How to install KVM server on Debian 9/10 Headless Server

See all Linux Kernel Based Virtual Machine related FAQs/Howtos
Kernel-based Virtual Machine (KVM) is a virtualization module for the Linux kernel that turns it into a hypervisor. How can I install KVM with bridged networking, setup guest operating system as the back-end virtualization technology for non-graphic Debain Linux 9.x/10.x server?

You can use KVM to run multiple operating systems such as Windows, *BSD, Linux distribution using virtual machines. Each virtual machine has its private disk, graphics card, a network card and more.

Steps for install KVM server on Debian Linux 9.x/10.x server

  1. The host server located in the remote data center and it is a headless server.
  2. All commands in this tutorial typed over the ssh based session.
  3. You need a vnc client to install the guest operating system.
  4. In this tutorial, you will learn how to install KVM software on Debian Linux 9.x server and use KVM to setup your first guest VM.
Tutorial details
Difficulty level Intermediate
Root privileges Yes
Requirements Linux terminal
Category KVM Virtualization
OS compatibility Debian Mint Pop!_OS Ubuntu
Est. reading time 8 minutes

Follow installation steps of KVM on Debian Linux 9.x/10.x headless sever

Step 1: Install kvm

Type the following apt-get command/apt command:
$ sudo apt install qemu-kvm libvirt-clients libvirt-daemon-system bridge-utils libguestfs-tools genisoimage virtinst libosinfo-bin
How to install kvm server on Debian Linux 9

Allow normal user to manage virtual machine

If you want normal/regular user can manage virtual machines. Add user vivek to libvirt and libvirt-qemu using usermod command:
$ sudo adduser vivek libvirt
$ sudo adduser vivek libvirt-qemu

Reload Linux group membership with the help of newgrp command:
$ newgrp libvirt
$ newgrp libvirt-qemu

Verify your group membership with id command:
$ id
Please note that you need to use the following command to connect to KVM server:
$ virsh --connect qemu:///system
$ virsh --connect qemu:///system command
$ virsh --connect qemu:///system list --all

Step 2: Verify kvm installation on Debain

Run the following egrep command to verify that Intel VMX or AMD SVM supported on your CPU:
$ grep -E --color 'vmx|svm' /proc/cpuinfo
Sample outputs:

rf eagerfpu pni pclmulqdq dtes64 monitor ds_cpl vmx smx est tm2 ssse3 cx16 xtpr pdcm pcid sse4_1 sse4_2 x2apic popcnt tsc_deadline_timer aes xsave avx f16c rdrand lahf_lm epb kaiser tpr_shadow vnmi flexpriority ept vpid fsgsbase smep erms xsaveopt dtherm ida arat pln pts
flags		: fpu vme de pse tsc msr pae mce cx8 apic sep mtrr pge mca cmov pat pse36 clflush dts acpi mmx fxsr sse sse2 ss ht tm pbe syscall nx rdtscp lm constant_tsc arch_perfmon pebs bts rep_good nopl xtopology nonstop_tsc aperfmperf eagerfpu pni pclmulqdq dtes64 monitor ds_cpl vmx smx est tm2 ssse3 cx16 xtpr pdcm pcid sse4_1 sse4_2 x2apic popcnt tsc_deadline_timer aes xsave avx f16c rdrand lahf_lm epb kaiser tpr_shadow vnmi flexpriority ept vpid fsgsbase smep erms xsaveopt dtherm ida arat pln pts

Step 3: Configure bridged networking on Debian

I am going to create bridge Interface br0 as the network connection in VM guests configuration for eth0 interface:
$ sudo vi /etc/network/interfaces.d/br0
Append the following:

## make sure all config related to eth0 deleted ##
auto br0
iface br0 inet static
	address        ## set up/netmask/broadcast/gateway as per your setup
	bridge_ports eth0    # replace eth0 with your actual interface name
	bridge_stp off       # disable Spanning Tree Protocol
        bridge_waitport 0    # no delay before a port becomes available
        bridge_fd 0          # no forwarding delay

Restart the networking service on Linux:
$ sudo systemctl restart network-manager
To see current networking setting for KVM, run:
$ sudo virsh net-list --all
Sample outputs:

 Name                 State      Autostart     Persistent
 default              inactive   no            yes

You need to configure a KVM guest domain on a bridged network. So create a file named bridge.xml as follows a text editor such as vi command:
$ sudo vi /root/bridged.xml
Append the following config:

  <forward mode="bridge"/>
  <bridge name="br0"/>

Save and close the file in vi/vim.
$ sudo virsh net-define --file /root/bridged.xml
$ sudo virsh net-autostart br0
$ sudo virsh net-start br0

How to use an existing host bridge br0 on Debian Linux 9 for KVM

Step 4: Create your first virtual machine using an ISO image installer

I am going to create a CentOS 7.x VM. First, grab CentOS 7.x latest ISO image. First, change dir using the cd command:
$ cd /var/lib/libvirt/boot/
# Use wget command or curl command to download file
$ sudo wget

Create CentOS 7 VM

In this example, I’m creating CentOS 7.x VM with 2GB RAM, 2 CPU core, 1 nic and 40GB disk space, enter:
$ sudo virt-install \
--virt-type=kvm \
--name centos7 \
--ram 2048 \
--vcpus=2 \
--os-variant=rhel7 \
--virt-type=kvm \
--hvm \
--cdrom=/var/lib/libvirt/boot/CentOS-7-x86_64-DVD-1708.iso \
--network=bridge=br0,model=virtio \
--graphics vnc \
--disk path=/var/lib/libvirt/images/centos7.qcow2,size=40,bus=virtio,format=qcow2

To configure vnc login from another terminal over ssh and type:
$ sudo virsh dumpxml centos7 | grep vnc
<graphics type='vnc' port='5901' autoport='yes' listen=''>

You can also use the following command:
$ sudo virsh vncdisplay centos7
Please note down the port value (i.e. 5901). You need to use an SSH client to setup tunnel and a VNC client to access the remote vnc server. Type the following SSH port forwarding command from your client/desktop:
$ ssh -L 5901:
Once you have ssh tunnel established, you can point your VNC client at your own (localhost) address and port 5901 as follows:

Fig.0 : VNC client to complete CentOS 7.x installation

Fig.01 : VNC client to complete CentOS 7.x installation

You should see CentOS Linux 7 guest installation screen as follows:
Fig.02: CentOS 7.x installation on KVM based VM

Fig.02: CentOS 7.x installation on KVM based VM

Now just follow on screen instructions and install CentOS 7. Once installed, go ahead and click reboot button. The remote server closed the connection to our VNC client. You can reconnect via KVM client to configure the rest of the server including SSH based session or firewall.

Step 5 – Use virt-builder to create VM

Above method (virt-install) works nicely but if you need quickly building new virtual machines, try virt-builder.

How to list the virtual machines available

$ virt-builder --list | more
You can use the grep command to filter out only x86_64 arch based VMs:
$ virt-builder --list | grep x86_64
Sample outputs:

opensuse-13.1            x86_64     openSUSE 13.1
opensuse-13.2            x86_64     openSUSE 13.2
opensuse-42.1            x86_64     openSUSE Leap 42.1
opensuse-tumbleweed      x86_64     openSUSE Tumbleweed
centos-6                 x86_64     CentOS 6.6
centos-7.0               x86_64     CentOS 7.0
centos-7.1               x86_64     CentOS 7.1
centos-7.2               x86_64     CentOS 7.2
centos-7.3               x86_64     CentOS 7.3
centos-7.4               x86_64     CentOS 7.4
cirros-0.3.1             x86_64     CirrOS 0.3.1
cirros-0.3.5             x86_64     CirrOS 0.3.5
debian-6                 x86_64     Debian 6 (Squeeze)
debian-7                 x86_64     Debian 7 (wheezy)
debian-8                 x86_64     Debian 8 (jessie)
debian-9                 x86_64     Debian 9 (stretch)
fedora-18                x86_64     Fedora® 18
fedora-19                x86_64     Fedora® 19
fedora-20                x86_64     Fedora® 20
fedora-21                x86_64     Fedora® 21 Server
fedora-22                x86_64     Fedora® 22 Server
fedora-23                x86_64     Fedora® 23 Server
fedora-24                x86_64     Fedora® 24 Server
fedora-25                x86_64     Fedora® 25 Server
fedora-26                x86_64     Fedora® 26 Server
fedora-27                x86_64     Fedora® 27 Server
freebsd-11.1             x86_64     FreeBSD 11.1
scientificlinux-6        x86_64     Scientific Linux 6.5
ubuntu-10.04             x86_64     Ubuntu 10.04 (Lucid)
ubuntu-12.04             x86_64     Ubuntu 12.04 (Precise)
ubuntu-14.04             x86_64     Ubuntu 14.04 (Trusty)
ubuntu-16.04             x86_64     Ubuntu 16.04 (Xenial)

To see additional notes for any os run:
$ virt-builder --notes ubuntu-16.04
$ virt-builder --notes debian-9

Sample outputs:

Debian 9 (stretch)
This is a minimal Debian install.
This image does not contain SSH host keys.  To regenerate them use:
    --firstboot-command "dpkg-reconfigure openssh-server"
This template was generated by a script in the libguestfs source tree:
Associated files used to prepare this template can be found in the
same directory.

Create Debian 9.x VM

Create Debian 9 VM with 10GB disk space, 2GB ram, 2 vCPU and random password for root account, run:
$ sudo virt-builder debian-9 \
--size=10G \
--format qcow2 -o /var/lib/libvirt/images/debian9-vm1.qcow2 \
--hostname debain9-vm1 \
--network \
--timezone Asia/Kolkata

KVM install Debian 9 VM using virt-builder
Finally import image with virt-install command:
$ sudo virt-install --import --name debian9-vm1 \
--ram 2048 \
--vcpu 2 \
--disk path=/var/lib/libvirt/images/debian9-vm1.qcow2,format=qcow2 \
--os-variant debian9 \
--network=bridge=br0,model=virtio \

Sample outputs:

Starting install...
Creating domain...  
Domain creation completed.

You can login to your VM using x0E4iZ8sHjA6ekb6 password for root account:
$ sudo virsh list --all
$ virsh console debian9-vm1

Debian 9 VM up and running
You must disable root account for ssh session and create ssh keys for your VM. Login as above:
# dpkg-reconfigure openssh-server
# useradd -r -m -d /home/vivek -s /bin/bash vivek
# passwd vivek
# systemctl enable ssh
# Disable root user login when using ssh #
# echo 'PermitRootLogin no' >> /etc/ssh/sshd_config
# systemctl restart ssh
# ip a s

Verify that you can login using an IP address for vivek user and use ‘su -‘ to become a root user:
$ ssh vivek@
$ su -

Useful commands

Let us see some useful commands.

Find the list of the accepted OS variants

Run the osinfo-query command:
$ osinfo-query os | less
$ osinfo-query os | grep debian
$ osinfo-query os | grep freebsd

List a running vms/domains

$ sudo virsh list

Shutodwn a vm/domain called debian9-vm1

$ sudo virsh shutdown debian9-vm1

Start a vm/domain called debian9-vm1

$ sudo virsh start debian9-vm1

Suspend a vm/domain called debian9-vm1

$ sudo virsh suspend debian9-vm1

Reboot (soft & safe reboot) a vm/domain called debian9-vm1

$ sudo virsh reboot debian9-vm1

Reset (hard reset/not safe) a vm/domain called debian9-vm1

$ sudo virsh reset debian9-vm1

Delete/remove a vm/domain called debian9-vm1

$ sudo virsh undefine debian9-vm1
$ sudo virsh destroy debian9-vm1

To see a complete list of virsh command type the help command as follows:
$ virsh help | less
$ virsh help | grep reboot

🥺 Was this helpful? Please add a comment to show your appreciation or feedback.

nixCrat Tux Pixel Penguin
Hi! 🤠
I'm Vivek Gite, and I write about Linux, macOS, Unix, IT, programming, infosec, and open source. Subscribe to my RSS feed or email newsletter for updates.

4 comments… add one
  • xtian Apr 22, 2021 @ 0:20

    “You need to configure a KVM guest domain on a bridged network. So create a file named bridge.xml as follows a text editor such as NA command:
    $ sudo vi /root/bridged.xml”

    If we add a normal user to the virtual machine, why are we configuring this for root? (I dunno why im asking)

  • ebelair Jan 30, 2023 @ 17:58

    How to setup vm network on a dedicated server with only one public ip address ?

  • Anonymous Jun 23, 2023 @ 17:17

    Thank you so much for this post Vivek. I’ve been trying to setup a Debian 11 KVM host networking for awhile and couldn’t find an quick and straightforward answer, it helped me a lot. God job.

  • Harri Sep 16, 2023 @ 11:34

    Nice guideline to get kvm up and running. Is there a part 2, describing pools and volumes and snapshots?

Leave a Reply

Your email address will not be published. Required fields are marked *

Use HTML <pre>...</pre> for code samples. Your comment will appear only after approval by the site admin.