I did some more research, and learned a few things.
For the benefit of others who may not know:

Question: I don't have much experience with ssh port forwarding. If I already have the SOCKS proxy working, how, exactly, would I accomplish step #2?
With the 8080 socks proxy working, I've now tried to run this command: ssh -L 5902:127.0.0.1:5901 username@ovirt-host-ip
And in this case, I'm "assuming" that 5902 is going to listen on my local computer, and that I need to edit the vv file to connect to 127.0.0.1, port 5902.
That's not working.

Answer: A SOCKS5 proxy does not forward all network traffic.
It's a "layer 5" proxy (hence the name, SOCKS5). It is not an application proxy.
This is a good primer: https://securityintelligence.com/posts/socks-proxy-primer-what-is-socks5-and-why-should-you-use-it/

The following tidbit from the above URL made it clear to me:
Since SOCKS sits at layer 5, between SSL (layer 7) and TCP/UDP (layer 4), it can handle several request types, including HTTP, HTTPS, POP3, SMTP and FTP. As a result, SOCKS can be used for email, web browsing, peer-to-peer sharing, file transfers and more. Other proxies built for specific protocols at layer 7, such as an HTTP proxy that is used to interpret and forward HTTP or HTTPS traffic between client and server, are often referred to as application proxies.

My solution: 
I wound up getting sshuttle, and that is working perfectly for my needs.
Here's a primer on that: https://www.techrepublic.com/article/how-to-use-ssh-as-a-vpn-with-sshuttle/

After I installed sshuttle on my local machine, this is how I'm establishing a connection to the datacenter:
sudo sshuttle -e "ssh -i /home/user/.ssh/id_rsa" -r user@1.2.3.4 -x 1.2.3.4 0.0.0.0/0

Note that "1.2.3.4" is my remote IP address in the above example.
Also note that I've had to enter in the remote IP address twice (once when passing it in using the -x argument)


Sent with ProtonMail Secure Email.

‐‐‐‐‐‐‐ Original Message ‐‐‐‐‐‐‐
On Saturday, April 17, 2021 5:01 AM, David White via Users <users@ovirt.org> wrote:

I'm running into the issue described in this thread: https://lists.ovirt.org/archives/list/users@ovirt.org/message/KT3B6N3UZ3DS3J6FV6OKQAXPNPTLZPOB/

In short, I have ssh to the datacenter. I can ssh to a public IP address with the "-D 8080" option to forward local port 8080 act as a SOCKS proxy.
I then edit my local computer's proxy settings and set the SOCKS host to 8080. So this is a system-wide change. I'm not setting the SOCKS proxy in the browser preferences.
After I do all that, I'm able to use my browser to get to the engine web UI, and I'm able to login.

However, the console for each VM isn't working.

In the thread I linked to above, Alan says to do this:

2. SSH to the hypervisor tunneling a local port to that remote console port.
3. Click on the console link in the Engine and locally save the vv file.
4. Edit the vv file; change host to localhost and port to whichever port you configured for the local side of the tunnel.

Question: I'm confused why I need to tunnel a local port to the remote console port, if I'm already tunneling port 8080 to the host.

Question: I don't have much experience with ssh port forwarding. If I already have the SOCKS proxy working, how, exactly, would I accomplish step #2?
With the 8080 socks proxy working, I've now tried to run this command: ssh -L 5902:127.0.0.1:5901 username@ovirt-host-ip
And in this case, I'm "assuming" that 5902 is going to listen on my local computer, and that I need to edit the vv file to connect to 127.0.0.1, port 5902.
That's not working.

Maybe I don't understand how SOCKS proxies work, but I was hoping / under the impression that all of my network traffic would go through the ssh tunnel on port 8080, and that vnc would work at that point.




Sent with ProtonMail Secure Email.