How to create and start VirtualBox VM without GUI


Suppose you want to create and run virtual machines (VMs) on VirtualBox. However, a host machine does not support X11 environment, or you only have access to a terminal on a remote host machine. Then how can you create and run VMs on such a host machine without VirtualBox GUI? This can be a common situation for servers where VMs are managed from remotely.

In fact, VirtualBox comes with a suite of command line utilities, and you can use the VirtualBox command line interfaces (CLIs) to manage VMs on a remote headless server. In this tutorial, I will show you how to create and start a VM without VirtualBox GUI.

Prerequisite for starting VirtualBox VM without GUI

First, you need to install VirtualBox Extension Pack. The Extension Pack is needed to run a VRDE remote desktop server used to access headless VMs. Its binary is available for free. To download and install VirtualBox Extension Pack:

$ wget
$ sudo VBoxManage extpack install ./Oracle_VM_VirtualBox_Extension_Pack-4.2.12-84980.vbox-extpack
Verify that the Extension Pack is successfully installed, by using the following command.

$ VBoxManage list extpacks
Extension Packs: 1
Pack no. 0: Oracle VM VirtualBox Extension Pack
Version: 4.2.12
Revision: 84980
Description: USB 2.0 Host Controller, VirtualBox RDP, PXE ROM with E1000 support.
Usable: true
Why unusable:
Create a VirtualBox VM from the command line

I assume that the VirtualBox' VM directory is located in "~/VirtualBox\ VMs".

First create a VM. The name of the VM is "testvm" in this example.

$ VBoxManage createvm --name "testvm" --register
Specify the hardware configurations of the VM (e.g., Ubuntu OS type, 1024MB memory, bridged networking, DVD booting).

$ VBoxManage modifyvm "testvm" --memory 1024 --acpi on --boot1 dvd --nic1 bridged --bridgeadapter1 eth0 --ostype Ubuntu
Create a disk image (with size of 10000 MB). Optionally, you can specify disk image format by using "--format [VDI|VMDK|VHD]" option. Without this option, VDI image format will be used by default.

$ VBoxManage createvdi --filename ~/VirtualBox\ VMs/testvm/testvm-disk01.vdi --size 10000
Add an IDE controller to the VM.

$ VBoxManage storagectl "testvm" --name "IDE Controller" --add ide
Attach the previously created disk image as well as CD/DVD drive to the IDE controller. Ubuntu installation ISO image (found in /iso/ubuntu-12.04.1-server-i386.iso) is then inserted to the CD/DVD drive.

$ VBoxManage storageattach "testvm" --storagectl "IDE Controller" --port 0 --device 0 --type hdd --medium ~/VirtualBox\ VMs/testvm/testvm-disk01.vdi
$ VBoxManage storageattach "testvm" --storagectl "IDE Controller" --port 1 --device 0 --type dvddrive --medium /iso/ubuntu-12.04.1-server-i386.iso
OR Detach ISO:
$ VBoxManage storageattach "testvm" --storagectl "IDE Controller" --port 1 --device 0 --type dvddrive --medium none
Start VirtualBox VM from the command line

Once a new VM is created, you can start the VM headless (i.e., without VirtualBox console GUI) as follows.

$ VBoxHeadless --startvm "testvm" &
The above command will launch the VM, as well as VRDE remote desktop server. The remote desktop server is needed to access the headless VM's console.

By default, the VRDE server is listening on TCP port 3389. If you want to change the default port number, use "-e" option as follows.

$ VBoxHeadless --startvm "testvm" -e "TCP/Ports=4444" &
If you don't need remote desktop support, launch a VM with "--vrde off" option.

$ VBoxHeadless --startvm "testvm" --vrde off &
Connect to headless VirtualBox VM via remote desktop

Once a VM is launched with remote desktop support, you can access the VM's console via any remote desktop client (e.g., rdesktop).

To install rdesktop on Ubuntu or Debian:

$ sudo apt-get install rdesktop
To install rdesktop on CentOS, RHEL or Fedora, configure Repoforge on your system, and then run the following.

$ sudo yum install rdesktop
To access a headless VM on a remote host machine, run the following.

$ rdesktop -a 16 IP_address_host_machine
If you use a custom port number for a remote desktop server, run the following instead.

$ rdesktop -a 16 IP_address_host_machine:port_number

Create Own CA


Create your private certificate authority (CA)
Creating a private CA can be useful if you have a lot of services encrypting data for internal use but don’t need the domain to be verified by a public CA like Verisign, Thawte etc. By importing the CA to all computers that will use these services users won’t get the a popup in IE and Firefox saying that the certificate is invalid.

1. Create a CA certificate

Create a private key for your CA:

openssl genrsa -des3 -out ca.key 4096

You will need to enter passphrase, this password will be used everytime you sign a certificate with this CA

Make sure unauthorized users don’t get access to your private key:

chmod 700 ca.key

Create the certificate, this will be shown as the top level certificate when you have signed other certificates so choose expiration day and the certificate contents carefully. All signed certificates will expirate if the top level certificate expires so you may want to choose a few years here

openssl req -new -x509 -days 3650 -key ca.key -out ca.crt

Here is a sample of input values:

Enter pass phrase for ca.key:
You are about to be asked to enter information that will be incorporated
into your certificate request.
What you are about to enter is what is called a Distinguished Name or a DN.
There are quite a few fields but you can leave some blank
For some fields there will be a default value,
If you enter '.', the field will be left blank.
Country Name (2 letter code) [AU]:US
State or Province Name (full name) [Some-State]:
Locality Name (eg, city) []:
Organization Name (eg, company) [Internet Widgits Pty Ltd]:Debian Tutorials
Organizational Unit Name (eg, section) []:
Common Name (eg, YOUR name) []:Debian Tutorials CA
Email Address []:

Common name will be shown when users are displaying details about the certificate

2. Create a certificate request

Create a private key:

openssl genrsa -des3 -out 4096

Replace by your domain name

Create the certificate request

openssl req -new -key -out

Make sure you put your domain name in the “Common Name” field

3. Sign the certificate with your CA certificate

You will need to provide the certificate request here and the CA key

openssl x509 -req -days 365 -in -CA ca.crt -CAkey ca.key -set_serial 01 -out

4. Remove password from key (optional)

If using the certificate with Apache, Postfix or other services you may need to replace the password in your private key so that the service can start without user interaction

openssl rsa -in -out

Set permissions on the keys

chmod 700
chmod 700