starred/Docker-OSX
1
0
Fork 0
mirror of https://github.com/sickcodes/Docker-OSX.git synced 2026-01-11 21:10:25 +01:00
Code Issues 411 Packages Projects Releases Wiki Activity

Can't SSH into naked container with my own CI/CD .img #184

New Issue
Open
opened 2025-12-29 00:19:49 +01:00 by adam · 20 comments
adam commented 2025-12-29 00:19:49 +01:00
Owner
Copy Link

Originally created by @JB-CHAUVIN on GitHub (May 6, 2021).

Hello,

I configured an image using the following command :

docker run -it --device /dev/kvm -p 50922:10022 -v /tmp/.X11-unix:/tmp/.X11-unix -e "DISPLAY=${DISPLAY:-:0.0}" -e RAM=12 -e GENERATE_UNIQUE=true -e MASTER_PLIST_URL=https://raw.githubusercontent.com/sickcodes/osx-serial-generator/master/config-custom.plist sickcodes/docker-osx:big-sur

What I've done :

  • Xcode installation
  • SSH server enabled
  • Auto login

Then, I saved the HDD :

docker cp XXX:/home/arch/OSX-KVM/mac_hdd_ng.img .

But when I start it naked, I can't SSH into it...

docker run -it --device /dev/kvm -p 50922:10022 -v "${PWD}/mac_hdd_ng.img:/image" -v /tmp/.X11-unix:/tmp/.X11-unix -e RAM=12 -e "NOPICKER=true" -e GENERATE_UNIQUE=true -e MASTER_PLIST_URL=https://raw.githubusercontent.com/sickcodes/osx-serial-generator/master/config-custom.plist sickcodes/docker-osx:naked

Error is :
ssh mobile@localhost -p 50922
kex_exchange_identification: Connection closed by remote host

Any ideas why ?
Please find Docker's log when I run naked container, and some info about my system.

### cleaning up ...
libguestfs: trace: close
libguestfs: closing guestfs handle 0x55f97b7a1d90 (state 2)
libguestfs: trace: internal_autosync
guestfsd: => umount_all (0x2f) took 0.03 secs
guestfsd: <= internal_autosync (0x11a) request length 40 bytes
umount-all: /proc/mounts: fsname=/dev/root dir=/ type=ext2 opts=rw,noatime freq=0 passno=0
umount-all: /proc/mounts: fsname=/proc dir=/proc type=proc opts=rw,relatime freq=0 passno=0
umount-all: /proc/mounts: fsname=/sys dir=/sys type=sysfs opts=rw,relatime freq=0 passno=0
umount-all: /proc/mounts: fsname=tmpfs dir=/run type=tmpfs opts=rw,nosuid,relatime,size=147976k,mode=755,inode64 freq=0 passno=0
umount-all: /proc/mounts: fsname=/dev dir=/dev type=devtmpfs opts=rw,relatime,size=364212k,nr_inodes=91053,mode=755,inode64 freq=0 passno=0
umount-all: /proc/mounts: fsname=/dev/pts dir=/dev/pts type=devpts opts=rw,relatime,mode=600,ptmxmode=000 freq=0 passno=0
umount-all: /proc/mounts: fsname=shmfs dir=/dev/shm type=tmpfs opts=rw,relatime,inode64 freq=0 passno=0
commandrvf: stdout=n stderr=y flags=0x0
commandrvf: udevadm --debug settle -E /dev/sdb
No filesystem is currently mounted on /sys/fs/cgroup.
Failed to determine unit we run in, ignoring: No data available
commandrvf: stdout=n stderr=y flags=0x0
commandrvf: udevadm --debug settle -E /dev/sda
No filesystem is currently mounted on /sys/fs/cgroup.
Failed to determine unit we run in, ignoring: No data available
fsync /dev/sda
libguestfs: trace: internal_autosync = 0
libguestfs: sending SIGTERM to process 1242
libguestfs: qemu maxrss 219720K
libguestfs: command: run: rm
libguestfs: command: run: \ -rf /tmp/libguestfsZFAYga
libguestfs: command: run: rm
libguestfs: command: run: \ -rf /tmp/libguestfsJxUSWU
DEVICE_MODEL,SERIAL,BOARD_SERIAL,UUID,MAC_ADDRESS,WIDTH,HEIGHT
"iMacPro1,1","C02YLHYGHX87","C02916501QXJG361F","0D506953-5637-4DE9-8FE9-22A316C96DE7","88:66:5A:BE:A7:4D","1920","1080"
DEVICE_MODEL	SERIAL	BOARD_SERIAL	UUID	MAC_ADDRESS	WIDTH	HEIGHT
iMacPro1,1	C02YLHYGHX87	C02916501QXJG361F	0D506953-5637-4DE9-8FE9-22A316C96DE7	88:66:5A:BE:A7:4D	1920	1080

ssh-keygen: generating new host keys: RSA DSA ECDSA ED25519
nohup: appending output to 'nohup.out'
++ id -u
++ id -g
+ sudo chown 1000:1000 /dev/kvm
++ id -u
++ id -g
+ sudo chown -R 1000:1000 /dev/snd
+ [[ 12 = max ]]
+ [[ 12 = half ]]
++ id -u
++ id -g
+ sudo chown -R 1000:1000 /dev/snd
+ exec qemu-system-x86_64 -m 12000 -cpu Penryn,vendor=GenuineIntel,+invtsc,vmware-cpuid-freq=on,+pcid,+ssse3,+sse4.2,+popcnt,+avx,+aes,+xsave,+xsaveopt,check -machine q35,accel=kvm:tcg -smp 4,cores=4 -usb -device usb-kbd -device usb-tablet -device 'isa-applesmc,osk=ourhardworkbythesewordsguardedpleasedontsteal(c)AppleComputerInc' -drive if=pflash,format=raw,readonly,file=/home/arch/OSX-KVM/OVMF_CODE.fd -drive if=pflash,format=raw,file=/home/arch/OSX-KVM/OVMF_VARS-1024x768.fd -smbios type=2 -audiodev alsa,id=hda -device ich9-intel-hda -device hda-duplex,audiodev=hda -device ich9-ahci,id=sata -drive id=OpenCoreBoot,if=none,snapshot=on,format=qcow2,file=/home/arch/OSX-KVM/OpenCore-Catalina/OpenCore-nopicker.qcow2 -device ide-hd,bus=sata.2,drive=OpenCoreBoot -drive id=MacHDD,if=none,file=/image,format=qcow2 -device ide-hd,bus=sata.4,drive=MacHDD -netdev user,id=net0,hostfwd=tcp::10022-:22,hostfwd=tcp::5900-:5900, -device vmxnet3,netdev=net0,id=net0,mac=52:54:00:09:49:17 -monitor stdio -vga vmware
QEMU 5.2.0 monitor - type 'help' for more information
(qemu) ALSA lib confmisc.c:767:(parse_card) cannot find card '0'
ALSA lib conf.c:4745:(_snd_config_evaluate) function snd_func_card_driver returned error: No such file or directory
ALSA lib confmisc.c:392:(snd_func_concat) error evaluating strings
ALSA lib conf.c:4745:(_snd_config_evaluate) function snd_func_concat returned error: No such file or directory
ALSA lib confmisc.c:1246:(snd_func_refer) error evaluating name
ALSA lib conf.c:4745:(_snd_config_evaluate) function snd_func_refer returned error: No such file or directory
ALSA lib conf.c:5233:(snd_config_expand) Evaluate error: No such file or directory
ALSA lib pcm.c:2660:(snd_pcm_open_noupdate) Unknown PCM default
alsa: Could not initialize DAC
alsa: Failed to open `default':
alsa: Reason: No such file or directory
ALSA lib confmisc.c:767:(parse_card) cannot find card '0'
ALSA lib conf.c:4745:(_snd_config_evaluate) function snd_func_card_driver returned error: No such file or directory
ALSA lib confmisc.c:392:(snd_func_concat) error evaluating strings
ALSA lib conf.c:4745:(_snd_config_evaluate) function snd_func_concat returned error: No such file or directory
ALSA lib confmisc.c:1246:(snd_func_refer) error evaluating name
ALSA lib conf.c:4745:(_snd_config_evaluate) function snd_func_refer returned error: No such file or directory
ALSA lib conf.c:5233:(snd_config_expand) Evaluate error: No such file or directory
ALSA lib pcm.c:2660:(snd_pcm_open_noupdate) Unknown PCM default
alsa: Could not initialize DAC
alsa: Failed to open `default':
alsa: Reason: No such file or directory
audio: Failed to create voice `dac'
ALSA lib confmisc.c:767:(parse_card) cannot find card '0'
ALSA lib conf.c:4745:(_snd_config_evaluate) function snd_func_card_driver returned error: No such file or directory
ALSA lib confmisc.c:392:(snd_func_concat) error evaluating strings
ALSA lib conf.c:4745:(_snd_config_evaluate) function snd_func_concat returned error: No such file or directory
ALSA lib confmisc.c:1246:(snd_func_refer) error evaluating name
ALSA lib conf.c:4745:(_snd_config_evaluate) function snd_func_refer returned error: No such file or directory
ALSA lib conf.c:5233:(snd_config_expand) Evaluate error: No such file or directory
ALSA lib pcm.c:2660:(snd_pcm_open_noupdate) Unknown PCM default
alsa: Could not initialize ADC
alsa: Failed to open `default':
alsa: Reason: No such file or directory
ALSA lib confmisc.c:767:(parse_card) cannot find card '0'
ALSA lib conf.c:4745:(_snd_config_evaluate) function snd_func_card_driver returned error: No such file or directory
ALSA lib confmisc.c:392:(snd_func_concat) error evaluating strings
ALSA lib conf.c:4745:(_snd_config_evaluate) function snd_func_concat returned error: No such file or directory
ALSA lib confmisc.c:1246:(snd_func_refer) error evaluating name
ALSA lib conf.c:4745:(_snd_config_evaluate) function snd_func_refer returned error: No such file or directory
ALSA lib conf.c:5233:(snd_config_expand) Evaluate error: No such file or directory
ALSA lib pcm.c:2660:(snd_pcm_open_noupdate) Unknown PCM default
alsa: Could not initialize ADC
alsa: Failed to open `default':
alsa: Reason: No such file or directory
audio: Failed to create voice `adc'

OS related issued, please help us identify the issue by posting the output of this :

1
NAME="Ubuntu"
PRETTY_NAME="Ubuntu 20.04.2 LTS"
VERSION_CODENAME=focal
UBUNTU_CODENAME=focal
Sys. de fichiers Taille Utilisé Dispo Uti% Monté sur
/dev/nvme0n1p3     168G    125G   34G  79% /
QEMU emulator version 4.2.1 (Debian 1:4.2-3ubuntu6.15)
Copyright (c) 2003-2019 Fabrice Bellard and the QEMU Project developers
libvirtd (libvirt) 6.0.0
              total       utilisé      libre     partagé tamp/cache   disponible
Mem:           15Gi       1,1Gi       265Mi       120Mi        13Gi        13Gi
Partition d'échange:       2,0Gi       540Mi       1,5Gi
8
16
crw-rw----+ 1 root kvm 10, 232 mai    6 17:51 /dev/kvm
total 8,0K
drwxrwxrwt  2 root root 4,0K mai    6 17:51 .
drwxrwxrwt 19 root root 4,0K mai    6 17:51 ..
srwxrwxrwx  1 jb   jb      0 mai    5 12:27 X0
srwxrwxr-x  1 gdm  gdm     0 mai    5 12:27 X1024
srwxrwxr-x  1 gdm  gdm     0 mai    5 12:27 X1025
srwxrwxrwx  1 jb   jb      0 mai    6 17:51 X99
root        1497  0.2  0.2 1833448 41052 ?       Ssl  mai05   5:10 /usr/bin/dockerd -H fd:// --containerd=/run/containerd/containerd.sock
jb         23144  0.0  0.0  17692  2708 pts/1    S+   18:04   0:00 grep --color=auto dockerd
d0f94d8c9ca1   sickcodes/docker-osx:naked   "/bin/bash -c 'sudo …"   13 minutes ago   Up 13 minutes   0.0.0.0:50922->10022/tcp, :::50922->10022/tcp   xenodochial_curie
kvm:x:108:
docker:x:998:jb
libvirt:x:134:jb
libvirt-qemu:x:64055:libvirt-qemu
libvirt-dnsmasq:x:135:
Originally created by @JB-CHAUVIN on GitHub (May 6, 2021). Hello, I configured an image using the following command : ``` docker run -it --device /dev/kvm -p 50922:10022 -v /tmp/.X11-unix:/tmp/.X11-unix -e "DISPLAY=${DISPLAY:-:0.0}" -e RAM=12 -e GENERATE_UNIQUE=true -e MASTER_PLIST_URL=https://raw.githubusercontent.com/sickcodes/osx-serial-generator/master/config-custom.plist sickcodes/docker-osx:big-sur ``` What I've done : - Xcode installation - SSH server enabled - Auto login Then, I saved the HDD : ``` docker cp XXX:/home/arch/OSX-KVM/mac_hdd_ng.img . ``` But when I start it naked, I can't SSH into it... ```` docker run -it --device /dev/kvm -p 50922:10022 -v "${PWD}/mac_hdd_ng.img:/image" -v /tmp/.X11-unix:/tmp/.X11-unix -e RAM=12 -e "NOPICKER=true" -e GENERATE_UNIQUE=true -e MASTER_PLIST_URL=https://raw.githubusercontent.com/sickcodes/osx-serial-generator/master/config-custom.plist sickcodes/docker-osx:naked ```` Error is : **ssh mobile@localhost -p 50922 kex_exchange_identification: Connection closed by remote host** Any ideas why ? Please find Docker's log when I run naked container, and some info about my system. ``` ### cleaning up ... libguestfs: trace: close libguestfs: closing guestfs handle 0x55f97b7a1d90 (state 2) libguestfs: trace: internal_autosync guestfsd: => umount_all (0x2f) took 0.03 secs guestfsd: <= internal_autosync (0x11a) request length 40 bytes umount-all: /proc/mounts: fsname=/dev/root dir=/ type=ext2 opts=rw,noatime freq=0 passno=0 umount-all: /proc/mounts: fsname=/proc dir=/proc type=proc opts=rw,relatime freq=0 passno=0 umount-all: /proc/mounts: fsname=/sys dir=/sys type=sysfs opts=rw,relatime freq=0 passno=0 umount-all: /proc/mounts: fsname=tmpfs dir=/run type=tmpfs opts=rw,nosuid,relatime,size=147976k,mode=755,inode64 freq=0 passno=0 umount-all: /proc/mounts: fsname=/dev dir=/dev type=devtmpfs opts=rw,relatime,size=364212k,nr_inodes=91053,mode=755,inode64 freq=0 passno=0 umount-all: /proc/mounts: fsname=/dev/pts dir=/dev/pts type=devpts opts=rw,relatime,mode=600,ptmxmode=000 freq=0 passno=0 umount-all: /proc/mounts: fsname=shmfs dir=/dev/shm type=tmpfs opts=rw,relatime,inode64 freq=0 passno=0 commandrvf: stdout=n stderr=y flags=0x0 commandrvf: udevadm --debug settle -E /dev/sdb No filesystem is currently mounted on /sys/fs/cgroup. Failed to determine unit we run in, ignoring: No data available commandrvf: stdout=n stderr=y flags=0x0 commandrvf: udevadm --debug settle -E /dev/sda No filesystem is currently mounted on /sys/fs/cgroup. Failed to determine unit we run in, ignoring: No data available fsync /dev/sda libguestfs: trace: internal_autosync = 0 libguestfs: sending SIGTERM to process 1242 libguestfs: qemu maxrss 219720K libguestfs: command: run: rm libguestfs: command: run: \ -rf /tmp/libguestfsZFAYga libguestfs: command: run: rm libguestfs: command: run: \ -rf /tmp/libguestfsJxUSWU DEVICE_MODEL,SERIAL,BOARD_SERIAL,UUID,MAC_ADDRESS,WIDTH,HEIGHT "iMacPro1,1","C02YLHYGHX87","C02916501QXJG361F","0D506953-5637-4DE9-8FE9-22A316C96DE7","88:66:5A:BE:A7:4D","1920","1080" DEVICE_MODEL SERIAL BOARD_SERIAL UUID MAC_ADDRESS WIDTH HEIGHT iMacPro1,1 C02YLHYGHX87 C02916501QXJG361F 0D506953-5637-4DE9-8FE9-22A316C96DE7 88:66:5A:BE:A7:4D 1920 1080 ssh-keygen: generating new host keys: RSA DSA ECDSA ED25519 nohup: appending output to 'nohup.out' ++ id -u ++ id -g + sudo chown 1000:1000 /dev/kvm ++ id -u ++ id -g + sudo chown -R 1000:1000 /dev/snd + [[ 12 = max ]] + [[ 12 = half ]] ++ id -u ++ id -g + sudo chown -R 1000:1000 /dev/snd + exec qemu-system-x86_64 -m 12000 -cpu Penryn,vendor=GenuineIntel,+invtsc,vmware-cpuid-freq=on,+pcid,+ssse3,+sse4.2,+popcnt,+avx,+aes,+xsave,+xsaveopt,check -machine q35,accel=kvm:tcg -smp 4,cores=4 -usb -device usb-kbd -device usb-tablet -device 'isa-applesmc,osk=ourhardworkbythesewordsguardedpleasedontsteal(c)AppleComputerInc' -drive if=pflash,format=raw,readonly,file=/home/arch/OSX-KVM/OVMF_CODE.fd -drive if=pflash,format=raw,file=/home/arch/OSX-KVM/OVMF_VARS-1024x768.fd -smbios type=2 -audiodev alsa,id=hda -device ich9-intel-hda -device hda-duplex,audiodev=hda -device ich9-ahci,id=sata -drive id=OpenCoreBoot,if=none,snapshot=on,format=qcow2,file=/home/arch/OSX-KVM/OpenCore-Catalina/OpenCore-nopicker.qcow2 -device ide-hd,bus=sata.2,drive=OpenCoreBoot -drive id=MacHDD,if=none,file=/image,format=qcow2 -device ide-hd,bus=sata.4,drive=MacHDD -netdev user,id=net0,hostfwd=tcp::10022-:22,hostfwd=tcp::5900-:5900, -device vmxnet3,netdev=net0,id=net0,mac=52:54:00:09:49:17 -monitor stdio -vga vmware QEMU 5.2.0 monitor - type 'help' for more information (qemu) ALSA lib confmisc.c:767:(parse_card) cannot find card '0' ALSA lib conf.c:4745:(_snd_config_evaluate) function snd_func_card_driver returned error: No such file or directory ALSA lib confmisc.c:392:(snd_func_concat) error evaluating strings ALSA lib conf.c:4745:(_snd_config_evaluate) function snd_func_concat returned error: No such file or directory ALSA lib confmisc.c:1246:(snd_func_refer) error evaluating name ALSA lib conf.c:4745:(_snd_config_evaluate) function snd_func_refer returned error: No such file or directory ALSA lib conf.c:5233:(snd_config_expand) Evaluate error: No such file or directory ALSA lib pcm.c:2660:(snd_pcm_open_noupdate) Unknown PCM default alsa: Could not initialize DAC alsa: Failed to open `default': alsa: Reason: No such file or directory ALSA lib confmisc.c:767:(parse_card) cannot find card '0' ALSA lib conf.c:4745:(_snd_config_evaluate) function snd_func_card_driver returned error: No such file or directory ALSA lib confmisc.c:392:(snd_func_concat) error evaluating strings ALSA lib conf.c:4745:(_snd_config_evaluate) function snd_func_concat returned error: No such file or directory ALSA lib confmisc.c:1246:(snd_func_refer) error evaluating name ALSA lib conf.c:4745:(_snd_config_evaluate) function snd_func_refer returned error: No such file or directory ALSA lib conf.c:5233:(snd_config_expand) Evaluate error: No such file or directory ALSA lib pcm.c:2660:(snd_pcm_open_noupdate) Unknown PCM default alsa: Could not initialize DAC alsa: Failed to open `default': alsa: Reason: No such file or directory audio: Failed to create voice `dac' ALSA lib confmisc.c:767:(parse_card) cannot find card '0' ALSA lib conf.c:4745:(_snd_config_evaluate) function snd_func_card_driver returned error: No such file or directory ALSA lib confmisc.c:392:(snd_func_concat) error evaluating strings ALSA lib conf.c:4745:(_snd_config_evaluate) function snd_func_concat returned error: No such file or directory ALSA lib confmisc.c:1246:(snd_func_refer) error evaluating name ALSA lib conf.c:4745:(_snd_config_evaluate) function snd_func_refer returned error: No such file or directory ALSA lib conf.c:5233:(snd_config_expand) Evaluate error: No such file or directory ALSA lib pcm.c:2660:(snd_pcm_open_noupdate) Unknown PCM default alsa: Could not initialize ADC alsa: Failed to open `default': alsa: Reason: No such file or directory ALSA lib confmisc.c:767:(parse_card) cannot find card '0' ALSA lib conf.c:4745:(_snd_config_evaluate) function snd_func_card_driver returned error: No such file or directory ALSA lib confmisc.c:392:(snd_func_concat) error evaluating strings ALSA lib conf.c:4745:(_snd_config_evaluate) function snd_func_concat returned error: No such file or directory ALSA lib confmisc.c:1246:(snd_func_refer) error evaluating name ALSA lib conf.c:4745:(_snd_config_evaluate) function snd_func_refer returned error: No such file or directory ALSA lib conf.c:5233:(snd_config_expand) Evaluate error: No such file or directory ALSA lib pcm.c:2660:(snd_pcm_open_noupdate) Unknown PCM default alsa: Could not initialize ADC alsa: Failed to open `default': alsa: Reason: No such file or directory audio: Failed to create voice `adc' ``` # OS related issued, please help us identify the issue by posting the output of this : ``` 1 NAME="Ubuntu" PRETTY_NAME="Ubuntu 20.04.2 LTS" VERSION_CODENAME=focal UBUNTU_CODENAME=focal Sys. de fichiers Taille Utilisé Dispo Uti% Monté sur /dev/nvme0n1p3 168G 125G 34G 79% / QEMU emulator version 4.2.1 (Debian 1:4.2-3ubuntu6.15) Copyright (c) 2003-2019 Fabrice Bellard and the QEMU Project developers libvirtd (libvirt) 6.0.0 total utilisé libre partagé tamp/cache disponible Mem: 15Gi 1,1Gi 265Mi 120Mi 13Gi 13Gi Partition d'échange: 2,0Gi 540Mi 1,5Gi 8 16 crw-rw----+ 1 root kvm 10, 232 mai 6 17:51 /dev/kvm total 8,0K drwxrwxrwt 2 root root 4,0K mai 6 17:51 . drwxrwxrwt 19 root root 4,0K mai 6 17:51 .. srwxrwxrwx 1 jb jb 0 mai 5 12:27 X0 srwxrwxr-x 1 gdm gdm 0 mai 5 12:27 X1024 srwxrwxr-x 1 gdm gdm 0 mai 5 12:27 X1025 srwxrwxrwx 1 jb jb 0 mai 6 17:51 X99 root 1497 0.2 0.2 1833448 41052 ? Ssl mai05 5:10 /usr/bin/dockerd -H fd:// --containerd=/run/containerd/containerd.sock jb 23144 0.0 0.0 17692 2708 pts/1 S+ 18:04 0:00 grep --color=auto dockerd d0f94d8c9ca1 sickcodes/docker-osx:naked "/bin/bash -c 'sudo …" 13 minutes ago Up 13 minutes 0.0.0.0:50922->10022/tcp, :::50922->10022/tcp xenodochial_curie kvm:x:108: docker:x:998:jb libvirt:x:134:jb libvirt-qemu:x:64055:libvirt-qemu libvirt-dnsmasq:x:135: ```
adam commented 2025-12-29 00:19:50 +01:00
Author
Owner
Copy Link

@sickcodes commented on GitHub (May 6, 2021):

I also had this problem yesterday, but it was my VPN. Do you have a VPN on?

@sickcodes commented on GitHub (May 6, 2021): I also had this problem yesterday, but it was my VPN. Do you have a VPN on?
adam commented 2025-12-29 00:19:50 +01:00
Author
Owner
Copy Link

@sickcodes commented on GitHub (May 6, 2021):

Also double check your username ssh mobile@localhost -p 50922 and/or -i sshkey_rsa

@sickcodes commented on GitHub (May 6, 2021): Also double check your username `ssh mobile@localhost -p 50922` and/or `-i sshkey_rsa`
adam commented 2025-12-29 00:19:51 +01:00
Author
Owner
Copy Link

@JB-CHAUVIN commented on GitHub (May 7, 2021):

Hello @sickcodes , thanks for the reply.

No I am not using VPN on my docker computer.

So weird, port SSH is running, but I can't logging at all into the naked one (SSH is working fine on big sur image with display).

image

@JB-CHAUVIN commented on GitHub (May 7, 2021): Hello @sickcodes , thanks for the reply. No I am not using VPN on my docker computer. So weird, port SSH is running, but I can't logging at all into the naked one (SSH is working fine on big sur image with display). ![image](https://user-images.githubusercontent.com/8957878/117419084-76ae1f80-af1c-11eb-8add-c7e68c0c3923.png)
adam commented 2025-12-29 00:19:51 +01:00
Author
Owner
Copy Link

@ficofer commented on GitHub (May 9, 2021):

I have followed your steps @JB-CHAUVIN and I am having a similar issue although I am mapping the ports 1:1 from the VM to the container this works when I run the sickcodes/docker-osx:big-sur image when I created it.

But when I run with the img I copied from docker cp to use sickcodes/docker-osx:naked it seems no port are open neither the VNC one or the SSH one.

To be honest I am not sure how to debug it further from here. Your screenshots above are the same thing I see in my system, the port open and docker listening. on those port for both ssh and vnc.

Can it be that the container is getting stuck in the disk picker and never booting ?

@ficofer commented on GitHub (May 9, 2021): I have followed your steps @JB-CHAUVIN and I am having a similar issue although I am mapping the ports 1:1 from the VM to the container this works when I run the `sickcodes/docker-osx:big-sur` image when I created it. But when I run with the img I copied from `docker cp` to use `sickcodes/docker-osx:naked` it seems no port are open neither the VNC one or the SSH one. To be honest I am not sure how to debug it further from here. Your screenshots above are the same thing I see in my system, the port open and docker listening. on those port for both ssh and vnc. **Can it be that the container is getting stuck in the disk picker and never booting ?**
adam commented 2025-12-29 00:19:52 +01:00
Author
Owner
Copy Link

@sickcodes commented on GitHub (May 9, 2021):

Hello @sickcodes , thanks for the reply.

No I am not using VPN on my docker computer.

So weird, port SSH is running, but I can't logging at all into the naked one (SSH is working fine on big sur image with display).

image

Can you docker pull the latest images? I can see QEMU 5.2 in the screenshot, the new images are using QEMU 6:

+ exec qemu-system-x86_64 -m 3000 -cpu Penryn,vendor=GenuineIntel,+invtsc,vmware-cpuid-freq=on,+pcid,+ssse3,+sse4.2,+popcnt,+avx,+aes,+xsave,+xsaveopt,check, -machine q35,accel=kvm:tcg -smp 4,cores=4 -usb -device usb-kbd -device usb-tablet -device 'isa-applesmc,osk=ourhardworkbythesewordsguardedpleasedontsteal(c)AppleComputerInc' -drive if=pflash,format=raw,readonly,file=/home/arch/OSX-KVM/OVMF_CODE.fd -drive if=pflash,format=raw,file=/home/arch/OSX-KVM/OVMF_VARS-1024x768.fd -smbios type=2 -audiodev alsa,id=hda -device ich9-intel-hda -device hda-duplex,audiodev=hda -device ich9-ahci,id=sata -drive id=OpenCoreBoot,if=none,snapshot=on,format=qcow2,file=/home/arch/OSX-KVM/OpenCore-Catalina/OpenCore.qcow2 -device ide-hd,bus=sata.2,drive=OpenCoreBoot -device ide-hd,bus=sata.3,drive=InstallMedia -drive id=InstallMedia,if=none,file=/home/arch/OSX-KVM/BaseSystem.img,format=qcow2 -drive id=MacHDD,if=none,file=/home/arch/OSX-KVM/mac_hdd_ng.img,format=qcow2 -device ide-hd,bus=sata.4,drive=MacHDD -netdev user,id=net0,hostfwd=tcp::10022-:22,hostfwd=tcp::5900-:5900, -device vmxnet3,netdev=net0,id=net0,mac=52:54:00:09:49:17 -monitor stdio -vga vmware -display none -vnc 0.0.0.0:99
qemu-system-x86_64: -drive if=pflash,format=raw,readonly,file=/home/arch/OSX-KVM/OVMF_CODE.fd: warning: short-form boolean option 'readonly' deprecated
Please use readonly=on instead
QEMU 6.0.0 monitor - type 'help' for more information
@sickcodes commented on GitHub (May 9, 2021): > Hello @sickcodes , thanks for the reply. > > No I am not using VPN on my docker computer. > > So weird, port SSH is running, but I can't logging at all into the naked one (SSH is working fine on big sur image with display). > > ![image](https://user-images.githubusercontent.com/8957878/117419084-76ae1f80-af1c-11eb-8add-c7e68c0c3923.png) Can you `docker pull` the latest images? I can see QEMU 5.2 in the screenshot, the new images are using QEMU 6: ```console + exec qemu-system-x86_64 -m 3000 -cpu Penryn,vendor=GenuineIntel,+invtsc,vmware-cpuid-freq=on,+pcid,+ssse3,+sse4.2,+popcnt,+avx,+aes,+xsave,+xsaveopt,check, -machine q35,accel=kvm:tcg -smp 4,cores=4 -usb -device usb-kbd -device usb-tablet -device 'isa-applesmc,osk=ourhardworkbythesewordsguardedpleasedontsteal(c)AppleComputerInc' -drive if=pflash,format=raw,readonly,file=/home/arch/OSX-KVM/OVMF_CODE.fd -drive if=pflash,format=raw,file=/home/arch/OSX-KVM/OVMF_VARS-1024x768.fd -smbios type=2 -audiodev alsa,id=hda -device ich9-intel-hda -device hda-duplex,audiodev=hda -device ich9-ahci,id=sata -drive id=OpenCoreBoot,if=none,snapshot=on,format=qcow2,file=/home/arch/OSX-KVM/OpenCore-Catalina/OpenCore.qcow2 -device ide-hd,bus=sata.2,drive=OpenCoreBoot -device ide-hd,bus=sata.3,drive=InstallMedia -drive id=InstallMedia,if=none,file=/home/arch/OSX-KVM/BaseSystem.img,format=qcow2 -drive id=MacHDD,if=none,file=/home/arch/OSX-KVM/mac_hdd_ng.img,format=qcow2 -device ide-hd,bus=sata.4,drive=MacHDD -netdev user,id=net0,hostfwd=tcp::10022-:22,hostfwd=tcp::5900-:5900, -device vmxnet3,netdev=net0,id=net0,mac=52:54:00:09:49:17 -monitor stdio -vga vmware -display none -vnc 0.0.0.0:99 qemu-system-x86_64: -drive if=pflash,format=raw,readonly,file=/home/arch/OSX-KVM/OVMF_CODE.fd: warning: short-form boolean option 'readonly' deprecated Please use readonly=on instead QEMU 6.0.0 monitor - type 'help' for more information ```
adam commented 2025-12-29 00:19:52 +01:00
Author
Owner
Copy Link

@ficofer commented on GitHub (May 9, 2021):

Trying with latest image:

+ sudo chown -R 1000:1000 /dev/snd
+ exec qemu-system-x86_64 -m 12000 -cpu Penryn,vendor=GenuineIntel,+invtsc,vmware-cpuid-freq=on,+pcid,+ssse3,+sse4.2,+popcnt,+avx,+aes,+xsave,+xsaveopt,check, -machine q35,accel=kvm:tcg -smp 4,cores=4 -usb -device usb-kbd -device usb-tablet -device 'isa-applesmc,osk=ourhardworkbythesewordsguardedpleasedontsteal(c)AppleComputerInc' -drive if=pflash,format=raw,readonly,file=/home/arch/OSX-KVM/OVMF_CODE.fd -drive if=pflash,format=raw,file=/home/arch/OSX-KVM/OVMF_VARS-1024x768.fd -smbios type=2 -audiodev alsa,id=hda -device ich9-intel-hda -device hda-duplex,audiodev=hda -device ich9-ahci,id=sata -drive id=OpenCoreBoot,if=none,snapshot=on,format=qcow2,file=/home/arch/OSX-KVM/OpenCore-Catalina/OpenCore-nopicker.qcow2 -device ide-hd,bus=sata.2,drive=OpenCoreBoot -drive id=MacHDD,if=none,file=/image,format=qcow2 -device ide-hd,bus=sata.4,drive=MacHDD -netdev user,id=net0,hostfwd=tcp::10022-:22,hostfwd=tcp::5900-:5900, -device vmxnet3,netdev=net0,id=net0,mac=52:54:00:09:49:17 -monitor stdio -vga vmware
qemu-system-x86_64: -drive if=pflash,format=raw,readonly,file=/home/arch/OSX-KVM/OVMF_CODE.fd: warning: short-form boolean option 'readonly' deprecated
Please use readonly=on instead
QEMU 6.0.0 monitor - type 'help' for more information
(qemu) ALSA lib confmisc.c:767:(parse_card) cannot find card '0'
ALSA lib conf.c:4745:(_snd_config_evaluate) function snd_func_card_driver returned error: No such file or directory
ALSA lib confmisc.c:392:(snd_func_concat) error evaluating strings

I see in the VM ports are mapped to docker

macos-nested-vm:~$ sudo netstat -atunp | grep -i docker
tcp6       0      0 :::5999                 :::*                    LISTEN      21804/docker-proxy
tcp6       0      0 :::50922                :::*                    LISTEN      21790/docker-proxy
macos-nested-vm:~$

➜  ~ telnet 104.188.12.11 5999
Trying 104.197.12.11...
telnet: connect to address 104.188.12.11: Connection refused
telnet: Unable to connect to remote host
➜  ~ telnet 104.188.12.11 50922
Trying 104.188.12.11...
Connected to 11.12.197.104.bc.googleusercontent.com.
Escape character is '^]'.
^C

It seems 5999 is not open on the host machine, but 50922 on the other hand is open and proxied to the container, this might be because naked image only accept and open port 50922 in its docker file (no vnc) but still is not accesible after it started.

Can it be that the mac we installed is not listening in 10022 ? is listening in 22 as defaulted ?

Happy to help debug this further if something is needed to troubleshoot.

Edit: I also notice that the image I have created even though it has autologin enable it does not auto login.

@ficofer commented on GitHub (May 9, 2021): Trying with latest image: ``` + sudo chown -R 1000:1000 /dev/snd + exec qemu-system-x86_64 -m 12000 -cpu Penryn,vendor=GenuineIntel,+invtsc,vmware-cpuid-freq=on,+pcid,+ssse3,+sse4.2,+popcnt,+avx,+aes,+xsave,+xsaveopt,check, -machine q35,accel=kvm:tcg -smp 4,cores=4 -usb -device usb-kbd -device usb-tablet -device 'isa-applesmc,osk=ourhardworkbythesewordsguardedpleasedontsteal(c)AppleComputerInc' -drive if=pflash,format=raw,readonly,file=/home/arch/OSX-KVM/OVMF_CODE.fd -drive if=pflash,format=raw,file=/home/arch/OSX-KVM/OVMF_VARS-1024x768.fd -smbios type=2 -audiodev alsa,id=hda -device ich9-intel-hda -device hda-duplex,audiodev=hda -device ich9-ahci,id=sata -drive id=OpenCoreBoot,if=none,snapshot=on,format=qcow2,file=/home/arch/OSX-KVM/OpenCore-Catalina/OpenCore-nopicker.qcow2 -device ide-hd,bus=sata.2,drive=OpenCoreBoot -drive id=MacHDD,if=none,file=/image,format=qcow2 -device ide-hd,bus=sata.4,drive=MacHDD -netdev user,id=net0,hostfwd=tcp::10022-:22,hostfwd=tcp::5900-:5900, -device vmxnet3,netdev=net0,id=net0,mac=52:54:00:09:49:17 -monitor stdio -vga vmware qemu-system-x86_64: -drive if=pflash,format=raw,readonly,file=/home/arch/OSX-KVM/OVMF_CODE.fd: warning: short-form boolean option 'readonly' deprecated Please use readonly=on instead QEMU 6.0.0 monitor - type 'help' for more information (qemu) ALSA lib confmisc.c:767:(parse_card) cannot find card '0' ALSA lib conf.c:4745:(_snd_config_evaluate) function snd_func_card_driver returned error: No such file or directory ALSA lib confmisc.c:392:(snd_func_concat) error evaluating strings ``` I see in the VM ports are mapped to docker ``` macos-nested-vm:~$ sudo netstat -atunp | grep -i docker tcp6 0 0 :::5999 :::* LISTEN 21804/docker-proxy tcp6 0 0 :::50922 :::* LISTEN 21790/docker-proxy macos-nested-vm:~$ ``` ``` ➜ ~ telnet 104.188.12.11 5999 Trying 104.197.12.11... telnet: connect to address 104.188.12.11: Connection refused telnet: Unable to connect to remote host ➜ ~ telnet 104.188.12.11 50922 Trying 104.188.12.11... Connected to 11.12.197.104.bc.googleusercontent.com. Escape character is '^]'. ^C ``` It seems **5999** is not open on the host machine, but **50922** on the other hand is open and proxied to the container, this might be because **naked image only accept and open port 50922 in its docker file** (no vnc) but still is not accesible after it started. Can it be that the mac we installed is not listening in `10022` ? is listening in 22 as defaulted ? Happy to help debug this further if something is needed to troubleshoot. Edit: I also notice that the image I have created even though it has autologin enable it does not auto login.
adam commented 2025-12-29 00:19:52 +01:00
Author
Owner
Copy Link

@ficofer commented on GitHub (May 9, 2021):

I have try booting up again the machine with the big-sur docker image, changing the port for ssh from 22 to 10022 in /etc/services and copy this new image to my local filesystem to try to start naked docker image with the new created img from that and still same results

OpenSSH_8.1p1, LibreSSL 2.7.3
debug1: Reading configuration data /Users/fernando/.ssh/config
debug1: Reading configuration data /etc/ssh/ssh_config
debug1: /etc/ssh/ssh_config line 47: Applying options for *
debug2: resolve_canonicalize: hostname 104.184.12.11 is address
debug2: ssh_connect_direct
debug1: Connecting to 104.184.12.11 [104.184.12.11] port 50922.
debug1: Connection established.
debug1: identity file /Users/fernando/.ssh/id_rsa type 0
debug1: identity file /Users/fernando/.ssh/id_rsa-cert type -1
debug1: identity file /Users/fernando/.ssh/id_dsa type -1
debug1: identity file /Users/fernando/.ssh/id_dsa-cert type -1
debug1: identity file /Users/fernando/.ssh/id_ecdsa type -1
debug1: identity file /Users/fernando/.ssh/id_ecdsa-cert type -1
debug1: identity file /Users/fernando/.ssh/id_ed25519 type -1
debug1: identity file /Users/fernando/.ssh/id_ed25519-cert type -1
debug1: identity file /Users/fernando/.ssh/id_xmss type -1
debug1: identity file /Users/fernando/.ssh/id_xmss-cert type -1
debug1: Local version string SSH-2.0-OpenSSH_8.1
kex_exchange_identification: read: Connection reset by peer

EDIT:

Another test I did was:

docker run -i \
    --device /dev/kvm \
    -p 50922:22 \
    -v "/var/lib/docker/fico/mac_hdd_ng.img:/image" \
    -v /tmp/.X11-unix:/tmp/.X11-unix \
    -e RAM=12 \
    -e "NOPICKER=true"\
    -e GENERATE_UNIQUE=true \
    -e MASTER_PLIST_URL=https://raw.githubusercontent.com/sickcodes/osx-serial-generator/master/config-custom.plist \
    sickcodes/docker-osx:naked

This actually start working and ssh reply to me asking for a password but the password I set up for the user does not work.

@ficofer commented on GitHub (May 9, 2021): I have try booting up again the machine with the big-sur docker image, changing the port for ssh from 22 to 10022 in `/etc/services` and copy this new image to my local filesystem to try to start naked docker image with the new created img from that and still same results ``` ➜ ~ ssh 104.184.12.11 -p 50922 -l macuser -vvvv OpenSSH_8.1p1, LibreSSL 2.7.3 debug1: Reading configuration data /Users/fernando/.ssh/config debug1: Reading configuration data /etc/ssh/ssh_config debug1: /etc/ssh/ssh_config line 47: Applying options for * debug2: resolve_canonicalize: hostname 104.184.12.11 is address debug2: ssh_connect_direct debug1: Connecting to 104.184.12.11 [104.184.12.11] port 50922. debug1: Connection established. debug1: identity file /Users/fernando/.ssh/id_rsa type 0 debug1: identity file /Users/fernando/.ssh/id_rsa-cert type -1 debug1: identity file /Users/fernando/.ssh/id_dsa type -1 debug1: identity file /Users/fernando/.ssh/id_dsa-cert type -1 debug1: identity file /Users/fernando/.ssh/id_ecdsa type -1 debug1: identity file /Users/fernando/.ssh/id_ecdsa-cert type -1 debug1: identity file /Users/fernando/.ssh/id_ed25519 type -1 debug1: identity file /Users/fernando/.ssh/id_ed25519-cert type -1 debug1: identity file /Users/fernando/.ssh/id_xmss type -1 debug1: identity file /Users/fernando/.ssh/id_xmss-cert type -1 debug1: Local version string SSH-2.0-OpenSSH_8.1 kex_exchange_identification: read: Connection reset by peer ``` EDIT: Another test I did was: ``` docker run -i \ --device /dev/kvm \ -p 50922:22 \ -v "/var/lib/docker/fico/mac_hdd_ng.img:/image" \ -v /tmp/.X11-unix:/tmp/.X11-unix \ -e RAM=12 \ -e "NOPICKER=true"\ -e GENERATE_UNIQUE=true \ -e MASTER_PLIST_URL=https://raw.githubusercontent.com/sickcodes/osx-serial-generator/master/config-custom.plist \ sickcodes/docker-osx:naked ``` This actually start working and ssh reply to me asking for a password but the password I set up for the user does not work.
adam commented 2025-12-29 00:19:52 +01:00
Author
Owner
Copy Link

@coppercash commented on GitHub (May 17, 2021):

Same problem here.
I have big_user.ssh:50922 big_user.vnc:5900 qemu.vnc:5999 running in my container.
I tried following connections:

  • host > docker:50922
  • docker > big_sur:10022 (docker exec -it container bash; ssh user@localhost -p 10022)
  • remote > docker:5999
  • remote > docker:50922
  • remote > docker:5900
@coppercash commented on GitHub (May 17, 2021): Same problem here. I have `big_user.ssh:50922` `big_user.vnc:5900` `qemu.vnc:5999` running in my container. I tried following connections: * ❌ host > docker:50922 * ✅ docker > big_sur:10022 (`docker exec -it container bash`; `ssh user@localhost -p 10022`) * ✅ remote > docker:5999 * ❌ remote > docker:50922 * ❌ remote > docker:5900
adam commented 2025-12-29 00:19:52 +01:00
Author
Owner
Copy Link

@coppercash commented on GitHub (May 17, 2021):

Found something new.
After added --network=host, I can connect to big_sur:10022 & big_sur:5900 from a remote host now.

BTW, I am using podman version 3.1.2 & QEMU emulator version 6.0.0 .

Given that this problem happens with both podman & docker,
I think they are not responsible.

@coppercash commented on GitHub (May 17, 2021): Found something new. After added `--network=host`, I can connect to `big_sur:10022` & `big_sur:5900` from a remote host now. BTW, I am using `podman version 3.1.2` & `QEMU emulator version 6.0.0` . Given that this problem happens with both podman & docker, I think they are not responsible.
adam commented 2025-12-29 00:19:53 +01:00
Author
Owner
Copy Link

@ficofer commented on GitHub (May 17, 2021):

@coppercash can you share the complete command you run to accomplished this ?

I have just re tried and I got this ports listening on the docker host machine, but then no route to the container running the OSX

tcp 0 0 0.0.0.0:10022 0.0.0.0:* LISTEN 11489/qemu-system-x
tcp 0 0 0.0.0.0:5900 0.0.0.0:* LISTEN 11489/qemu-system-x

And same issue I had it seems that something is open in the port but nothing is listening in ssh.

telnet 107.178.223.181 10022
Trying 107.178.223.181...
Connected to 181.223.178.107.bc.googleusercontent.com.
Escape character is '^]'.

I will really appreciate your docker run command for the naked image to see if I am setting some options wrong.

@ficofer commented on GitHub (May 17, 2021): @coppercash can you share the complete command you run to accomplished this ? I have just re tried and I got this ports listening on the docker host machine, but then no route to the container running the OSX tcp 0 0 0.0.0.0:10022 0.0.0.0:* LISTEN 11489/qemu-system-x tcp 0 0 0.0.0.0:5900 0.0.0.0:* LISTEN 11489/qemu-system-x And same issue I had it seems that something is open in the port but nothing is listening in ssh. ``` telnet 107.178.223.181 10022 Trying 107.178.223.181... Connected to 181.223.178.107.bc.googleusercontent.com. Escape character is '^]'. ``` I will really appreciate your docker run command for the naked image to see if I am setting some options wrong.
adam commented 2025-12-29 00:19:53 +01:00
Author
Owner
Copy Link

@coppercash commented on GitHub (May 18, 2021):

podman run -i --name mike \
    --device /dev/kvm \
    -e EXTRA="-display none -vnc 0.0.0.0:99,password=on" \
    -v `pwd`/volumes/image:/image \
    -e SMP=30 -e CORES=1 -e RAM=56 \
    -e WIDTH=1600 -e HEIGHT=900 \
    -e NOPICKER=true \
    -e GENERATE_UNIQUE=true \
    -e MASTER_PLIST_URL='https://raw.githubusercontent.com/sickcodes/osx-serial-generator/master/config-nopicker-custom.plist' \
    --network=host \
    docker.io/sickcodes/docker-osx:naked

Here it is, the complete command.
And as I said, instead of docker, I use podman.
But it should make little difference.
podman is a drop-in replacement to docker.

Although, now,
I can ssh to the macOS running inside the container from a remote host,
this is a barely acceptable workaround.
Because after adding --network=host there are two problems:

  • it messes up the port mapping on my host
  • every time I need to boot the macOS, I have to create a new container. Or it throws a "port already bound" error

Gonna dig deeper when I get some time.

@coppercash commented on GitHub (May 18, 2021): ```bash podman run -i --name mike \ --device /dev/kvm \ -e EXTRA="-display none -vnc 0.0.0.0:99,password=on" \ -v `pwd`/volumes/image:/image \ -e SMP=30 -e CORES=1 -e RAM=56 \ -e WIDTH=1600 -e HEIGHT=900 \ -e NOPICKER=true \ -e GENERATE_UNIQUE=true \ -e MASTER_PLIST_URL='https://raw.githubusercontent.com/sickcodes/osx-serial-generator/master/config-nopicker-custom.plist' \ --network=host \ docker.io/sickcodes/docker-osx:naked ``` Here it is, the complete command. And as I said, instead of docker, I use podman. But it should make little difference. podman is a drop-in replacement to docker. Although, now, I can ssh to the macOS running inside the container from a remote host, this is a barely acceptable workaround. Because after adding `--network=host` there are two problems: * it messes up the port mapping on my host * every time I need to boot the macOS, I have to create a new container. Or it throws a "port already bound" error Gonna dig deeper when I get some time.
adam commented 2025-12-29 00:19:54 +01:00
Author
Owner
Copy Link

@sickcodes commented on GitHub (May 18, 2021):

@coppercash solved the above issue with Docker-OSX podman in the following comment: https://github.com/sickcodes/Docker-OSX/issues/246

@sickcodes commented on GitHub (May 18, 2021): @coppercash solved the above issue with Docker-OSX podman in the following comment: https://github.com/sickcodes/Docker-OSX/issues/246
adam commented 2025-12-29 00:19:54 +01:00
Author
Owner
Copy Link

@coppercash commented on GitHub (May 19, 2021):

podman run --name mike \
    -d \
    --device /dev/kvm \
    -v `pwd`/volumes/image:/image \
    -e EXTRA="-display none -vnc 0.0.0.0:99,password=on" \
    -e SMP=30 -e CORES=1 -e RAM=56 \
    -e WIDTH=1600 -e HEIGHT=900 \
    -e GENERATE_UNIQUE=true \
    -e MASTER_PLIST_URL='https://raw.githubusercontent.com/sickcodes/osx-serial-generator/master/config-nopicker-custom.plist' \
    -p 65022:10022 \
    -p 65000:5900 \
    -p 65001:5999 \
    docker.io/sickcodes/docker-osx:naked

This is my current command to boot.

$ ssh will@127.0.0.1 -p 65022 -vvvvv
OpenSSH_8.4p1, OpenSSL 1.1.1k  FIPS 25 Mar 2021
debug1: Reading configuration data /etc/ssh/ssh_config
debug3: /etc/ssh/ssh_config line 55: Including file /etc/ssh/ssh_config.d/50-redhat.conf depth 0
debug1: Reading configuration data /etc/ssh/ssh_config.d/50-redhat.conf
debug2: checking match for 'final all' host 127.0.0.1 originally 127.0.0.1
debug3: /etc/ssh/ssh_config.d/50-redhat.conf line 3: not matched 'final'
debug2: match not found
debug3: /etc/ssh/ssh_config.d/50-redhat.conf line 5: Including file /etc/crypto-policies/back-ends/openssh.config depth 1 (parse only)
debug1: Reading configuration data /etc/crypto-policies/back-ends/openssh.config
debug3: gss kex names ok: [gss-curve25519-sha256-,gss-nistp256-sha256-,gss-group14-sha256-,gss-group16-sha512-]
debug3: kex names ok: [curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512]
debug1: configuration requests final Match pass
debug2: resolve_canonicalize: hostname 127.0.0.1 is address
debug1: re-parsing configuration
debug1: Reading configuration data /etc/ssh/ssh_config
debug3: /etc/ssh/ssh_config line 55: Including file /etc/ssh/ssh_config.d/50-redhat.conf depth 0
debug1: Reading configuration data /etc/ssh/ssh_config.d/50-redhat.conf
debug2: checking match for 'final all' host 127.0.0.1 originally 127.0.0.1
debug3: /etc/ssh/ssh_config.d/50-redhat.conf line 3: matched 'final'
debug2: match found
debug3: /etc/ssh/ssh_config.d/50-redhat.conf line 5: Including file /etc/crypto-policies/back-ends/openssh.config depth 1
debug1: Reading configuration data /etc/crypto-policies/back-ends/openssh.config
debug3: gss kex names ok: [gss-curve25519-sha256-,gss-nistp256-sha256-,gss-group14-sha256-,gss-group16-sha512-]
debug3: kex names ok: [curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512]
debug3: expanded UserKnownHostsFile '~/.ssh/known_hosts' -> '/var/home/core/.ssh/known_hosts'
debug3: expanded UserKnownHostsFile '~/.ssh/known_hosts2' -> '/var/home/core/.ssh/known_hosts2'
debug2: ssh_connect_direct
debug1: Connecting to 127.0.0.1 [127.0.0.1] port 65022.
debug1: Connection established.
debug1: identity file /var/home/core/.ssh/id_rsa type -1
debug1: identity file /var/home/core/.ssh/id_rsa-cert type -1
debug1: identity file /var/home/core/.ssh/id_dsa type -1
debug1: identity file /var/home/core/.ssh/id_dsa-cert type -1
debug1: identity file /var/home/core/.ssh/id_ecdsa type -1
debug1: identity file /var/home/core/.ssh/id_ecdsa-cert type -1
debug1: identity file /var/home/core/.ssh/id_ecdsa_sk type -1
debug1: identity file /var/home/core/.ssh/id_ecdsa_sk-cert type -1
debug1: identity file /var/home/core/.ssh/id_ed25519 type 3
debug1: identity file /var/home/core/.ssh/id_ed25519-cert type -1
debug1: identity file /var/home/core/.ssh/id_ed25519_sk type -1
debug1: identity file /var/home/core/.ssh/id_ed25519_sk-cert type -1
debug1: identity file /var/home/core/.ssh/id_xmss type -1
debug1: identity file /var/home/core/.ssh/id_xmss-cert type -1
debug1: Local version string SSH-2.0-OpenSSH_8.4
^C

And, still, ssh just stucks at the last line.
The same goes for vnc.
I think there is still something wrong with the port binding.

@coppercash commented on GitHub (May 19, 2021): ```bash podman run --name mike \ -d \ --device /dev/kvm \ -v `pwd`/volumes/image:/image \ -e EXTRA="-display none -vnc 0.0.0.0:99,password=on" \ -e SMP=30 -e CORES=1 -e RAM=56 \ -e WIDTH=1600 -e HEIGHT=900 \ -e GENERATE_UNIQUE=true \ -e MASTER_PLIST_URL='https://raw.githubusercontent.com/sickcodes/osx-serial-generator/master/config-nopicker-custom.plist' \ -p 65022:10022 \ -p 65000:5900 \ -p 65001:5999 \ docker.io/sickcodes/docker-osx:naked ``` This is my current command to boot. ```bash $ ssh will@127.0.0.1 -p 65022 -vvvvv OpenSSH_8.4p1, OpenSSL 1.1.1k FIPS 25 Mar 2021 debug1: Reading configuration data /etc/ssh/ssh_config debug3: /etc/ssh/ssh_config line 55: Including file /etc/ssh/ssh_config.d/50-redhat.conf depth 0 debug1: Reading configuration data /etc/ssh/ssh_config.d/50-redhat.conf debug2: checking match for 'final all' host 127.0.0.1 originally 127.0.0.1 debug3: /etc/ssh/ssh_config.d/50-redhat.conf line 3: not matched 'final' debug2: match not found debug3: /etc/ssh/ssh_config.d/50-redhat.conf line 5: Including file /etc/crypto-policies/back-ends/openssh.config depth 1 (parse only) debug1: Reading configuration data /etc/crypto-policies/back-ends/openssh.config debug3: gss kex names ok: [gss-curve25519-sha256-,gss-nistp256-sha256-,gss-group14-sha256-,gss-group16-sha512-] debug3: kex names ok: [curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512] debug1: configuration requests final Match pass debug2: resolve_canonicalize: hostname 127.0.0.1 is address debug1: re-parsing configuration debug1: Reading configuration data /etc/ssh/ssh_config debug3: /etc/ssh/ssh_config line 55: Including file /etc/ssh/ssh_config.d/50-redhat.conf depth 0 debug1: Reading configuration data /etc/ssh/ssh_config.d/50-redhat.conf debug2: checking match for 'final all' host 127.0.0.1 originally 127.0.0.1 debug3: /etc/ssh/ssh_config.d/50-redhat.conf line 3: matched 'final' debug2: match found debug3: /etc/ssh/ssh_config.d/50-redhat.conf line 5: Including file /etc/crypto-policies/back-ends/openssh.config depth 1 debug1: Reading configuration data /etc/crypto-policies/back-ends/openssh.config debug3: gss kex names ok: [gss-curve25519-sha256-,gss-nistp256-sha256-,gss-group14-sha256-,gss-group16-sha512-] debug3: kex names ok: [curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512] debug3: expanded UserKnownHostsFile '~/.ssh/known_hosts' -> '/var/home/core/.ssh/known_hosts' debug3: expanded UserKnownHostsFile '~/.ssh/known_hosts2' -> '/var/home/core/.ssh/known_hosts2' debug2: ssh_connect_direct debug1: Connecting to 127.0.0.1 [127.0.0.1] port 65022. debug1: Connection established. debug1: identity file /var/home/core/.ssh/id_rsa type -1 debug1: identity file /var/home/core/.ssh/id_rsa-cert type -1 debug1: identity file /var/home/core/.ssh/id_dsa type -1 debug1: identity file /var/home/core/.ssh/id_dsa-cert type -1 debug1: identity file /var/home/core/.ssh/id_ecdsa type -1 debug1: identity file /var/home/core/.ssh/id_ecdsa-cert type -1 debug1: identity file /var/home/core/.ssh/id_ecdsa_sk type -1 debug1: identity file /var/home/core/.ssh/id_ecdsa_sk-cert type -1 debug1: identity file /var/home/core/.ssh/id_ed25519 type 3 debug1: identity file /var/home/core/.ssh/id_ed25519-cert type -1 debug1: identity file /var/home/core/.ssh/id_ed25519_sk type -1 debug1: identity file /var/home/core/.ssh/id_ed25519_sk-cert type -1 debug1: identity file /var/home/core/.ssh/id_xmss type -1 debug1: identity file /var/home/core/.ssh/id_xmss-cert type -1 debug1: Local version string SSH-2.0-OpenSSH_8.4 ^C ``` And, still, ssh just stucks at the last line. The same goes for vnc. I think there is still something wrong with the port binding.
adam commented 2025-12-29 00:19:54 +01:00
Author
Owner
Copy Link

@coppercash commented on GitHub (May 26, 2021):

I think I found the cause.
With command ss (docker exec -it docker-osx bash in advance), I got

Netid  State   Recv-Q   Send-Q     Local Address:Port      Peer Address:Port   Process
u_str  ESTAB   0        0                      * 68725                * 0
tcp    ESTAB   0        0              127.0.0.1:10022        127.0.0.1:55012
tcp    ESTAB   0        0             10.0.2.100:48434       10.0.2.100:10022
tcp    ESTAB   0        0              127.0.0.1:55012        127.0.0.1:10022
tcp    ESTAB   21       0             10.0.2.100:10022       10.0.2.100:48434

It seems that qemu only opens port 10022 to local access.
And all accesses from outside the container are blocked.
Confirmed by viewing the sshd log inside big sur, with

  1. log config --mode "level:debug" --subsystem com.openssh.sshd
  2. log stream --level debug 2>&1 | grep sshd

When I connect from outside the container, nothing appeared in the log.
But when from inside, a lot of related logs.

@coppercash commented on GitHub (May 26, 2021): ~I think I found the cause. With command `ss` (`docker exec -it docker-osx bash` in advance), I got~ ``` Netid State Recv-Q Send-Q Local Address:Port Peer Address:Port Process u_str ESTAB 0 0 * 68725 * 0 tcp ESTAB 0 0 127.0.0.1:10022 127.0.0.1:55012 tcp ESTAB 0 0 10.0.2.100:48434 10.0.2.100:10022 tcp ESTAB 0 0 127.0.0.1:55012 127.0.0.1:10022 tcp ESTAB 21 0 10.0.2.100:10022 10.0.2.100:48434 ``` ~It seems that qemu only opens port 10022 to local access. And all accesses from outside the container are blocked. Confirmed by viewing the sshd log inside big sur, with~ 1. ~`log config --mode "level:debug" --subsystem com.openssh.sshd`~ 2. ~`log stream --level debug 2>&1 | grep sshd`~ ~When I connect from outside the container, nothing appeared in the log. But when from inside, a lot of related logs.~
adam commented 2025-12-29 00:19:54 +01:00
Author
Owner
Copy Link

@coppercash commented on GitHub (May 28, 2021):

It turned out the cause I found was not the real one.
However, now, I got a solution, though I still don't know the cause.

Previously I was using podman, which is slightly different with docker .
The strictly drop-in replacement should be sudo podman ,
which is the command I am currently use (and it works).

I suspect that plain podman lacks of some caps to alter the rules within iptables,
maybe NET_ADMIN or NET_RAW .
Since sudo podman is good enough for me,
I won't spend more time on finding out the real cause.

@coppercash commented on GitHub (May 28, 2021): It turned out the cause I found was not the real one. However, now, I got a solution, though I still don't know the cause. Previously I was using `podman`, which is slightly different with `docker` . The strictly drop-in replacement should be `sudo podman` , which is the command I am currently use (and it works). I suspect that plain `podman` lacks of some `cap`s to alter the rules within `iptables`, maybe `NET_ADMIN` or `NET_RAW` . Since `sudo podman` is good enough for me, I won't spend more time on finding out the real cause.
adam commented 2025-12-29 00:19:55 +01:00
Author
Owner
Copy Link

@JB-CHAUVIN commented on GitHub (Jun 10, 2021):

Have we found any solution ?

I keep getting the same "wrong password" error.

Port looks running, but I can't log in into the MAC DOCKER via SSH.

PS : I don't have podman on my system.

@JB-CHAUVIN commented on GitHub (Jun 10, 2021): Have we found any solution ? I keep getting the same "wrong password" error. Port looks running, but I can't log in into the MAC DOCKER via SSH. PS : I don't have podman on my system.
adam commented 2025-12-29 00:19:56 +01:00
Author
Owner
Copy Link

@coppercash commented on GitHub (Jun 11, 2021):

Have we found any solution ?

I keep getting the same "wrong password" error.

Port looks running, but I can't log in into the MAC DOCKER via SSH.

PS : I don't have podman on my system.

Have you tried --networt=host ?

@coppercash commented on GitHub (Jun 11, 2021): > Have we found any solution ? > > I keep getting the same "wrong password" error. > > Port looks running, but I can't log in into the MAC DOCKER via SSH. > > PS : I don't have podman on my system. Have you tried `--networt=host` ?
adam commented 2025-12-29 00:19:56 +01:00
Author
Owner
Copy Link

@wfeii1980 commented on GitHub (Jan 16, 2023):

I have the same problem?

summary:
Use -- netword=host to configure,Connect 10022 port。
or
podman exec -it a96e861916e6 /bin/bash -c "ssh user@localhost -p 10022"
There are no problems!

Only the mapped 50922 port connection did not respond, I suspect that it is a problem with podman. I don't know whether docker also has this problem.

@wfeii1980 commented on GitHub (Jan 16, 2023): I have the same problem? summary: Use -- netword=host to configure,Connect 10022 port。 or podman exec -it a96e861916e6 /bin/bash -c "ssh user@localhost -p 10022" There are no problems! Only the mapped 50922 port connection did not respond, I suspect that it is a problem with podman. I don't know whether docker also has this problem.
adam commented 2025-12-29 00:19:56 +01:00
Author
Owner
Copy Link

@bphd commented on GitHub (Mar 17, 2023):

It turned out the cause I found was not the real one. However, now, I got a solution, though I still don't know the cause.

Previously I was using podman, which is slightly different with docker . The strictly drop-in replacement should be sudo podman , which is the command I am currently use (and it works).

I suspect that plain podman lacks of some caps to alter the rules within iptables, maybe NET_ADMIN or NET_RAW . Since sudo podman is good enough for me, I won't spend more time on finding out the real cause.

PodMan correct security breaches by limiting capacities of the container. Using it with sudo or --privilegied basically make it like docker and fail the purpose. Docker-OSX should fine tune what it needs and configure PodMan to work with it, rather than just exploding all securities and executing as root

@bphd commented on GitHub (Mar 17, 2023): > It turned out the cause I found was not the real one. However, now, I got a solution, though I still don't know the cause. > > Previously I was using `podman`, which is slightly different with `docker` . The strictly drop-in replacement should be `sudo podman` , which is the command I am currently use (and it works). > > I suspect that plain `podman` lacks of some `cap`s to alter the rules within `iptables`, maybe `NET_ADMIN` or `NET_RAW` . Since `sudo podman` is good enough for me, I won't spend more time on finding out the real cause. PodMan correct security breaches by limiting capacities of the container. Using it with sudo or --privilegied basically make it like docker and fail the purpose. Docker-OSX should fine tune what it needs and configure PodMan to work with it, rather than just exploding all securities and executing as root
adam commented 2025-12-29 00:19:56 +01:00
Author
Owner
Copy Link

@M-Taan commented on GitHub (Aug 22, 2023):

Hey @ficofer just wondering if you managed to get it working, having the same issue. Thanks!

@M-Taan commented on GitHub (Aug 22, 2023): Hey @ficofer just wondering if you managed to get it working, having the same issue. Thanks!
Sign in to join this conversation.
No Branch/Tag Specified
Branches Tags
Labels
Clear labels
bug
documentation
enhancement
following upstream developments
good first issue
help wanted
invalid
pull-request
Mirrored from GitHub Pull Request
 question
No Label
Milestone
No items
No Milestone
Projects
Clear projects
No project
Assignees
Clear assignees
adam
No Assignees
1 Participants
Notifications
Due Date
No due date set.
Dependencies

No dependencies set.

Reference: starred/Docker-OSX#184
Delete Branch "%!s()"

Deleting a branch is permanent. Although the deleted branch may continue to exist for a short time before it actually gets removed, it CANNOT be undone in most cases. Continue?