SSH handshake err: ssh: handshake failed: EOF macOS VM 10.9 and 10.10

startergo commented 6 months ago

Got one of the following errors ? See if the related guides can help.

Waiting for WinRM to become available ?
- See our basic WinRm Packer guide: https://www.packer.io/guides/automatic-operating-system-installs/autounattend_windows
Waiting for SSH to become available ?
- See our basic SSH Packer guide: https://www.packer.io/guides/automatic-operating-system-installs/preseed_ubuntu

Issues on GitHub are intended to be related to bugs or feature requests, so we recommend using our other community resources instead of asking here if you have a question.

Packer Guides: https://www.packer.io/guides
Discussion List: https://groups.google.com/group/packer-tool
Any other questions can be sent to the packer section of the HashiCorp forum: https://discuss.hashicorp.com/c/packer
Packer community links: https://www.packer.io/community

This is what the server inside the machine supports:

PORT   STATE SERVICE VERSION
22/tcp open  ssh     OpenSSH 6.2 (protocol 2.0)
| ssh2-enum-algos: 
|   kex_algorithms: (4)
|       diffie-hellman-group-exchange-sha256
|       diffie-hellman-group-exchange-sha1
|       diffie-hellman-group14-sha1
|       diffie-hellman-group1-sha1
|   server_host_key_algorithms: (2)
|       ssh-rsa
|       ssh-dss
|   encryption_algorithms: (15)
|       aes128-ctr
|       aes192-ctr
|       aes256-ctr
|       arcfour256
|       arcfour128
|       aes128-gcm@openssh.com
|       aes256-gcm@openssh.com
|       aes128-cbc
|       3des-cbc
|       blowfish-cbc
|       cast128-cbc
|       aes192-cbc
|       aes256-cbc
|       arcfour
|       rijndael-cbc@lysator.liu.se
|   mac_algorithms: (19)
|       hmac-md5-etm@openssh.com
|       hmac-sha1-etm@openssh.com
|       umac-64-etm@openssh.com
|       umac-128-etm@openssh.com
|       hmac-sha2-256-etm@openssh.com
|       hmac-sha2-512-etm@openssh.com
|       hmac-ripemd160-etm@openssh.com
|       hmac-sha1-96-etm@openssh.com
|       hmac-md5-96-etm@openssh.com
|       hmac-md5
|       hmac-sha1
|       umac-64@openssh.com
|       umac-128@openssh.com
|       hmac-sha2-256
|       hmac-sha2-512
|       hmac-ripemd160
|       hmac-ripemd160@openssh.com
|       hmac-sha1-96
|       hmac-md5-96
|   compression_algorithms: (2)
|       none
|_      zlib@openssh.com

Debugging ssh connection:

ssh -v -l vagrant 192.168.45.129
debug1: kex: algorithm: diffie-hellman-group-exchange-sha256
debug1: kex: host key algorithm: ssh-rsa
debug1: kex: server->client cipher: aes128-ctr MAC: umac-64-etm@openssh.com compression: none
debug1: kex: client->server cipher: aes128-ctr MAC: umac-64-etm@openssh.com compression: none
debug3: send packet: type 34
debug1: SSH2_MSG_KEX_DH_GEX_REQUEST(2048<3072<8192) sent
debug1: expecting SSH2_MSG_KEX_DH_GEX_GROUP
debug3: receive packet: type 31
debug1: SSH2_MSG_KEX_DH_GEX_GROUP received
debug2: bits set: 1543/3072
debug3: send packet: type 32
debug1: SSH2_MSG_KEX_DH_GEX_INIT sent
debug1: expecting SSH2_MSG_KEX_DH_GEX_REPLY
debug3: receive packet: type 33
debug1: SSH2_MSG_KEX_DH_GEX_REPLY received
debug1: Server host key: ssh-rsa SHA256:/0BrA93QVj1Sk4ndJVrRHtdPN3KH5lJM+pV5DwCaofE
debug1: load_hostkeys: fopen /Users/mbp151/.ssh/known_hosts2: No such file or directory
debug1: load_hostkeys: fopen /usr/local/etc/ssh/ssh_known_hosts: No such file or directory
debug1: load_hostkeys: fopen /usr/local/etc/ssh/ssh_known_hosts2: No such file or directory
debug3: hostkeys_find_by_key_hostfile: trying user hostfile "/Users/mbp151/.ssh/known_hosts"
debug3: hostkeys_foreach: reading file "/Users/mbp151/.ssh/known_hosts"
debug3: hostkeys_find_by_key_hostfile: trying user hostfile "/Users/mbp151/.ssh/known_hosts2"
debug1: hostkeys_find_by_key_hostfile: hostkeys file /Users/mbp151/.ssh/known_hosts2 does not exist
debug3: hostkeys_find_by_key_hostfile: trying system hostfile "/usr/local/etc/ssh/ssh_known_hosts"
debug1: hostkeys_find_by_key_hostfile: hostkeys file /usr/local/etc/ssh/ssh_known_hosts does not exist
debug3: hostkeys_find_by_key_hostfile: trying system hostfile "/usr/local/etc/ssh/ssh_known_hosts2"
debug1: hostkeys_find_by_key_hostfile: hostkeys file /usr/local/etc/ssh/ssh_known_hosts2 does not exist
The authenticity of host '192.168.45.129 (192.168.45.129)' can't be established.
RSA key fingerprint is SHA256:/0BrA93QVj1Sk4ndJVrRHtdPN3KH5lJM+pV5DwCaofE.
This key is not known by any other names.
Are you sure you want to continue connecting (yes/no/[fingerprint])?

Settings on the server:

ssh -G 192.168.45.129
host 192.168.45.129
user mbp151
hostname 192.168.45.129
port 22
addressfamily any
batchmode no
canonicalizefallbacklocal yes
canonicalizehostname false
checkhostip no
compression no
controlmaster false
enablesshkeysign no
clearallforwardings no
exitonforwardfailure no
fingerprinthash SHA256
forwardx11 no
forwardx11trusted no
gatewayports no
gssapiauthentication no
gssapidelegatecredentials no
hashknownhosts no
hostbasedauthentication no
identitiesonly no
kbdinteractiveauthentication yes
nohostauthenticationforlocalhost no
passwordauthentication yes
permitlocalcommand no
proxyusefdpass no
pubkeyauthentication true
requesttty auto
sessiontype default
stdinnull no
forkafterauthentication no
streamlocalbindunlink no
stricthostkeychecking ask
tcpkeepalive yes
tunnel false
verifyhostkeydns false
visualhostkey no
updatehostkeys true
enableescapecommandline no
canonicalizemaxdots 1
connectionattempts 1
forwardx11timeout 1200
numberofpasswordprompts 3
serveralivecountmax 3
serveraliveinterval 0
requiredrsasize 1024
obscurekeystroketiming yes
ciphers chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com
hostkeyalgorithms ssh-ed25519-cert-v01@openssh.com,ecdsa-sha2-nistp256-cert-v01@openssh.com,ecdsa-sha2-nistp384-cert-v01@openssh.com,ecdsa-sha2-nistp521-cert-v01@openssh.com,sk-ssh-ed25519-cert-v01@openssh.com,sk-ecdsa-sha2-nistp256-cert-v01@openssh.com,rsa-sha2-512-cert-v01@openssh.com,rsa-sha2-256-cert-v01@openssh.com,ssh-ed25519,ecdsa-sha2-nistp256,ecdsa-sha2-nistp384,ecdsa-sha2-nistp521,sk-ssh-ed25519@openssh.com,sk-ecdsa-sha2-nistp256@openssh.com,rsa-sha2-512,rsa-sha2-256,ssh-rsa,ssh-dss
hostbasedacceptedalgorithms ssh-ed25519-cert-v01@openssh.com,ecdsa-sha2-nistp256-cert-v01@openssh.com,ecdsa-sha2-nistp384-cert-v01@openssh.com,ecdsa-sha2-nistp521-cert-v01@openssh.com,sk-ssh-ed25519-cert-v01@openssh.com,sk-ecdsa-sha2-nistp256-cert-v01@openssh.com,rsa-sha2-512-cert-v01@openssh.com,rsa-sha2-256-cert-v01@openssh.com,ssh-ed25519,ecdsa-sha2-nistp256,ecdsa-sha2-nistp384,ecdsa-sha2-nistp521,sk-ssh-ed25519@openssh.com,sk-ecdsa-sha2-nistp256@openssh.com,rsa-sha2-512,rsa-sha2-256
kexalgorithms sntrup761x25519-sha512@openssh.com,curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1
casignaturealgorithms ssh-ed25519,ecdsa-sha2-nistp256,ecdsa-sha2-nistp384,ecdsa-sha2-nistp521,sk-ssh-ed25519@openssh.com,sk-ecdsa-sha2-nistp256@openssh.com,rsa-sha2-512,rsa-sha2-256
loglevel INFO
macs umac-64-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha1-etm@openssh.com,umac-64@openssh.com,umac-128@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1
securitykeyprovider internal
pubkeyacceptedalgorithms ssh-ed25519-cert-v01@openssh.com,ecdsa-sha2-nistp256-cert-v01@openssh.com,ecdsa-sha2-nistp384-cert-v01@openssh.com,ecdsa-sha2-nistp521-cert-v01@openssh.com,sk-ssh-ed25519-cert-v01@openssh.com,sk-ecdsa-sha2-nistp256-cert-v01@openssh.com,rsa-sha2-512-cert-v01@openssh.com,rsa-sha2-256-cert-v01@openssh.com,ssh-ed25519,ecdsa-sha2-nistp256,ecdsa-sha2-nistp384,ecdsa-sha2-nistp521,sk-ssh-ed25519@openssh.com,sk-ecdsa-sha2-nistp256@openssh.com,rsa-sha2-512,rsa-sha2-256
xauthlocation /usr/X11R6/bin/xauth
identityfile ~/.ssh/id_rsa
identityfile ~/.ssh/id_ecdsa
identityfile ~/.ssh/id_ecdsa_sk
identityfile ~/.ssh/id_ed25519
identityfile ~/.ssh/id_ed25519_sk
identityfile ~/.ssh/id_xmss
identityfile ~/.ssh/id_dsa
canonicaldomains none
globalknownhostsfile /usr/local/etc/ssh/ssh_known_hosts /usr/local/etc/ssh/ssh_known_hosts2
userknownhostsfile /Users/mbp151/.ssh/known_hosts /Users/mbp151/.ssh/known_hosts2
logverbose none
channeltimeout none
permitremoteopen any
addkeystoagent false
forwardagent no
connecttimeout none
tunneldevice any:any
canonicalizePermittedcnames none
controlpersist no
escapechar ~
ipqos af21 cs1
rekeylimit 0 0
streamlocalbindmask 0177
syslogfacility USER

json config file:

{
  "_command": "Build with `packer build macos.json`",
  "builders": [
    {
      "boot_wait": "2s",
      "disk_size": "{{ user `disk_size` }}",
      "guest_os_type": "{{ user `vmware_guest_os_type` }}",
      "iso_checksum": "none",
      "iso_url": "{{ user `iso_url` }}",
      "output_directory": "output-{{ user `vm_name` }}-vmware-iso",
      "shutdown_command": "echo '{{ user `ssh_username` }}'|sudo -S shutdown -h now",
      "skip_compaction": true,
      "communicator": "ssh",
      "ssh_password": "{{ user `ssh_password` }}",
      "ssh_port": 22,
      "ssh_timeout": "10000s",
      "ssh_username": "{{ user `ssh_username` }}",
      "ssh_key_exchange_algorithms": ["curve25519-sha256@libssh.org", "ecdh-sha2-nistp256", "ecdh-sha2-nistp384", "ecdh-sha2-nistp521", "diffie-hellman-group14-sha1", "diffie-hellman-group1-sha1"],
      "ssh_wait_timeout": "10000s",
      "tools_upload_flavor": "darwin",
      "type": "vmware-iso",
      "vm_name": "{{ user `vm_name` }}",
      "vmx_data": {
        "cpuid.coresPerSocket": "1",
        "ehci.present": "TRUE",
        "firmware": "efi",
        "hpet0.present": "TRUE",
        "ich7m.present": "TRUE",
        "keyboardAndMouseProfile": "macProfile",
        "memsize": "{{ user `memory` }}",
        "numvcpus": "{{ user `cpus` }}",
        "smc.present": "TRUE",
        "usb.present": "TRUE"
        }
    },
    {
      "boot_wait": "2s",
      "disk_size": "{{ user `disk_size` }}",
      "guest_additions_mode": "disable",
      "guest_os_type": "{{ user `virtualbox_guest_os_type` }}",
      "hard_drive_interface": "sata",
      "iso_checksum": "none",
      "iso_interface": "sata",
      "iso_url": "{{ user `iso_url` }}",
      "output_directory": "output-{{ user `vm_name` }}-virtualbox-iso",
      "post_shutdown_delay": "1m",
      "shutdown_command": "echo '{{ user `ssh_username` }}'|sudo -S shutdown -h now",
      "communicator": "ssh",
      "ssh_password": "{{ user `ssh_password` }}",
      "ssh_port": 22,
      "ssh_username": "{{ user `ssh_username` }}",
      "temporary_key_pair_type": "rsa",
      "ssh_key_exchange_algorithms": ["curve25519-sha256@libssh.org", "ecdh-sha2-nistp256", "ecdh-sha2-nistp384", "ecdh-sha2-nistp521", "diffie-hellman-group14-sha1", "diffie-hellman-group1-sha1"],
      "ssh_wait_timeout": "10000s",
      "type": "virtualbox-iso",
      "vboxmanage": [
        [ "modifyvm", "{{.Name}}", "--audiocontroller", "hda" ],
        [ "modifyvm", "{{.Name}}", "--boot1", "dvd" ],
        [ "modifyvm", "{{.Name}}", "--boot2", "disk" ],
        [ "modifyvm", "{{.Name}}", "--chipset", "ich9" ],
        [ "modifyvm", "{{.Name}}", "--firmware", "efi" ],
        [ "modifyvm", "{{.Name}}", "--hpet", "on" ],
        [ "modifyvm", "{{.Name}}", "--keyboard", "usb" ],
        [ "modifyvm", "{{.Name}}", "--memory", "{{ user `memory` }}" ],
        [ "modifyvm", "{{.Name}}", "--mouse", "usbtablet" ],
        [ "modifyvm", "{{.Name}}", "--vram", "128" ]
      ],
      "vm_name": "{{ user `vm_name` }}"
    },
    {
      "boot_wait": "5s",
      "disk_size": "{{ user `disk_size` }}",
      "guest_os_type": "{{ user `parallels_guest_os_type` }}",
      "iso_checksum": "none",
      "iso_url": "{{ user `iso_url` }}",
      "output_directory": "output-{{ user `vm_name` }}-parallels-iso",
      "parallels_tools_flavor": "mac",
      "prlctl": [
        [ "set", "{{.Name}}", "--memsize", "{{ user `memory` }}" ],
        [ "set", "{{.Name}}", "--memquota", "512:{{ user `memory` }}" ],
        [ "set", "{{.Name}}", "--cpus", "{{ user `cpus` }}" ],
        [ "set", "{{.Name}}", "--distribution", "macosx" ],
        [ "set", "{{.Name}}", "--3d-accelerate", "highest" ],
        [ "set", "{{.Name}}", "--high-resolution", "off" ],
        [ "set", "{{.Name}}", "--auto-share-camera", "off" ],
        [ "set", "{{.Name}}", "--auto-share-bluetooth", "off" ],
        [ "set", "{{.Name}}", "--on-window-close", "keep-running" ],
        [ "set", "{{.Name}}", "--isolate-vm", "off" ],
        [ "set", "{{.Name}}", "--shf-host", "off" ]
      ],
      "shutdown_command": "echo '{{ user `ssh_username` }}'|sudo -S shutdown -h now",
      "communicator": "ssh",
      "ssh_password": "{{ user `ssh_password` }}",
      "ssh_port": 22,
      "temporary_key_pair_type": "rsa",
      "ssh_key_exchange_algorithms": ["curve25519-sha256@libssh.org", "ecdh-sha2-nistp256", "ecdh-sha2-nistp384", "ecdh-sha2-nistp521", "diffie-hellman-group14-sha1", "diffie-hellman-group1-sha1"],
      "ssh_username": "{{ user `ssh_username` }}",
      "ssh_wait_timeout": "10000s",
      "type": "parallels-iso",
      "vm_name": "{{ user `vm_name` }}"
    }
  ],
  "post-processors": [
    {
      "keep_input_artifact": false,
      "output": "box/{{.Provider}}/{{user `vm_name`}}-{{user `version`}}.box",
      "type": "vagrant",
      "vagrantfile_template": "{{ user `vagrantfile_template` }}"
    }
  ],
  "provisioners": [
    {
      "destination": "/private/tmp/set_kcpassword.py",
      "source": "script/support/set_kcpassword.py",
      "type": "file"
    },
    {
      "environment_vars": [
        "AUTOLOGIN={{user `autologin`}}",
        "PACKER_LOG=1",
        "PACKER_LOG_PATH='../packerlog.txt'",
        "UPDATE={{user `update`}}",
        "INSTALL_XCODE_CLI_TOOLS={{user `install_xcode_cli_tools`}}",
        "INSTALL_VAGRANT_KEYS={{user `install_vagrant_keys`}}",
        "SSH_USERNAME={{ user `ssh_username` }}",
        "SSH_PASSWORD={{ user `ssh_password` }}"
      ],      
      "execute_command": "chmod +x {{ .Path }}; env {{ .Vars }} sudo -E -S bash -vx '{{ .Path }}'",
      "expect_disconnect": true,
      "scripts": [
        "script/vagrant.sh",
        "script/vmware.sh",
        "script/parallels.sh",
        "script/xcode-cli-tools.sh",
        "script/add-network-interface-detection.sh",
        "script/energy.sh",
        "script/autologin.sh",
        "script/update.sh",
        "script/update.sh",
        "script/update.sh",
        "script/update.sh"
      ],
      "type": "shell"
    },
    {
      "environment_vars": [
        "AUTOLOGIN={{user `autologin`}}",
        "PACKER_LOG=1",
        "PACKER_LOG_PATH='../packerlog.txt'",
        "UPDATE={{user `update`}}",
        "INSTALL_XCODE_CLI_TOOLS={{user `install_xcode_cli_tools`}}",
        "INSTALL_VAGRANT_KEYS={{user `install_vagrant_keys`}}",
        "SSH_USERNAME={{ user `ssh_username` }}",
        "SSH_PASSWORD={{ user `ssh_password` }}"
      ],
       "execute_command": "chmod +x {{ .Path }}; env {{ .Vars }} sudo -E -S bash -vx '{{ .Path }}'",
      "expect_disconnect": true,
      "scripts": [
        "script/minimize.sh"
      ],
      "start_retry_timeout": "10000s",
      "type": "shell"
    }
  ],
  "variables": {
    "autologin": "true",
    "cpus": "1",
    "disk_size": "65536",
    "install_vagrant_keys": "true",
    "install_xcode_cli_tools": "true",
    "iso_url": "dmg/OSX_InstallESD_10.9.5_13F34.dmg",
    "memory": "2048",
    "parallels_guest_os_type": "win-8",
    "communicator": "ssh",
    "ssh_password": "vagrant",
    "ssh_username": "vagrant",
    "update": "true",
    "vagrantfile_template": "",
    "version": "0.1.0",
    "vm_name": "macos109",
    "virtualbox_guest_os_type": "MacOS109_64",
    "vmware_guest_os_type": "darwin13-64"
  }  
}

macos109.json:

{
  "_comment": "Build with `packer build -var-file=macos109.json macos.json`",
  "vm_name": "macos109",
  "desktop": "true",
  "cpus": "1",
  "disk_size": "32000",
  "iso_url": "dmg/OSX_InstallESD_10.9.5_13F34.dmg",
  "memory": "2048",
  "parallels_guest_os_type": "win-8",
  "vagrantfile_template": "tpl/vagrantfile-macos109.tpl",
  "virtualbox_guest_os_type": "MacOS109_64",
  "vmware_guest_os_type": "darwin13-64"
  }

vagrantfile-macos109.tpl file:

# -*- mode: ruby -*-
# vi: set ft=ruby :

Vagrant.configure("2") do |config|
    config.vm.define "vagrant-macos109"
    config.vm.box = "macos109"

    config.vm.provider :virtualbox do |v, override|
      v.gui = true
      v.customize ["modifyvm", :id, "--audiocontroller", "hda"]
      v.customize ["modifyvm", :id, "--boot1", "dvd"]
      v.customize ["modifyvm", :id, "--boot2", "disk"]
      v.customize ["modifyvm", :id, "--chipset", "ich9"]
      v.customize ["modifyvm", :id, "--firmware", "efi"]
      v.customize ["modifyvm", :id, "--hpet", "on"]
      v.customize ["modifyvm", :id, "--keyboard", "usb"]
      v.customize ["modifyvm", :id, "--memory", "2048"]
      v.customize ["modifyvm", :id, "--mouse", "usbtablet"]
      v.customize ["modifyvm", :id, "--vram", "128"]
    end

    ["vmware_fusion", "vmware_workstation"].each do |provider| 
      config.vm.provider provider do |v, override|
        v.gui = true
        v.vmx["memsize"] = "2048"
        v.vmx["numvcpus"] = "1"
        v.vmx["firmware"] = "efi"
        v.vmx["keyboardAndMouseProfile"] = "macProfile"
        v.vmx["smc.present"] = "TRUE"
        v.vmx["hpet0.present"] = "TRUE"
        v.vmx["ich7m.present"] = "TRUE"
        v.vmx["ehci.present"] = "TRUE"
        v.vmx["usb.present"] = "TRUE"
        v.vmx["scsi0.virtualDev"] = "lsilogic"
      end
    end

    config.vm.provider :parallels do |v, override|
      v.customize ["set", :id, "--memsize", "2048"]
      v.customize ["set", :id, "--memquota", "512:2048"]
      v.customize ["set", :id, "--cpus", "2"]
      v.customize ["set", :id, "--distribution", "macosx"]
      v.customize ["set", :id, "--3d-accelerate", "highest"]
      v.customize ["set", :id, "--high-resolution", "off"]
      v.customize ["set", :id, "--auto-share-camera", "off"]
      v.customize ["set", :id, "--auto-share-bluetooth", "off"]
      v.customize ["set", :id, "--on-window-close", "keep-running"]
      v.customize ["set", :id, "--isolate-vm", "off"]
      v.customize ["set", :id, "--shf-host", "off"]
    end
end

Configuration options:

PACKER_LOG_PATH="./packer.log" \
PACKER_LOG=1 packer build \
-only=vmware-iso \
-var-file=macos109.json \
-var 'install_vagrant_keys=true' \
-var 'autologin=true' \
-var 'update=true' \
-var 'install_xcode_cli_tools=true' \
-var 'ssh_username=vagrant' \
-var 'ssh_password=vagrant' \
macos.json

startergo commented 6 months ago

So, the same setup works for macOS El Capitan and the server supports:

nmap --script ssh2-enum-algos -sV -p 22 192.168.45.131      
Starting Nmap 7.95 ( https://nmap.org ) at 2024-05-24 09:46 EDT
Nmap scan report for 192.168.45.131
Host is up (1.3s latency).

PORT   STATE SERVICE VERSION
22/tcp open  ssh     OpenSSH 6.9 (protocol 2.0)
| ssh2-enum-algos: 
|   kex_algorithms: (6)
|       curve25519-sha256@libssh.org
|       ecdh-sha2-nistp256
|       ecdh-sha2-nistp384
|       ecdh-sha2-nistp521
|       diffie-hellman-group-exchange-sha256
|       diffie-hellman-group14-sha1
|   server_host_key_algorithms: (4)
|       ssh-rsa
|       ssh-dss
|       ecdsa-sha2-nistp256
|       ssh-ed25519
|   encryption_algorithms: (6)
|       chacha20-poly1305@openssh.com
|       aes128-ctr
|       aes192-ctr
|       aes256-ctr
|       aes128-gcm@openssh.com
|       aes256-gcm@openssh.com
|   mac_algorithms: (10)
|       umac-64-etm@openssh.com
|       umac-128-etm@openssh.com
|       hmac-sha2-256-etm@openssh.com
|       hmac-sha2-512-etm@openssh.com
|       hmac-sha1-etm@openssh.com
|       umac-64@openssh.com
|       umac-128@openssh.com
|       hmac-sha2-256
|       hmac-sha2-512
|       hmac-sha1
|   compression_algorithms: (2)
|       none
|_      zlib@openssh.com

Server configuration EC:

vagrant$ sudo sshd -T
port 22
protocol 2
addressfamily any
listenaddress [::]:22
listenaddress 0.0.0.0:22
usepam yes
serverkeybits 1024
logingracetime 120
keyregenerationinterval 3600
x11displayoffset 10
maxauthtries 6
maxsessions 10
clientaliveinterval 0
clientalivecountmax 3
streamlocalbindmask 0177
permitrootlogin yes
ignorerhosts yes
ignoreuserknownhosts no
rhostsrsaauthentication no
hostbasedauthentication no
hostbasedusesnamefrompacketonly no
rsaauthentication yes
pubkeyauthentication yes
kerberosauthentication no
kerberosorlocalpasswd yes
kerberosticketcleanup yes
gssapiauthentication no
gssapikeyexchange no
gssapicleanupcredentials yes
gssapistrictacceptorcheck no
gssapistorecredentialsonrekey no
passwordauthentication no
kbdinteractiveauthentication yes
challengeresponseauthentication yes
printmotd yes
printlastlog yes
x11forwarding no
x11uselocalhost yes
permittty yes
permituserrc yes
strictmodes yes
tcpkeepalive yes
permitemptypasswords no
permituserenvironment no
uselogin no
compression delayed
gatewayports no
usedns no
allowtcpforwarding yes
allowagentforwarding yes
allowstreamlocalforwarding yes
useprivilegeseparation sandbox
fingerprinthash SHA256
pidfile /var/run/sshd.pid
xauthlocation xauth
ciphers chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com
macs umac-64-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha1-etm@openssh.com,umac-64@openssh.com,umac-128@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1
versionaddendum none
kexalgorithms curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha1
hostbasedacceptedkeytypes *
pubkeyacceptedkeytypes *
loglevel INFO
syslogfacility AUTHPRIV
authorizedkeysfile .ssh/authorized_keys
hostkey /etc/ssh/ssh_host_rsa_key
hostkey /etc/ssh/ssh_host_dsa_key
hostkey /etc/ssh/ssh_host_ecdsa_key
hostkey /etc/ssh/ssh_host_ed25519_key
acceptenv LANG
acceptenv LC_*
subsystem sftp /usr/libexec/sftp-server
maxstartups 10:30:100
permittunnel no
ipqos lowdelay throughput
rekeylimit 0 0
permitopen any

And I can SSH to the machine as designed:

Located networkmapper configuration file using Fusion6: /Library/Preferences/VMware Fusion/networking
2024/05/24 09:35:27 packer-plugin-vmware_v1.0.11_x5.0_darwin_amd64 plugin: 2024/05/24 09:35:27 GuestIP discovered device matching nat: vmnet8
2024/05/24 09:35:27 packer-plugin-vmware_v1.0.11_x5.0_darwin_amd64 plugin: 2024/05/24 09:35:27 Lookup up IP information...
2024/05/24 09:35:27 packer-plugin-vmware_v1.0.11_x5.0_darwin_amd64 plugin: 2024/05/24 09:35:27 GuestAddress found MAC address in VMX: 00:0c:29:0f:c3:fa
2024/05/24 09:35:27 packer-plugin-vmware_v1.0.11_x5.0_darwin_amd64 plugin: 2024/05/24 09:35:27 Trying DHCP leases path: /var/db/vmware/vmnet-dhcpd-vmnet8.leases
2024/05/24 09:35:27 packer-plugin-vmware_v1.0.11_x5.0_darwin_amd64 plugin: 2024/05/24 09:35:27 Detected IP: 192.168.45.131
2024/05/24 09:35:27 packer-plugin-vmware_v1.0.11_x5.0_darwin_amd64 plugin: 2024/05/24 09:35:27 [INFO] Attempting SSH connection to 192.168.45.131:22...
2024/05/24 09:35:27 packer-plugin-vmware_v1.0.11_x5.0_darwin_amd64 plugin: 2024/05/24 09:35:27 [DEBUG] reconnecting to TCP connection for SSH
2024/05/24 09:35:27 packer-plugin-vmware_v1.0.11_x5.0_darwin_amd64 plugin: 2024/05/24 09:35:27 [DEBUG] handshaking with SSH
2024/05/24 09:35:28 packer-plugin-vmware_v1.0.11_x5.0_darwin_amd64 plugin: 2024/05/24 09:35:28 Keyboard interactive challenge:
2024/05/24 09:35:28 packer-plugin-vmware_v1.0.11_x5.0_darwin_amd64 plugin: 2024/05/24 09:35:28 -- User:
2024/05/24 09:35:28 packer-plugin-vmware_v1.0.11_x5.0_darwin_amd64 plugin: 2024/05/24 09:35:28 -- Instructions:
2024/05/24 09:35:28 packer-plugin-vmware_v1.0.11_x5.0_darwin_amd64 plugin: 2024/05/24 09:35:28 -- Question 1: Password:
2024/05/24 09:35:29 packer-plugin-vmware_v1.0.11_x5.0_darwin_amd64 plugin: 2024/05/24 09:35:29 Keyboard interactive challenge:
2024/05/24 09:35:29 packer-plugin-vmware_v1.0.11_x5.0_darwin_amd64 plugin: 2024/05/24 09:35:29 -- User:
2024/05/24 09:35:29 packer-plugin-vmware_v1.0.11_x5.0_darwin_amd64 plugin: 2024/05/24 09:35:29 -- Instructions:
2024/05/24 09:35:29 packer-plugin-vmware_v1.0.11_x5.0_darwin_amd64 plugin: 2024/05/24 09:35:29 [DEBUG] handshake complete!
2024/05/24 09:35:29 packer-plugin-vmware_v1.0.11_x5.0_darwin_amd64 plugin: 2024/05/24 09:35:29 [DEBUG] Opening new ssh session
2024/05/24 09:35:29 packer-plugin-vmware_v1.0.11_x5.0_darwin_amd64 plugin: 2024/05/24 09:35:29 [INFO] agent forwarding enabled
2024/05/24 09:35:29 ui: [1;32m==> vmware-iso: Connected to SSH![0m
2024/05/24 09:35:29 ui: [1;32m==> vmware-iso: Uploading the 'darwin' VMware Tools[0m
2024/05/24 09:35:29 packer-plugin-vmware_v1.0.11_x5.0_darwin_amd64 plugin: 2024/05/24 09:35:29 [DEBUG] Opening new ssh session

packer.log.zip

startergo commented 6 months ago

I think I found what the issue is:

The problem
However, there is one case where this creates problems: Either the client itself or the server has a very old implementation of SSH that does not support rsa-sha2-256 or rsa-sha2-512 signatures, for example: OpenSSH <=7.2 which was released in 2016-02-29 ([release notes](https://www.openssh.com/txt/release-7.2?ref=ikarus.sg)).The problem

That being said both macOS Mavericks and Yosemite have ssh versions lower than 7.2. https://ikarus.sg/rsa-is-not-dead/ Interrogating:

ssh -G vagrant@192.168.45.129 | grep pubkeyacceptedalgorithms
pubkeyacceptedalgorithms ssh-ed25519-cert-v01@openssh.com,ecdsa-sha2-nistp256-cert-v01@openssh.com,ecdsa-sha2-nistp384-cert-v01@openssh.com,ecdsa-sha2-nistp521-cert-v01@openssh.com,sk-ssh-ed25519-cert-v01@openssh.com,sk-ecdsa-sha2-nistp256-cert-v01@openssh.com,rsa-sha2-512-cert-v01@openssh.com,rsa-sha2-256-cert-v01@openssh.com,ssh-ed25519,ecdsa-sha2-nistp256,ecdsa-sha2-nistp384,ecdsa-sha2-nistp521,sk-ssh-ed25519@openssh.com,sk-ecdsa-sha2-nistp256@openssh.com,rsa-sha2-512,rsa-sha2-256

one can see that ssh-rsa and ssh-dss are missing.

So I have added to my config file:

Host *
  PubkeyAcceptedAlgorithms +ssh-rsa,ssh-dss
  HostKeyAlgorithms +ssh-rsa,ssh-dss

ssh -G vagrant@192.168.45.129 | grep pubkeyacceptedalgorithms
pubkeyacceptedalgorithms ssh-ed25519-cert-v01@openssh.com,ecdsa-sha2-nistp256-cert-v01@openssh.com,ecdsa-sha2-nistp384-cert-v01@openssh.com,ecdsa-sha2-nistp521-cert-v01@openssh.com,sk-ssh-ed25519-cert-v01@openssh.com,sk-ecdsa-sha2-nistp256-cert-v01@openssh.com,rsa-sha2-512-cert-v01@openssh.com,rsa-sha2-256-cert-v01@openssh.com,ssh-ed25519,ecdsa-sha2-nistp256,ecdsa-sha2-nistp384,ecdsa-sha2-nistp521,sk-ssh-ed25519@openssh.com,sk-ecdsa-sha2-nistp256@openssh.com,rsa-sha2-512,rsa-sha2-256,ssh-rsa,ssh-dss

And -var 'temporary_key_pair_type=rsa' -var 'temporary_key_pair_bits=1024' But I still get

 17:31:41 [DEBUG] reconnecting to TCP connection for SSH
2024/05/24 17:31:41 packer-plugin-vmware_v1.0.11_x5.0_darwin_amd64 plugin: 2024/05/24 17:31:41 [DEBUG] handshaking with SSH
2024/05/24 17:31:41 packer-plugin-vmware_v1.0.11_x5.0_darwin_amd64 plugin: 2024/05/24 17:31:41 [DEBUG] SSH handshake err: ssh: handshake failed: EOF
2024/05/24 17:31:48 packer-plugin-vmware_v1.0.11_x5.0_darwin_amd64 plugin: 2024/05/24 17:31:48 [INFO] Attempting SSH connection to 192.168.45.129:22...
2024/05/24 17:31:48 packer-plugin-vmware_v1.0.11_x5.0_darwin_amd64 plugin: 2024/05/24 17:31:48 [DEBUG] reconnecting to TCP connection for SSH
2024/05/24 17:31:48 packer-plugin-vmware_v1.0.11_x5.0_darwin_amd64 plugin: 2024/05/24 17:31:48 [DEBUG] handshaking with SSH
2024/05/24 17:31:48 packer-plugin-vmware_v1.0.11_x5.0_darwin_amd64 plugin: 2024/05/24 17:31:48 [DEBUG] SSH handshake err: ssh: handshake failed: EOF
2024/05/24 17:31:55 packer-plugin-vmware_v1.0.11_x5.0_darwin_amd64 plugin: 2024/05/24 17:31:55 [INFO] Attempting SSH connection to 192.168.45.129:22...
2024/05/24 17:31:55 packer-plugin-vmware_v1.0.11_x5.0_darwin_amd64 plugin: 2024/05/24 17:31:55 [DEBUG] reconnecting to TCP connection for SSH
2024/05/24 17:31:55 packer-plugin-vmware_v1.0.11_x5.0_darwin_amd64 plugin: 2024/05/24 17:31:55 [DEBUG] handshaking with SSH

I have also tried to upgrade the openssh inside the server, but could not get rid of this error.

lbajolet-hashicorp commented 6 months ago

startergo commented 6 months ago

I wonder if it is possible directly to add variable to golang?

-var 'sshConfig.Config.KEXAlgos = append(sshConfig.Config.KEXAlgos, "diffie-hellman-group-exchange-sha256")'

lbajolet-hashicorp commented 6 months ago

We're using the Go library directly for performing SSH-related operations, so I'm not sure there's a lot that OpenSSH supports that we do too. Honestly though you're not the first one noticing that our SSH code is a bit rigid, we should spend time on that front to see what we can do to make it more robust. Can't promise when that will happen, but we'll try to schedule some work on this ASAP.

startergo commented 1 month ago

Can't promise when that will happen, but we'll try to schedule some work on this ASAP.

Any progress on this?

lbajolet-hashicorp commented 1 month ago

Hey @startergo,

No progress yet, it's in my backlog but I haven't had time to look at it yet, still cannot promise when that'll happen unfortunately, sorry about that :/

hashicorp / packer

SSH handshake err: ssh: handshake failed: EOF macOS VM 10.9 and 10.10 #12994