Open exarkun opened 5 years ago
Sorry to say that I have yet to use NixOps, but some silly ideas to check/verify:
networking.firewall.allowedTCPPorts = [ 22 ];
services.ssh.enable = true;
or services.openssh.enable = true;
, whichever applies.I'm not saying any of these actions should be necessary, but for debugging purposes they're of interest.
Is there a firewall of any kind in the VM?
I don't know if there is. I can't access it. :) I don't know where the definition of the VirtualBox image is.
Is the SSH service running?
Also don't know .
At the same time that NixOps is trying to SSH to the VM, see if you can ping the VM on the IP that is presented.
The IP address is apparently a black hole. Pings are not returned.
Is the VM deleted? If not, you should be able to open up VirtualBox, start the VM in non-headless mode, and access it through the regular terminal (unless there's something different with these VMs).
I can start it in non-headless but I don't know the login details.
You seem so uninterested in trying to figure it out, so I'll refrain from trying to come up with ideas. Good luck.
I have this issue as well. As far as I can tell, nixops is creating the VM, so all the answers to the questions above should be with the people who work on nixops.
if you wait ~30mn, does it work ? I have a similar issue https://github.com/NixOS/nixops/issues/1199 so it might not be virtualbox specific.
Disappointing to see that this still seems to be an issue.
I am runing Virtualbox 6.1.30 on MacOS Monterey (12.4) Intel.
I have a nixos docker image being used as a remote builder.
The virtualbox image gets created fine, but I can't log in to it. Ssh is running (confirmed with nmap -Pn -p 22
), The keys get generated, but even when I copy it the key to the mac fs, I still cant log in.
I notice that inside of /nix/store/clysdxwghn0yi9r7yignhjh299xlpsa9-nixops-1.7/share/nix/nixops/virtualbox-image-nixops.nix
There is no mention of services.openssh.permitRootLogin = "yes"
, perhaps this is the issue?
I tried nixops v2, but I couldn't even get it to build. :(
@sbrow What command do you use when trying to SSH to the VM? What does that command along with -vvv
output? It would be interesting to see what ssh thinks and whether it even tries to use the keys.
@rawtaz Note: I only included -F none
here to hide my config files from this output.
$ ssh -F none -vvv -i ~/.ssh/nixops_rsa root@169.254.68.233 spencer@ai-geneator
OpenSSH_8.6p1, LibreSSL 3.3.6
debug2: resolve_canonicalize: hostname 169.254.68.233 is address
debug3: expanded UserKnownHostsFile '~/.ssh/known_hosts' -> '/Users/spencer/.ssh/known_hosts'
debug3: expanded UserKnownHostsFile '~/.ssh/known_hosts2' -> '/Users/spencer/.ssh/known_hosts2'
debug1: Authenticator provider $SSH_SK_PROVIDER did not resolve; disabling
debug3: ssh_connect_direct: entering
debug1: Connecting to 169.254.68.233 [169.254.68.233] port 22.
debug3: set_sock_tos: set socket 3 IP_TOS 0x48
debug1: connect to address 169.254.68.233 port 22: Operation timed out
ssh: connect to host 169.254.68.233 port 22: Operation timed out
and the nmap:
nmap -p 22 -Pn 169.254.68.233 spencer@ai-geneator
Starting Nmap 7.92 ( https://nmap.org ) at 2022-06-28 11:49 EDT
Nmap scan report for 169.254.68.233
Host is up.
PORT STATE SERVICE
22/tcp filtered ssh
Nmap done: 1 IP address (1 host up) scanned in 2.16 seconds
I got ~/.ssh/nixops_rsa
from mounting the disk1.vdi
to another VM and copying the file /etc/ssh/ssh_host_ed25519_key
I am running a Pi-hole on my network as DNS and DHCP, but I don't think that's causing my issue.
Leaving this here for anyone that has the same problems.
Minimal nix config:
let
hostname = "127.0.0.1";
in
{
network.description = "Virtualbox machine";
sample =
{ config, pkgs, ... }:
{
deployment.targetEnv = "virtualbox";
deployment.virtualbox = {
headless = true;
vcpu = 1;
memorySize = 2048;
vmFlags = [
"--natpf1" "ssh,tcp,${hostname},3322,,22"
];
};
deployment.targetPort = 3322;
# deployment.targetHost = hostname;
services.openssh.enable = true;
services.openssh.permitRootLogin = "yes";
};
}
And in your ~/.ssh/config
:
Host 169.254.72.5 # Replace with the IP output from 'nixops deploy'
User root
HostName 127.0.0.1
Port 3322
Given:
This behavior results: