Open JB-CHAUVIN opened 3 years ago
I also had this problem yesterday, but it was my VPN. Do you have a VPN on?
Also double check your username ssh mobile@localhost -p 50922
and/or -i sshkey_rsa
Hello @sickcodes , thanks for the reply.
No I am not using VPN on my docker computer.
So weird, port SSH is running, but I can't logging at all into the naked one (SSH is working fine on big sur image with display).
I have followed your steps @JB-CHAUVIN and I am having a similar issue although I am mapping the ports 1:1 from the VM to the container this works when I run the sickcodes/docker-osx:big-sur
image when I created it.
But when I run with the img I copied from docker cp
to use sickcodes/docker-osx:naked
it seems no port are open neither the VNC one or the SSH one.
To be honest I am not sure how to debug it further from here. Your screenshots above are the same thing I see in my system, the port open and docker listening. on those port for both ssh and vnc.
Can it be that the container is getting stuck in the disk picker and never booting ?
Hello @sickcodes , thanks for the reply.
No I am not using VPN on my docker computer.
So weird, port SSH is running, but I can't logging at all into the naked one (SSH is working fine on big sur image with display).
Can you docker pull
the latest images? I can see QEMU 5.2 in the screenshot, the new images are using QEMU 6:
+ exec qemu-system-x86_64 -m 3000 -cpu Penryn,vendor=GenuineIntel,+invtsc,vmware-cpuid-freq=on,+pcid,+ssse3,+sse4.2,+popcnt,+avx,+aes,+xsave,+xsaveopt,check, -machine q35,accel=kvm:tcg -smp 4,cores=4 -usb -device usb-kbd -device usb-tablet -device 'isa-applesmc,osk=ourhardworkbythesewordsguardedpleasedontsteal(c)AppleComputerInc' -drive if=pflash,format=raw,readonly,file=/home/arch/OSX-KVM/OVMF_CODE.fd -drive if=pflash,format=raw,file=/home/arch/OSX-KVM/OVMF_VARS-1024x768.fd -smbios type=2 -audiodev alsa,id=hda -device ich9-intel-hda -device hda-duplex,audiodev=hda -device ich9-ahci,id=sata -drive id=OpenCoreBoot,if=none,snapshot=on,format=qcow2,file=/home/arch/OSX-KVM/OpenCore-Catalina/OpenCore.qcow2 -device ide-hd,bus=sata.2,drive=OpenCoreBoot -device ide-hd,bus=sata.3,drive=InstallMedia -drive id=InstallMedia,if=none,file=/home/arch/OSX-KVM/BaseSystem.img,format=qcow2 -drive id=MacHDD,if=none,file=/home/arch/OSX-KVM/mac_hdd_ng.img,format=qcow2 -device ide-hd,bus=sata.4,drive=MacHDD -netdev user,id=net0,hostfwd=tcp::10022-:22,hostfwd=tcp::5900-:5900, -device vmxnet3,netdev=net0,id=net0,mac=52:54:00:09:49:17 -monitor stdio -vga vmware -display none -vnc 0.0.0.0:99
qemu-system-x86_64: -drive if=pflash,format=raw,readonly,file=/home/arch/OSX-KVM/OVMF_CODE.fd: warning: short-form boolean option 'readonly' deprecated
Please use readonly=on instead
QEMU 6.0.0 monitor - type 'help' for more information
Trying with latest image:
+ sudo chown -R 1000:1000 /dev/snd
+ exec qemu-system-x86_64 -m 12000 -cpu Penryn,vendor=GenuineIntel,+invtsc,vmware-cpuid-freq=on,+pcid,+ssse3,+sse4.2,+popcnt,+avx,+aes,+xsave,+xsaveopt,check, -machine q35,accel=kvm:tcg -smp 4,cores=4 -usb -device usb-kbd -device usb-tablet -device 'isa-applesmc,osk=ourhardworkbythesewordsguardedpleasedontsteal(c)AppleComputerInc' -drive if=pflash,format=raw,readonly,file=/home/arch/OSX-KVM/OVMF_CODE.fd -drive if=pflash,format=raw,file=/home/arch/OSX-KVM/OVMF_VARS-1024x768.fd -smbios type=2 -audiodev alsa,id=hda -device ich9-intel-hda -device hda-duplex,audiodev=hda -device ich9-ahci,id=sata -drive id=OpenCoreBoot,if=none,snapshot=on,format=qcow2,file=/home/arch/OSX-KVM/OpenCore-Catalina/OpenCore-nopicker.qcow2 -device ide-hd,bus=sata.2,drive=OpenCoreBoot -drive id=MacHDD,if=none,file=/image,format=qcow2 -device ide-hd,bus=sata.4,drive=MacHDD -netdev user,id=net0,hostfwd=tcp::10022-:22,hostfwd=tcp::5900-:5900, -device vmxnet3,netdev=net0,id=net0,mac=52:54:00:09:49:17 -monitor stdio -vga vmware
qemu-system-x86_64: -drive if=pflash,format=raw,readonly,file=/home/arch/OSX-KVM/OVMF_CODE.fd: warning: short-form boolean option 'readonly' deprecated
Please use readonly=on instead
QEMU 6.0.0 monitor - type 'help' for more information
(qemu) ALSA lib confmisc.c:767:(parse_card) cannot find card '0'
ALSA lib conf.c:4745:(_snd_config_evaluate) function snd_func_card_driver returned error: No such file or directory
ALSA lib confmisc.c:392:(snd_func_concat) error evaluating strings
I see in the VM ports are mapped to docker
macos-nested-vm:~$ sudo netstat -atunp | grep -i docker
tcp6 0 0 :::5999 :::* LISTEN 21804/docker-proxy
tcp6 0 0 :::50922 :::* LISTEN 21790/docker-proxy
macos-nested-vm:~$
➜ ~ telnet 104.188.12.11 5999
Trying 104.197.12.11...
telnet: connect to address 104.188.12.11: Connection refused
telnet: Unable to connect to remote host
➜ ~ telnet 104.188.12.11 50922
Trying 104.188.12.11...
Connected to 11.12.197.104.bc.googleusercontent.com.
Escape character is '^]'.
^C
It seems 5999 is not open on the host machine, but 50922 on the other hand is open and proxied to the container, this might be because naked image only accept and open port 50922 in its docker file (no vnc) but still is not accesible after it started.
Can it be that the mac we installed is not listening in 10022
? is listening in 22 as defaulted ?
Happy to help debug this further if something is needed to troubleshoot.
Edit: I also notice that the image I have created even though it has autologin enable it does not auto login.
I have try booting up again the machine with the big-sur docker image, changing the port for ssh from 22 to 10022 in /etc/services
and copy this new image to my local filesystem to try to start naked docker image with the new created img from that and still same results
OpenSSH_8.1p1, LibreSSL 2.7.3
debug1: Reading configuration data /Users/fernando/.ssh/config
debug1: Reading configuration data /etc/ssh/ssh_config
debug1: /etc/ssh/ssh_config line 47: Applying options for *
debug2: resolve_canonicalize: hostname 104.184.12.11 is address
debug2: ssh_connect_direct
debug1: Connecting to 104.184.12.11 [104.184.12.11] port 50922.
debug1: Connection established.
debug1: identity file /Users/fernando/.ssh/id_rsa type 0
debug1: identity file /Users/fernando/.ssh/id_rsa-cert type -1
debug1: identity file /Users/fernando/.ssh/id_dsa type -1
debug1: identity file /Users/fernando/.ssh/id_dsa-cert type -1
debug1: identity file /Users/fernando/.ssh/id_ecdsa type -1
debug1: identity file /Users/fernando/.ssh/id_ecdsa-cert type -1
debug1: identity file /Users/fernando/.ssh/id_ed25519 type -1
debug1: identity file /Users/fernando/.ssh/id_ed25519-cert type -1
debug1: identity file /Users/fernando/.ssh/id_xmss type -1
debug1: identity file /Users/fernando/.ssh/id_xmss-cert type -1
debug1: Local version string SSH-2.0-OpenSSH_8.1
kex_exchange_identification: read: Connection reset by peer
EDIT:
Another test I did was:
docker run -i \
--device /dev/kvm \
-p 50922:22 \
-v "/var/lib/docker/fico/mac_hdd_ng.img:/image" \
-v /tmp/.X11-unix:/tmp/.X11-unix \
-e RAM=12 \
-e "NOPICKER=true"\
-e GENERATE_UNIQUE=true \
-e MASTER_PLIST_URL=https://raw.githubusercontent.com/sickcodes/osx-serial-generator/master/config-custom.plist \
sickcodes/docker-osx:naked
This actually start working and ssh reply to me asking for a password but the password I set up for the user does not work.
Same problem here.
I have big_user.ssh:50922
big_user.vnc:5900
qemu.vnc:5999
running in my container.
I tried following connections:
docker exec -it container bash
; ssh user@localhost -p 10022
)Found something new.
After added --network=host
, I can connect to big_sur:10022
& big_sur:5900
from a remote host now.
BTW, I am using podman version 3.1.2
& QEMU emulator version 6.0.0
.
Given that this problem happens with both podman & docker, I think they are not responsible.
@coppercash can you share the complete command you run to accomplished this ?
I have just re tried and I got this ports listening on the docker host machine, but then no route to the container running the OSX
tcp 0 0 0.0.0.0:10022 0.0.0.0: LISTEN 11489/qemu-system-x tcp 0 0 0.0.0.0:5900 0.0.0.0: LISTEN 11489/qemu-system-x
And same issue I had it seems that something is open in the port but nothing is listening in ssh.
telnet 107.178.223.181 10022
Trying 107.178.223.181...
Connected to 181.223.178.107.bc.googleusercontent.com.
Escape character is '^]'.
I will really appreciate your docker run command for the naked image to see if I am setting some options wrong.
podman run -i --name mike \
--device /dev/kvm \
-e EXTRA="-display none -vnc 0.0.0.0:99,password=on" \
-v `pwd`/volumes/image:/image \
-e SMP=30 -e CORES=1 -e RAM=56 \
-e WIDTH=1600 -e HEIGHT=900 \
-e NOPICKER=true \
-e GENERATE_UNIQUE=true \
-e MASTER_PLIST_URL='https://raw.githubusercontent.com/sickcodes/osx-serial-generator/master/config-nopicker-custom.plist' \
--network=host \
docker.io/sickcodes/docker-osx:naked
Here it is, the complete command. And as I said, instead of docker, I use podman. But it should make little difference. podman is a drop-in replacement to docker.
Although, now,
I can ssh to the macOS running inside the container from a remote host,
this is a barely acceptable workaround.
Because after adding --network=host
there are two problems:
Gonna dig deeper when I get some time.
@coppercash solved the above issue with Docker-OSX podman in the following comment: https://github.com/sickcodes/Docker-OSX/issues/246
podman run --name mike \
-d \
--device /dev/kvm \
-v `pwd`/volumes/image:/image \
-e EXTRA="-display none -vnc 0.0.0.0:99,password=on" \
-e SMP=30 -e CORES=1 -e RAM=56 \
-e WIDTH=1600 -e HEIGHT=900 \
-e GENERATE_UNIQUE=true \
-e MASTER_PLIST_URL='https://raw.githubusercontent.com/sickcodes/osx-serial-generator/master/config-nopicker-custom.plist' \
-p 65022:10022 \
-p 65000:5900 \
-p 65001:5999 \
docker.io/sickcodes/docker-osx:naked
This is my current command to boot.
$ ssh will@127.0.0.1 -p 65022 -vvvvv
OpenSSH_8.4p1, OpenSSL 1.1.1k FIPS 25 Mar 2021
debug1: Reading configuration data /etc/ssh/ssh_config
debug3: /etc/ssh/ssh_config line 55: Including file /etc/ssh/ssh_config.d/50-redhat.conf depth 0
debug1: Reading configuration data /etc/ssh/ssh_config.d/50-redhat.conf
debug2: checking match for 'final all' host 127.0.0.1 originally 127.0.0.1
debug3: /etc/ssh/ssh_config.d/50-redhat.conf line 3: not matched 'final'
debug2: match not found
debug3: /etc/ssh/ssh_config.d/50-redhat.conf line 5: Including file /etc/crypto-policies/back-ends/openssh.config depth 1 (parse only)
debug1: Reading configuration data /etc/crypto-policies/back-ends/openssh.config
debug3: gss kex names ok: [gss-curve25519-sha256-,gss-nistp256-sha256-,gss-group14-sha256-,gss-group16-sha512-]
debug3: kex names ok: [curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512]
debug1: configuration requests final Match pass
debug2: resolve_canonicalize: hostname 127.0.0.1 is address
debug1: re-parsing configuration
debug1: Reading configuration data /etc/ssh/ssh_config
debug3: /etc/ssh/ssh_config line 55: Including file /etc/ssh/ssh_config.d/50-redhat.conf depth 0
debug1: Reading configuration data /etc/ssh/ssh_config.d/50-redhat.conf
debug2: checking match for 'final all' host 127.0.0.1 originally 127.0.0.1
debug3: /etc/ssh/ssh_config.d/50-redhat.conf line 3: matched 'final'
debug2: match found
debug3: /etc/ssh/ssh_config.d/50-redhat.conf line 5: Including file /etc/crypto-policies/back-ends/openssh.config depth 1
debug1: Reading configuration data /etc/crypto-policies/back-ends/openssh.config
debug3: gss kex names ok: [gss-curve25519-sha256-,gss-nistp256-sha256-,gss-group14-sha256-,gss-group16-sha512-]
debug3: kex names ok: [curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512]
debug3: expanded UserKnownHostsFile '~/.ssh/known_hosts' -> '/var/home/core/.ssh/known_hosts'
debug3: expanded UserKnownHostsFile '~/.ssh/known_hosts2' -> '/var/home/core/.ssh/known_hosts2'
debug2: ssh_connect_direct
debug1: Connecting to 127.0.0.1 [127.0.0.1] port 65022.
debug1: Connection established.
debug1: identity file /var/home/core/.ssh/id_rsa type -1
debug1: identity file /var/home/core/.ssh/id_rsa-cert type -1
debug1: identity file /var/home/core/.ssh/id_dsa type -1
debug1: identity file /var/home/core/.ssh/id_dsa-cert type -1
debug1: identity file /var/home/core/.ssh/id_ecdsa type -1
debug1: identity file /var/home/core/.ssh/id_ecdsa-cert type -1
debug1: identity file /var/home/core/.ssh/id_ecdsa_sk type -1
debug1: identity file /var/home/core/.ssh/id_ecdsa_sk-cert type -1
debug1: identity file /var/home/core/.ssh/id_ed25519 type 3
debug1: identity file /var/home/core/.ssh/id_ed25519-cert type -1
debug1: identity file /var/home/core/.ssh/id_ed25519_sk type -1
debug1: identity file /var/home/core/.ssh/id_ed25519_sk-cert type -1
debug1: identity file /var/home/core/.ssh/id_xmss type -1
debug1: identity file /var/home/core/.ssh/id_xmss-cert type -1
debug1: Local version string SSH-2.0-OpenSSH_8.4
^C
And, still, ssh just stucks at the last line. The same goes for vnc. I think there is still something wrong with the port binding.
~I think I found the cause.
With command ss
(docker exec -it docker-osx bash
in advance), I got~
Netid State Recv-Q Send-Q Local Address:Port Peer Address:Port Process
u_str ESTAB 0 0 * 68725 * 0
tcp ESTAB 0 0 127.0.0.1:10022 127.0.0.1:55012
tcp ESTAB 0 0 10.0.2.100:48434 10.0.2.100:10022
tcp ESTAB 0 0 127.0.0.1:55012 127.0.0.1:10022
tcp ESTAB 21 0 10.0.2.100:10022 10.0.2.100:48434
~It seems that qemu only opens port 10022 to local access. And all accesses from outside the container are blocked. Confirmed by viewing the sshd log inside big sur, with~
log config --mode "level:debug" --subsystem com.openssh.sshd
~log stream --level debug 2>&1 | grep sshd
~~When I connect from outside the container, nothing appeared in the log. But when from inside, a lot of related logs.~
It turned out the cause I found was not the real one. However, now, I got a solution, though I still don't know the cause.
Previously I was using podman
, which is slightly different with docker
.
The strictly drop-in replacement should be sudo podman
,
which is the command I am currently use (and it works).
I suspect that plain podman
lacks of some cap
s to alter the rules within iptables
,
maybe NET_ADMIN
or NET_RAW
.
Since sudo podman
is good enough for me,
I won't spend more time on finding out the real cause.
Have we found any solution ?
I keep getting the same "wrong password" error.
Port looks running, but I can't log in into the MAC DOCKER via SSH.
PS : I don't have podman on my system.
Have we found any solution ?
I keep getting the same "wrong password" error.
Port looks running, but I can't log in into the MAC DOCKER via SSH.
PS : I don't have podman on my system.
Have you tried --networt=host
?
I have the same problem?
summary: Use -- netword=host to configure,Connect 10022 port。 or podman exec -it a96e861916e6 /bin/bash -c "ssh user@localhost -p 10022" There are no problems!
Only the mapped 50922 port connection did not respond, I suspect that it is a problem with podman. I don't know whether docker also has this problem.
It turned out the cause I found was not the real one. However, now, I got a solution, though I still don't know the cause.
Previously I was using
podman
, which is slightly different withdocker
. The strictly drop-in replacement should besudo podman
, which is the command I am currently use (and it works).I suspect that plain
podman
lacks of somecap
s to alter the rules withiniptables
, maybeNET_ADMIN
orNET_RAW
. Sincesudo podman
is good enough for me, I won't spend more time on finding out the real cause.
PodMan correct security breaches by limiting capacities of the container. Using it with sudo or --privilegied basically make it like docker and fail the purpose. Docker-OSX should fine tune what it needs and configure PodMan to work with it, rather than just exploding all securities and executing as root
Hey @ficofer just wondering if you managed to get it working, having the same issue. Thanks!
Hello,
I configured an image using the following command :
What I've done :
Then, I saved the HDD :
But when I start it naked, I can't SSH into it...
Error is : ssh mobile@localhost -p 50922 kex_exchange_identification: Connection closed by remote host
Any ideas why ? Please find Docker's log when I run naked container, and some info about my system.
OS related issued, please help us identify the issue by posting the output of this :