number.
websocket
Opens an additional TCP listening port dedicated to VNC Websocket connections. If a bare websocket option is given, the Websocket port is 5700+display. An alternative port can be specified with the syntax websocket=port.
If host is specified connections will only be allowed from this host. It is possible to control the websocket listen address independently, using the syntax websocket=host:port.
If no TLS credentials are provided, the websocket connection runs in unencrypted mode. If TLS credentials are provided, the websocket connection requires encrypted client connections.
password
Require that password based authentication is used for client connections.
The password must be set separately using the set_password command in the QEMU Monitor. The syntax to change your password is: set_password
If you would like to change
You can also use keywords “now” or “never” for the expiration time to allow
tls-creds=ID
Provides the ID of a set of TLS credentials to use to secure the VNC server. They will apply to both the normal VNC server socket and the websocket socket (if enabled). Setting TLS credentials will cause the VNC server socket to enable the VeNCrypt auth mechanism. The credentials should have been previously created using the -object tls-creds argument.
tls-authz=ID
Provides the ID of the QAuthZ authorization object against which the client’s x509 distinguished name will validated. This object is only resolved at time of use, so can be deleted and recreated on the fly while the VNC server is active. If missing, it will default to denying access.
sasl
Require that the client use SASL to authenticate with the VNC server. The exact choice of authentication method used is controlled from the system / user’s SASL configuration file for the ‘qemu’ service. This is typically found in /etc/sasl2/qemu.conf. If running QEMU as an unprivileged user, an environment variable SASL_CONF_PATH can be used to make it search alternate locations for the service config. While some SASL auth methods can also provide data encryption (eg GSSAPI), it is recommended that SASL always be combined with the ‘tls’ and ‘x509’ settings to enable use of SSL and server certificates. This ensures a data encryption preventing compromise of authentication credentials. See the VNC security section for details on using SASL authentication.
sasl-authz=ID
Provides the ID of the QAuthZ authorization object against which the client’s SASL username will validated. This object is only resolved at time of use, so can be deleted and recreated on the fly while the VNC server is active. If missing, it will default to denying access.
acl
Legacy method for enabling authorization of clients against the x509 distinguished name and SASL username. It results in the creation of two authz-list objects with IDs of vnc.username and vnc.x509dname. The rules for these objects must be configured with the HMP ACL commands.
This option is deprecated and should no longer be used. The new sasl-authz and tls-authz options are a replacement.
lossy
Enable lossy compression methods (gradient, JPEG, …). If this option is set, VNC client may receive lossy framebuffer updates depending on its encoding settings. Enabling this option can save a lot of bandwidth at the expense of quality.
non-adaptive
Disable adaptive encodings. Adaptive encodings are enabled by default. An adaptive encoding will try to detect frequently updated screen regions, and send updates in these regions using a lossy encoding (like JPEG). This can be really helpful to save bandwidth when playing videos. Disabling adaptive encodings restores the original static behavior of encodings like Tight.
share=[allow-exclusive|force-shared|ignore]
Set display sharing policy. ‘allow-exclusive’ allows clients to ask for exclusive access. As suggested by the rfb spec this is implemented by dropping other connections. Connecting multiple clients in parallel requires all clients asking for a shared session (vncviewer: -shared switch). This is the default. ‘force-shared’ disables exclusive client access. Useful for shared desktop sessions, where you don’t want someone forgetting specify -shared disconnect everybody else. ‘ignore’ completely ignores the shared flag and allows everybody connect unconditionally. Doesn’t conform to the rfb spec but is traditional QEMU behavior.
key-delay-ms
Set keyboard delay, for key down and key up events, in milliseconds. Default is 10. Keyboards are low-bandwidth devices, so this slowdown can help the device and guest to keep up and not lose events in case events are arriving in bulk. Possible causes for the latter are flaky network connections, or scripts for automated testing.
audiodev=audiodev
Use the specified audiodev when the VNC client requests audio transmission. When not using an -audiodev argument, this option must be omitted, otherwise is must be present and specify a valid audiodev.
参考:https://www.qemu.org/docs/master/system/invocation.html#hxtool-0