Cannot SSH into Boxes’ VMs

I run most recent Fedora Silverblue 31 beta and Gnome-Boxes from Flathub.

When I create VMs (tried CentOS 8 and Fedora IoT x86_64), I can SSH into the host system from those VMs, but I cannot SSH into the VMs from my host system. At least in CentOS, remote access is set to active in the system’s sharing settings. Can anyone reproduce?

Example output when trying to connect to CentOS 8:

> ssh -v frank@10.0.2.15
OpenSSH_8.0p1, OpenSSL 1.1.1d FIPS  10 Sep 2019
debug1: Reading configuration data /etc/ssh/ssh_config
debug1: Reading configuration data /etc/ssh/ssh_config.d/05-redhat.conf
debug1: Reading configuration data /etc/crypto-policies/back-ends/openssh.config
debug1: configuration requests final Match pass
debug1: re-parsing configuration
debug1: Reading configuration data /etc/ssh/ssh_config
debug1: Reading configuration data /etc/ssh/ssh_config.d/05-redhat.conf
debug1: Reading configuration data /etc/crypto-policies/back-ends/openssh.config
debug1: Connecting to 10.0.2.15 [10.0.2.15] port 22.
debug1: connect to address 10.0.2.15 port 22: Connection timed out
ssh: connect to host 10.0.2.15 port 22: Connection timed out

We don’t have a bridged network setup in the GNOME Boxes Flatpak version. This is a limitation of the sandbox nature of Flatpak. We have plans to introduce the feature differently, see https://gitlab.gnome.org/GNOME/gnome-boxes/issues/232

Ah, good to know. Especially cool to see recent progress here, too! Thank you!

By the way: I followed the Wiki article and got this error:

> LANG=en_US.utf8; virsh create boxes-unknown.xml 
error: Failed to create domain from boxes-unknown.xml
error: Cannot check QEMU binary /app/bin/qemu-system-x86_64: No such file or directory

I therefore had to adjust the <emulator> and its <source> paths. Maybe you could alter these to realative paths, so that this would not be a problem for different locations when you think of RPMs / Flatpaks / Distribution paths. :wink:

This is much harder than creating the network interface in the guest. From within the Flatpak sandbox we wouldn’t be able to run qemu-bridge-helper. It needs to run priviledged. The solution we are looking into involves writing code to spawn a priviledged binary in the host and prompt the user for the permissions.

1 Like

So I now use Gnome Boxes RPM and still can ping the host from inside, but not the VM from the host. Shouldn’t this be posslbie?

You need to make sure that qemu-bridge-helper is being called and has the right permissions, and that the “bridge” network interface (virbr0) is being created.