Cannot SSH into Boxes’ VMs

zyklon · October 6, 2019, 12:24am

I run most recent Fedora Silverblue 31 beta and Gnome-Boxes from Flathub.

When I create VMs (tried CentOS 8 and Fedora IoT x86_64), I can SSH into the host system from those VMs, but I cannot SSH into the VMs from my host system. At least in CentOS, remote access is set to active in the system’s sharing settings. Can anyone reproduce?

Example output when trying to connect to CentOS 8:

> ssh -v frank@10.0.2.15
OpenSSH_8.0p1, OpenSSL 1.1.1d FIPS  10 Sep 2019
debug1: Reading configuration data /etc/ssh/ssh_config
debug1: Reading configuration data /etc/ssh/ssh_config.d/05-redhat.conf
debug1: Reading configuration data /etc/crypto-policies/back-ends/openssh.config
debug1: configuration requests final Match pass
debug1: re-parsing configuration
debug1: Reading configuration data /etc/ssh/ssh_config
debug1: Reading configuration data /etc/ssh/ssh_config.d/05-redhat.conf
debug1: Reading configuration data /etc/crypto-policies/back-ends/openssh.config
debug1: Connecting to 10.0.2.15 [10.0.2.15] port 22.
debug1: connect to address 10.0.2.15 port 22: Connection timed out
ssh: connect to host 10.0.2.15 port 22: Connection timed out

feborges · October 6, 2019, 4:41pm

We don’t have a bridged network setup in the GNOME Boxes Flatpak version. This is a limitation of the sandbox nature of Flatpak. We have plans to introduce the feature differently, see Get bridged network working on the Flatpak (#232) · Issues · GNOME / GNOME Boxes · GitLab

zyklon · October 6, 2019, 5:42pm

Ah, good to know. Especially cool to see recent progress here, too! Thank you!

zyklon · October 7, 2019, 12:18am

By the way: I followed the Wiki article and got this error:

> LANG=en_US.utf8; virsh create boxes-unknown.xml 
error: Failed to create domain from boxes-unknown.xml
error: Cannot check QEMU binary /app/bin/qemu-system-x86_64: No such file or directory

I therefore had to adjust the <emulator> and its <source> paths. Maybe you could alter these to realative paths, so that this would not be a problem for different locations when you think of RPMs / Flatpaks / Distribution paths.

feborges · October 7, 2019, 8:36am

This is much harder than creating the network interface in the guest. From within the Flatpak sandbox we wouldn’t be able to run qemu-bridge-helper. It needs to run priviledged. The solution we are looking into involves writing code to spawn a priviledged binary in the host and prompt the user for the permissions.

zyklon · October 7, 2019, 8:44pm

So I now use Gnome Boxes RPM and still can ping the host from inside, but not the VM from the host. Shouldn’t this be posslbie?

feborges · October 8, 2019, 8:43am

You need to make sure that qemu-bridge-helper is being called and has the right permissions, and that the “bridge” network interface (virbr0) is being created.

Topic		Replies	Views
SSH into gnome boxes VM Project Discussion silverblue-team	1	1975	November 12, 2020
Unable to start GNOME Boxes in Silverblue 32 (virtualization backend error) Project Discussion silverblue-team	6	2516	May 28, 2020
Using Surfshark VPN on Silverblue 41 Ask Fedora silverblue , 3rd-party-software , atomic-desktops	24	421	December 19, 2024
SSH into a Toolbox Project Discussion silverblue-team	21	7484	April 8, 2020
Fresh install of Silverblue Ask Fedora f34 , f36 , silverblue	4	632	June 17, 2022

Cannot SSH into Boxes’ VMs

Related topics