search

sickcodes / Docker-OSX

Run macOS VM in a Docker! Run near native OSX-KVM in Docker! X11 Forwarding! CI/CD for OS X Security Research! Docker mac Containers.
https://hub.docker.com/r/sickcodes/docker-osx
GNU General Public License v3.0
36.1k stars 1.78k forks source link

Unable to copy ssh key to OSX (Connection refused) #355

Open cyruscook opened 2 years ago

cyruscook commented 2 years ago

Hello,

I am running into an issue attempting to run docker-osx:auto:

$ sudo chmod 666 /var/run/docker.sock && sudo docker run -it \
    --device /dev/kvm \
    `-p 50922:10022` \
    -v /tmp/.X11-unix:/tmp/.X11-unix \
    -e "DISPLAY=${DISPLAY:-:0.0}" -e TERMS_OF_USE=i_agree \
    sickcodes/docker-osx:auto
By using this Dockerfile, you hereby agree that you are a security reseacher or developer and agree to use this Dockerfile to make the world a safer place. Examples include: making your apps safer, finding your mobile phone, compiling security products, etc. You understand that Docker-OSX is an Open Source project, which is released to the public under the GNU Pulic License version 3 and above. You acknowledge that the Open Source project is absolutely unaffiliated with any third party, in any form whatsoever. Any trademarks or intelectual property which happen to be mentioned anywhere in or around the project are owned by their respective owners. By using this Dockerfile, you agree to agree to the EULA of each piece of upstream or downstream software. The following code is released for the sole purpose of security research, under the GNU Public License version 3. If you are concerned about the licensing, please note that this project is not AGPL. A copy of the license is available online: https://github.com/sickcodes/Docker-OSX/blob/master/LICENSE. In order to use the following Dockerfile you must read and understand the terms. Once you have read the terms, use the -e TERMS_OF_USE=i_agree or -e TERMS_OF_USE=i_disagree
Disk is being copied between layers... Please wait a minute...
  File: /home/arch/OSX-KVM/mac_hdd_ng.img
  Size: 19139461120 Blocks: 37381768   IO Block: 4096   regular file
Device: fe01h/65025d    Inode: 4205515     Links: 1
Access: (0644/-rw-r--r--)  Uid: ( 1000/    arch)   Gid: ( 1000/    arch)
Access: 2021-10-06 21:30:20.824023020 +0000
Modify: 2021-10-06 21:30:20.824023020 +0000
Change: 2021-10-06 21:30:20.860689998 +0000
 Birth: 2021-10-06 19:32:33.809038436 +0000
Large image is being copied between layers, please wait a minute...
ssh-keygen: generating new host keys: RSA DSA ECDSA ED25519
nohup: appending output to 'nohup.out'
Booting Docker-OSX in the background. Please wait...
++ id -u
++ id -g
+ sudo chown 1000:1000 /dev/kvm
/usr/sbin/ssh-copy-id: INFO: Source of key(s) to be installed: "/home/arch/.ssh/id_docker_osx.pub"
++ id -u
++ id -g
+ sudo chown -R 1000:1000 /dev/snd
+ [[ 3 = max ]]
+ [[ 3 = half ]]
++ id -u
++ id -g
+ sudo chown -R 1000:1000 /dev/snd
+ exec qemu-system-x86_64 -m 3000 -cpu Penryn,vendor=GenuineIntel,+invtsc,vmware-cpuid-freq=on,+ssse3,+sse4.2,+popcnt,+avx,+aes,+xsave,+xsaveopt,check, -machine q35,accel=kvm:tcg -smp 4,cores=4 -usb -device usb-kbd -device usb-tablet -device 'isa-applesmc,osk=ourhardworkbythesewordsguardedpleasedontsteal(c)AppleComputerInc' -drive if=pflash,format=raw,readonly=on,file=/home/arch/OSX-KVM/OVMF_CODE.fd -drive if=pflash,format=raw,file=/home/arch/OSX-KVM/OVMF_VARS-1024x768.fd -smbios type=2 -audiodev alsa,id=hda -device ich9-intel-hda -device hda-duplex,audiodev=hda -device ich9-ahci,id=sata -drive id=OpenCoreBoot,if=none,snapshot=on,format=qcow2,file=/home/arch/OSX-KVM/OpenCore-Catalina/OpenCore-nopicker.qcow2 -device ide-hd,bus=sata.2,drive=OpenCoreBoot -drive id=MacHDD,if=none,file=/home/arch/OSX-KVM/mac_hdd_ng.img,format=qcow2 -device ide-hd,bus=sata.4,drive=MacHDD -netdev user,id=net0,hostfwd=tcp::10022-:22,hostfwd=tcp::5900-:5900, -device vmxnet3,netdev=net0,id=net0,mac=52:54:00:09:49:17 -monitor stdio -boot menu=on -vga vmware
ssh: connect to host 127.0.0.1 port 10022: Connection refused
Disk is being copied between layers. Repeating until able to copy SSH key into OSX...
qemu-system-x86_64: warning: dbind: Couldn't connect to accessibility bus: Failed to connect to socket /tmp/dbus-Z6DHjxYaQD: No such file or directory
qemu-system-x86_64: -drive id=OpenCoreBoot,if=none,snapshot=on,format=qcow2,file=/home/arch/OSX-KVM/OpenCore-Catalina/OpenCore-nopicker.qcow2: Could not open '/home/arch/OSX-KVM/OpenCore-Catalina/OpenCore-nopicker.qcow2': No such file or directory
/usr/sbin/ssh-copy-id: INFO: Source of key(s) to be installed: "/home/arch/.ssh/id_docker_osx.pub"
ssh: connect to host 127.0.0.1 port 10022: Connection refused
Disk is being copied between layers. Repeating until able to copy SSH key into OSX...
/usr/sbin/ssh-copy-id: INFO: Source of key(s) to be installed: "/home/arch/.ssh/id_docker_osx.pub"
ssh: connect to host 127.0.0.1 port 10022: Connection refused
Disk is being copied between layers. Repeating until able to copy SSH key into OSX...
(above repeats...)

Do you have any ideas what would be causing this? I have left this running for quite a long time and it just continues.

The readme suggests using -p 50922:10022 which I believe means that port 50922 will map to port 10022 on OSX, however it seems that ssh is trying to connect to port 10022 but on the host?

AceHack commented 2 years ago

Very similar here I get

qemu-system-x86_64: -drive id=OpenCoreBoot,if=none,snapshot=on,format=qcow2,file=/home/arch/OSX-KVM/OpenCore-Catalina/OpenCore-nopicker.qcow2: Could not open '/home/arch/OSX-KVM/OpenCore-Catalina/OpenCore-nopicker.qcow2': No such file or directory

jpmorrison commented 2 years ago

You need to enable remote login in macOS to use port 10022 and connect to the container ip address. You should be able use the docker port forward with localhost.

ssh  -p 10022 macuser@172.17.0.2
ssh -p 50933 macuser@localhost

you can connect to the container too 

ssh  arch@172.17.0.2

If something got messed up and the container password wasn't set, you can just attach a shell and fix things.


sudo docker container ls
sudo docker container exec -it xxxxconainterid  /bin/bash
[arch@xxxxconainterid   OSX-KVM]$   sudo su
``
cyruscook commented 2 years ago

@jpmorrison Thank You for the advice.

ssh  -p 10022 macuser@172.17.0.2
ssh -p 50933 macuser@localhost

These do not connect (ssh: connect to host 172.17.0.2/localhost port 10022/50933: Connection refused).

ssh  arch@172.17.0.2

This connects but requires a password, I can't find a password for the user "arch" anywhere in the repo?

sudo docker container ls
sudo docker container exec -it xxxxconainterid  /bin/bash
[arch@xxxxconainterid   OSX-KVM]$   sudo su

This does work, but I am not sure how I can fix this? I would really appreciate it if you can give me some steps I can run through from here. Thanks

jpmorrison commented 2 years ago

For ssh to work to the macOS guest you need to finish installing, go into settings and enable remote login.

image

image

The arch default password is alpine . You can change it in the container:

sudo docker container exec -it xxxxconainterid  /bin/bash
[arch@xxxxconainterid   OSX-KVM]$ sudo su
[arch@xxxxconainterid   OSX-KVM]# passwd arch
cyruscook commented 2 years ago

@jpmorrison

Thank You, I am now able to login with ssh arch@172.17.0.2, however I am not sure what to do from here.

I am still unable to boot macOS, docker still does not start because of the original error:

Disk is being copied between layers. Repeating until able to copy SSH key into OSX...
/usr/sbin/ssh-copy-id: INFO: Source of key(s) to be installed: "/home/arch/.ssh/id_docker_osx.pub"
ssh: connect to host 127.0.0.1 port 10022: Connection refused

Do you have any ideas?

MaxPowerReforged commented 2 years ago

@cyruscook what worked for me was to use sudo su before running the docker container, using the Monterey image and the Catalina one.

cyruscook commented 2 years ago

@MaxPowerReforged sorry, could you clarify? Did you run sudo su in the host computer or the docker container? I am already running docker with sudo. I also have now attempted running docker within sudo su on host, but that did not change the result.

MaxPowerReforged commented 2 years ago

@cyruscook Yes, exactly. I run sudo su in the host computer. For some reason in my case it produced different results thant running the command with sudo. But you are using a different image than I am so there could be other problems sadly, I am sorry I cannot provide more clarification

cyruscook commented 2 years ago

Thank You for your help, that's fine! I was trying to run catalina but I ran into problems with the install process freezing which is why I am trying to use the pre-installed image. Perhaps I should just try again with catalina.

jpmorrison commented 2 years ago

@jpmorrison

Thank You, I am now able to login with ssh arch@172.17.0.2, however I am not sure what to do from here.

I am still unable to boot macOS, docker still does not start because of the original error:

Disk is being copied between layers. Repeating until able to copy SSH key into OSX...
/usr/sbin/ssh-copy-id: INFO: Source of key(s) to be installed: "/home/arch/.ssh/id_docker_osx.pub"
ssh: connect to host 127.0.0.1 port 10022: Connection refused

Do you have any ideas?

If you can ssh or attach the container then it's running. ps aux should show qemu running. I had issues with Catalina freezing, but I think it's a qemu bug using X displays. Could look at suggestions in https://github.com/sickcodes/Docker-OSX/issues/191 https://github.com/sickcodes/Docker-OSX/issues/218

Eventually I got Catalina installed with SSH/VNC enabled and I could confirm macOS was running. I gave up on X and used the spice config. Also virt-viewer/remote-viewer in Ubuntu is too old and doesn't work - mouse won't move. Installed version 10 for Windows and remote viewer works fine https://virt-manager.org/download/sources/virt-viewer/virt-viewer-10.0.tar.xz