[WORK-AROUND] cannot ssh from host to LFS201 CentOS vm

Maxg

EDIT 4.1.2018

I've just completed my work-around for this issue, and have documented my solution below. It's not ideal, since I'd like to be working with the VM provided for this course, but this gets the job done for me:

1. ON HOST - Download the minimal iso from CentOS directly (https://centos.org/download/)
2. ON HOST - create a new virual machine in VirtualBox with the iso
3. ON HOST - set up network as NAT (default behavior)
4. ON HOST - setup port forwarding from Host 2223 to Guest 22
5. ON HOST - under Settings > System > Processor, set processors to 2
6. ON GUEST - enable networking by editing

   
   /etc/sysconfig/network-scripts/ifcfg-$IFACE_NAME

   and setting

   
   ONBOOT=yes

    

7. ON GUEST - restart networking via systemctl
8. ON GUEST - confirm openssh-server is installed
9. ON GUEST - confirm sshd is running
10. ON GUEST - confirm ssh to localhost is successful
11. ON HOST -

    
    ssh user@127.0.0.1 -p 2223

    SUCCESSFUL ACCESS OVER SSH!
12. ON GUEST - run the ready-for.sh script provided by the Linux Foundation (https://training.linuxfoundation.org/cm/prep/?course=LFS201) to install software and confirm hardware configuration
13. Do a little dance

From what I've fonund, the CentOS VM (possibly others as well? haven't tried them yet) is not provided to the students in such a way to allow access over ssh.

 

-----------------------------------------------------

 

Hello all! I've been trying to figure this out, and no luck...

My goal is to ssh from my local machine to the CentOS VM provided for LFS201. My local machine is running Ubuntu 17.10, and I'm using Virutalbox Version 5.2.8 r121009 (Qt5.9.1).

Things I've checked on the VM itself:

• sshd is running, confirmed via systemctl and via ssh'ing from the vm itself to localhost (doing `ssh localhost` works just fine)
• firewalld allows ssh, confirmed via `firewalld-cmd --list-services`
• iptables is NOT running
• no mention of an SSH attempt in /var/log/messages or /var/log/secure

• [student@CentOS7 ~]$ uname -a
  
  Linux CentOS7 3.10.0-693.21.1.el7.x86_64 #1 SMP Wed Mar 7 19:03:37 UTC 2018 x86_64 x86_64 x86_64 GNU/Linux
  
  [student@CentOS7 ~]$ cat /etc/redhat-release
  
  CentOS Linux release 7.4.1708 (Core)

Things I've checked on VirtualBox:

• Networking is setup over NAT
• Port forwarding is enabled via `VBoxManage showvminfo lfcs | grep ssh

  NIC 1 Rule(0):   name = ssh, protocol = tcp, host ip = 127.0.0.1, host port = 2222, guest ip = 10.10.2.15, guest port = 22`

Here's what happens when I try to ssh:

`ssh -p 2222 student@127.0.0.1

ssh_exchange_identification: read: Connection reset by peer`

 

Any thoughts on what I'm missing?

Thanks,

~Max

luisviveropena

Hi,

1.- Just to be sure, are you trying to connect by ssh from the host to the guest, right?

2.- Ssh service is running and accepting connections when you try in the vm itself, is that right?

3.- I see you are trying: ssh -p 2222 student@127.0.0.1 . Are you doing that in the host? If so, in that case you are trying to connect from the host to the host, not the guest. So you need to use the guest's IP, because the host should be able to reach the guest using the associated network.

Regards,

Luis.

Maxg

Hey Luis! Thanks for taking a look!

1. confirmed, trying to ssh from host to guest
2. confirmed, sshd is running in the VM itself and is accepting connections. From inside the VM, executing `ssh localhost` functions correctly (I am prompted for a password, and can authenticate successfully)
3. confirmed, I am ssh'ing from host to guest. As I understood it, since I am using VirtualBox with a NAT network, I can't ssh directly to the machine's IP and need to use port forwarding (https://www.virtualbox.org/manual/ch06.html#natforward), but I may have misunderstood.
   1. I get a Connection timed out error when ssh'ing to the IP, both with and without the port forwarding:
      1. `➜  ~ ssh -p 2222 student@10.10.2.15

         ssh: connect to host 10.10.2.15 port 2222: Connection timed out`

      2. `➜  ~ ssh student@10.10.2.15
         
         ssh: connect to host 10.10.2.15 port 22: Connection timed out`

 

luisviveropena

Hi,

If you just need to ssh into the guest, the easiest thing is to setup the network to bridged mode, and that's all. Please tell me if that works for you.

Take a look to Table 6.1. Overview in the VirtualBox user's manual:

https://www.virtualbox.org/manual/ch06.html

Regards,

Luis.

 

Maxg

Hey Luis, thanks for checking in!

I've just completed my work-around for this issue, and have documented my solution below:

1. ON HOST - Download the minimal iso from CentOS directly (https://centos.org/download/)
2. ON HOST - create a new virual machine in VirtualBox with the iso
3. ON HOST - set up network as NAT
4. ON HOST - setup port forwarding from Host 2223 to Guest 22
5. ON HOST - under Settings > System > Processor, set processors to 2
6. ON GUEST - enable networking by editing `/etc/sysconfig/network-scripts/ifcfg-$IFACE_NAME` and setting ONBOOT=yes
7. ON GUEST - restart networking via systemctl
8. ON GUEST - confirm openssh-server is installed
9. ON GUEST - confirm sshd is running
10. ON GUEST - confirm ssh to localhost is successful
11. ON HOST - ssh user@127.0.0.1 -p 2223
    1. SUCCESSFUL ACCESS OVER SSH!
12. ON GUEST - run the ready-for.sh script provided by the Linux Foundation (https://training.linuxfoundation.org/cm/prep/?course=LFS201) to install software and confirm hardware configuration

From what I've fonund, the CentOS VM (possibly others as well? haven't tried them yet) is not provided to the students in such a way to allow access over ssh.

coop

SOrry, I still don't understand.  ssh to and from the guest works on the CentOS7 VM's we provide in both vmware and virtual box as confirmed by the experience of many.  (All guest VMS have been through ready-for.sh for all relevant coruses).  The problems you have are purely on the host and the way your firewall etc is set up, probably, as seen by your need to mess with port forwarding.  Finally sshing to 127.0.0.1 would nothing as is always the local host but you have used the -p option as a work around.  Sometimes people have trouble with the ntewrok setup if the host is on wireless and not wired and/or the host is not connected to network, and changing from bridged to NAT can help. 

 

You have solved a problem with your setup on the host machine, but the workaround is nto necessary.  you should be able to use the actual IP address of the guest.

 

 

luisviveropena

Hi Maxg!

Well, that sounds like you found a harder way to solve it! Anyway, you got this fixed, so let's dance a bit and keep progressing.

Regards,

Luis.