Unable to copy ssh key to OSX (Connection refused) #253

New Issue

Open

opened 2025-12-29 00:21:47 +01:00 by adam · 10 comments

adam commented 2025-12-29 00:21:47 +01:00

Owner

Copy Link

Originally created by @cyruscook on GitHub (Oct 6, 2021).

Hello,

I am running into an issue attempting to run docker-osx:auto:

$ sudo chmod 666 /var/run/docker.sock && sudo docker run -it \
    --device /dev/kvm \
    `-p 50922:10022` \
    -v /tmp/.X11-unix:/tmp/.X11-unix \
    -e "DISPLAY=${DISPLAY:-:0.0}" -e TERMS_OF_USE=i_agree \
    sickcodes/docker-osx:auto
By using this Dockerfile, you hereby agree that you are a security reseacher or developer and agree to use this Dockerfile to make the world a safer place. Examples include: making your apps safer, finding your mobile phone, compiling security products, etc. You understand that Docker-OSX is an Open Source project, which is released to the public under the GNU Pulic License version 3 and above. You acknowledge that the Open Source project is absolutely unaffiliated with any third party, in any form whatsoever. Any trademarks or intelectual property which happen to be mentioned anywhere in or around the project are owned by their respective owners. By using this Dockerfile, you agree to agree to the EULA of each piece of upstream or downstream software. The following code is released for the sole purpose of security research, under the GNU Public License version 3. If you are concerned about the licensing, please note that this project is not AGPL. A copy of the license is available online: https://github.com/sickcodes/Docker-OSX/blob/master/LICENSE. In order to use the following Dockerfile you must read and understand the terms. Once you have read the terms, use the -e TERMS_OF_USE=i_agree or -e TERMS_OF_USE=i_disagree
Disk is being copied between layers... Please wait a minute...
  File: /home/arch/OSX-KVM/mac_hdd_ng.img
  Size: 19139461120	Blocks: 37381768   IO Block: 4096   regular file
Device: fe01h/65025d	Inode: 4205515     Links: 1
Access: (0644/-rw-r--r--)  Uid: ( 1000/    arch)   Gid: ( 1000/    arch)
Access: 2021-10-06 21:30:20.824023020 +0000
Modify: 2021-10-06 21:30:20.824023020 +0000
Change: 2021-10-06 21:30:20.860689998 +0000
 Birth: 2021-10-06 19:32:33.809038436 +0000
Large image is being copied between layers, please wait a minute...
ssh-keygen: generating new host keys: RSA DSA ECDSA ED25519
nohup: appending output to 'nohup.out'
Booting Docker-OSX in the background. Please wait...
++ id -u
++ id -g
+ sudo chown 1000:1000 /dev/kvm
/usr/sbin/ssh-copy-id: INFO: Source of key(s) to be installed: "/home/arch/.ssh/id_docker_osx.pub"
++ id -u
++ id -g
+ sudo chown -R 1000:1000 /dev/snd
+ [[ 3 = max ]]
+ [[ 3 = half ]]
++ id -u
++ id -g
+ sudo chown -R 1000:1000 /dev/snd
+ exec qemu-system-x86_64 -m 3000 -cpu Penryn,vendor=GenuineIntel,+invtsc,vmware-cpuid-freq=on,+ssse3,+sse4.2,+popcnt,+avx,+aes,+xsave,+xsaveopt,check, -machine q35,accel=kvm:tcg -smp 4,cores=4 -usb -device usb-kbd -device usb-tablet -device 'isa-applesmc,osk=ourhardworkbythesewordsguardedpleasedontsteal(c)AppleComputerInc' -drive if=pflash,format=raw,readonly=on,file=/home/arch/OSX-KVM/OVMF_CODE.fd -drive if=pflash,format=raw,file=/home/arch/OSX-KVM/OVMF_VARS-1024x768.fd -smbios type=2 -audiodev alsa,id=hda -device ich9-intel-hda -device hda-duplex,audiodev=hda -device ich9-ahci,id=sata -drive id=OpenCoreBoot,if=none,snapshot=on,format=qcow2,file=/home/arch/OSX-KVM/OpenCore-Catalina/OpenCore-nopicker.qcow2 -device ide-hd,bus=sata.2,drive=OpenCoreBoot -drive id=MacHDD,if=none,file=/home/arch/OSX-KVM/mac_hdd_ng.img,format=qcow2 -device ide-hd,bus=sata.4,drive=MacHDD -netdev user,id=net0,hostfwd=tcp::10022-:22,hostfwd=tcp::5900-:5900, -device vmxnet3,netdev=net0,id=net0,mac=52:54:00:09:49:17 -monitor stdio -boot menu=on -vga vmware
ssh: connect to host 127.0.0.1 port 10022: Connection refused
Disk is being copied between layers. Repeating until able to copy SSH key into OSX...
qemu-system-x86_64: warning: dbind: Couldn't connect to accessibility bus: Failed to connect to socket /tmp/dbus-Z6DHjxYaQD: No such file or directory
qemu-system-x86_64: -drive id=OpenCoreBoot,if=none,snapshot=on,format=qcow2,file=/home/arch/OSX-KVM/OpenCore-Catalina/OpenCore-nopicker.qcow2: Could not open '/home/arch/OSX-KVM/OpenCore-Catalina/OpenCore-nopicker.qcow2': No such file or directory
/usr/sbin/ssh-copy-id: INFO: Source of key(s) to be installed: "/home/arch/.ssh/id_docker_osx.pub"
ssh: connect to host 127.0.0.1 port 10022: Connection refused
Disk is being copied between layers. Repeating until able to copy SSH key into OSX...
/usr/sbin/ssh-copy-id: INFO: Source of key(s) to be installed: "/home/arch/.ssh/id_docker_osx.pub"
ssh: connect to host 127.0.0.1 port 10022: Connection refused
Disk is being copied between layers. Repeating until able to copy SSH key into OSX...
(above repeats...)

Do you have any ideas what would be causing this? I have left this running for quite a long time and it just continues.

The readme suggests using -p 50922:10022 which I believe means that port 50922 will map to port 10022 on OSX, however it seems that ssh is trying to connect to port 10022 but on the host?

Originally created by @cyruscook on GitHub (Oct 6, 2021). Hello, I am running into an issue attempting to run `docker-osx:auto`: ``` $ sudo chmod 666 /var/run/docker.sock && sudo docker run -it \ --device /dev/kvm \ `-p 50922:10022` \ -v /tmp/.X11-unix:/tmp/.X11-unix \ -e "DISPLAY=${DISPLAY:-:0.0}" -e TERMS_OF_USE=i_agree \ sickcodes/docker-osx:auto By using this Dockerfile, you hereby agree that you are a security reseacher or developer and agree to use this Dockerfile to make the world a safer place. Examples include: making your apps safer, finding your mobile phone, compiling security products, etc. You understand that Docker-OSX is an Open Source project, which is released to the public under the GNU Pulic License version 3 and above. You acknowledge that the Open Source project is absolutely unaffiliated with any third party, in any form whatsoever. Any trademarks or intelectual property which happen to be mentioned anywhere in or around the project are owned by their respective owners. By using this Dockerfile, you agree to agree to the EULA of each piece of upstream or downstream software. The following code is released for the sole purpose of security research, under the GNU Public License version 3. If you are concerned about the licensing, please note that this project is not AGPL. A copy of the license is available online: https://github.com/sickcodes/Docker-OSX/blob/master/LICENSE. In order to use the following Dockerfile you must read and understand the terms. Once you have read the terms, use the -e TERMS_OF_USE=i_agree or -e TERMS_OF_USE=i_disagree Disk is being copied between layers... Please wait a minute... File: /home/arch/OSX-KVM/mac_hdd_ng.img Size: 19139461120 Blocks: 37381768 IO Block: 4096 regular file Device: fe01h/65025d Inode: 4205515 Links: 1 Access: (0644/-rw-r--r--) Uid: ( 1000/ arch) Gid: ( 1000/ arch) Access: 2021-10-06 21:30:20.824023020 +0000 Modify: 2021-10-06 21:30:20.824023020 +0000 Change: 2021-10-06 21:30:20.860689998 +0000 Birth: 2021-10-06 19:32:33.809038436 +0000 Large image is being copied between layers, please wait a minute... ssh-keygen: generating new host keys: RSA DSA ECDSA ED25519 nohup: appending output to 'nohup.out' Booting Docker-OSX in the background. Please wait... ++ id -u ++ id -g + sudo chown 1000:1000 /dev/kvm /usr/sbin/ssh-copy-id: INFO: Source of key(s) to be installed: "/home/arch/.ssh/id_docker_osx.pub" ++ id -u ++ id -g + sudo chown -R 1000:1000 /dev/snd + [[ 3 = max ]] + [[ 3 = half ]] ++ id -u ++ id -g + sudo chown -R 1000:1000 /dev/snd + exec qemu-system-x86_64 -m 3000 -cpu Penryn,vendor=GenuineIntel,+invtsc,vmware-cpuid-freq=on,+ssse3,+sse4.2,+popcnt,+avx,+aes,+xsave,+xsaveopt,check, -machine q35,accel=kvm:tcg -smp 4,cores=4 -usb -device usb-kbd -device usb-tablet -device 'isa-applesmc,osk=ourhardworkbythesewordsguardedpleasedontsteal(c)AppleComputerInc' -drive if=pflash,format=raw,readonly=on,file=/home/arch/OSX-KVM/OVMF_CODE.fd -drive if=pflash,format=raw,file=/home/arch/OSX-KVM/OVMF_VARS-1024x768.fd -smbios type=2 -audiodev alsa,id=hda -device ich9-intel-hda -device hda-duplex,audiodev=hda -device ich9-ahci,id=sata -drive id=OpenCoreBoot,if=none,snapshot=on,format=qcow2,file=/home/arch/OSX-KVM/OpenCore-Catalina/OpenCore-nopicker.qcow2 -device ide-hd,bus=sata.2,drive=OpenCoreBoot -drive id=MacHDD,if=none,file=/home/arch/OSX-KVM/mac_hdd_ng.img,format=qcow2 -device ide-hd,bus=sata.4,drive=MacHDD -netdev user,id=net0,hostfwd=tcp::10022-:22,hostfwd=tcp::5900-:5900, -device vmxnet3,netdev=net0,id=net0,mac=52:54:00:09:49:17 -monitor stdio -boot menu=on -vga vmware ssh: connect to host 127.0.0.1 port 10022: Connection refused Disk is being copied between layers. Repeating until able to copy SSH key into OSX... qemu-system-x86_64: warning: dbind: Couldn't connect to accessibility bus: Failed to connect to socket /tmp/dbus-Z6DHjxYaQD: No such file or directory qemu-system-x86_64: -drive id=OpenCoreBoot,if=none,snapshot=on,format=qcow2,file=/home/arch/OSX-KVM/OpenCore-Catalina/OpenCore-nopicker.qcow2: Could not open '/home/arch/OSX-KVM/OpenCore-Catalina/OpenCore-nopicker.qcow2': No such file or directory /usr/sbin/ssh-copy-id: INFO: Source of key(s) to be installed: "/home/arch/.ssh/id_docker_osx.pub" ssh: connect to host 127.0.0.1 port 10022: Connection refused Disk is being copied between layers. Repeating until able to copy SSH key into OSX... /usr/sbin/ssh-copy-id: INFO: Source of key(s) to be installed: "/home/arch/.ssh/id_docker_osx.pub" ssh: connect to host 127.0.0.1 port 10022: Connection refused Disk is being copied between layers. Repeating until able to copy SSH key into OSX... (above repeats...) ``` Do you have any ideas what would be causing this? I have left this running for quite a long time and it just continues. The readme suggests using `-p 50922:10022` which I believe means that port `50922` will map to port `10022` on OSX, however it seems that ssh is trying to connect to port `10022` but on the host?

adam commented 2025-12-29 00:21:49 +01:00

Author

Owner

Copy Link

@AceHack commented on GitHub (Oct 7, 2021):

Very similar here I get

qemu-system-x86_64: -drive id=OpenCoreBoot,if=none,snapshot=on,format=qcow2,file=/home/arch/OSX-KVM/OpenCore-Catalina/OpenCore-nopicker.qcow2: Could not open '/home/arch/OSX-KVM/OpenCore-Catalina/OpenCore-nopicker.qcow2': No such file or directory

@AceHack commented on GitHub (Oct 7, 2021): Very similar here I get `qemu-system-x86_64: -drive id=OpenCoreBoot,if=none,snapshot=on,format=qcow2,file=/home/arch/OSX-KVM/OpenCore-Catalina/OpenCore-nopicker.qcow2: Could not open '/home/arch/OSX-KVM/OpenCore-Catalina/OpenCore-nopicker.qcow2': No such file or directory`

adam commented 2025-12-29 00:21:49 +01:00

Author

Owner

Copy Link

@jpmorrison commented on GitHub (Oct 8, 2021):

You need to enable remote login in macOS to use port 10022 and connect to the container ip address.
You should be able use the docker port forward with localhost.

ssh  -p 10022 macuser@172.17.0.2
ssh -p 50933 macuser@localhost

you can connect to the container too

ssh  arch@172.17.0.2

If something got messed up and the container password wasn't set, you can just attach a shell and fix things.

sudo docker container ls
sudo docker container exec -it xxxxconainterid  /bin/bash
[arch@xxxxconainterid   OSX-KVM]$   sudo su
``

@jpmorrison commented on GitHub (Oct 8, 2021): You need to enable remote login in macOS to use port 10022 and connect to the container ip address. You should be able use the docker port forward with localhost. ```shell ssh -p 10022 macuser@172.17.0.2 ssh -p 50933 macuser@localhost ``` you can connect to the container too ```shell ssh arch@172.17.0.2 ``` If something got messed up and the container password wasn't set, you can just attach a shell and fix things. ```shell sudo docker container ls sudo docker container exec -it xxxxconainterid /bin/bash [arch@xxxxconainterid OSX-KVM]$ sudo su ``

adam commented 2025-12-29 00:21:49 +01:00

Author

Owner

Copy Link

@cyruscook commented on GitHub (Oct 8, 2021):

@jpmorrison Thank You for the advice.

ssh  -p 10022 macuser@172.17.0.2
ssh -p 50933 macuser@localhost

These do not connect (ssh: connect to host 172.17.0.2/localhost port 10022/50933: Connection refused).

ssh  arch@172.17.0.2

This connects but requires a password, I can't find a password for the user "arch" anywhere in the repo?

sudo docker container ls
sudo docker container exec -it xxxxconainterid  /bin/bash
[arch@xxxxconainterid   OSX-KVM]$   sudo su

This does work, but I am not sure how I can fix this? I would really appreciate it if you can give me some steps I can run through from here.
Thanks

@cyruscook commented on GitHub (Oct 8, 2021): @jpmorrison Thank You for the advice. > ``` > ssh -p 10022 macuser@172.17.0.2 > ssh -p 50933 macuser@localhost > ``` These do not connect (`ssh: connect to host 172.17.0.2/localhost port 10022/50933: Connection refused`). > ``` > ssh arch@172.17.0.2 > ``` This connects but requires a password, I can't find a password for the user "arch" anywhere in the repo? > ``` > sudo docker container ls > sudo docker container exec -it xxxxconainterid /bin/bash > [arch@xxxxconainterid OSX-KVM]$ sudo su > ``` This does work, but I am not sure how I can fix this? I would really appreciate it if you can give me some steps I can run through from here. Thanks

adam commented 2025-12-29 00:21:50 +01:00

Author

Owner

Copy Link

@jpmorrison commented on GitHub (Oct 8, 2021):

For ssh to work to the macOS guest you need to finish installing, go into settings and enable remote login.

The arch default password is alpine . You can change it in the container:

sudo docker container exec -it xxxxconainterid  /bin/bash
[arch@xxxxconainterid   OSX-KVM]$ sudo su
[arch@xxxxconainterid   OSX-KVM]# passwd arch

@jpmorrison commented on GitHub (Oct 8, 2021): For ssh to work to the macOS guest you need to finish installing, go into settings and enable remote login.   The arch default password is `alpine` . You can change it in the container: ``` sudo docker container exec -it xxxxconainterid /bin/bash [arch@xxxxconainterid OSX-KVM]$ sudo su [arch@xxxxconainterid OSX-KVM]# passwd arch ```

adam commented 2025-12-29 00:21:50 +01:00

Author

Owner

Copy Link

@cyruscook commented on GitHub (Oct 8, 2021):

@jpmorrison

Thank You, I am now able to login with ssh arch@172.17.0.2, however I am not sure what to do from here.

I am still unable to boot macOS, docker still does not start because of the original error:

Disk is being copied between layers. Repeating until able to copy SSH key into OSX...
/usr/sbin/ssh-copy-id: INFO: Source of key(s) to be installed: "/home/arch/.ssh/id_docker_osx.pub"
ssh: connect to host 127.0.0.1 port 10022: Connection refused

Do you have any ideas?

@cyruscook commented on GitHub (Oct 8, 2021): @jpmorrison Thank You, I am now able to login with `ssh arch@172.17.0.2`, however I am not sure what to do from here. I am still unable to boot macOS, docker still does not start because of the original error: ``` Disk is being copied between layers. Repeating until able to copy SSH key into OSX... /usr/sbin/ssh-copy-id: INFO: Source of key(s) to be installed: "/home/arch/.ssh/id_docker_osx.pub" ssh: connect to host 127.0.0.1 port 10022: Connection refused ``` Do you have any ideas?

adam commented 2025-12-29 00:21:51 +01:00

Author

Owner

Copy Link

@MaxPowerReforged commented on GitHub (Oct 8, 2021):

@cyruscook what worked for me was to use sudo su before running the docker container, using the Monterey image and the Catalina one.

@MaxPowerReforged commented on GitHub (Oct 8, 2021): @cyruscook what worked for me was to use `sudo su` _before_ running the docker container, using the Monterey image and the Catalina one.

adam commented 2025-12-29 00:21:51 +01:00

Author

Owner

Copy Link

@cyruscook commented on GitHub (Oct 8, 2021):

@MaxPowerReforged sorry, could you clarify? Did you run sudo su in the host computer or the docker container? I am already running docker with sudo. I also have now attempted running docker within sudo su on host, but that did not change the result.

@cyruscook commented on GitHub (Oct 8, 2021): @MaxPowerReforged sorry, could you clarify? Did you run `sudo su` in the host computer or the docker container? I am already running docker with `sudo`. I also have now attempted running docker within `sudo su` on host, but that did not change the result.

adam commented 2025-12-29 00:21:52 +01:00

Author

Owner

Copy Link

@MaxPowerReforged commented on GitHub (Oct 8, 2021):

@cyruscook Yes, exactly. I run sudo su in the host computer. For some reason in my case it produced different results thant running the command with sudo. But you are using a different image than I am so there could be other problems sadly, I am sorry I cannot provide more clarification

@MaxPowerReforged commented on GitHub (Oct 8, 2021): @cyruscook Yes, exactly. I run `sudo su` in the host computer. For some reason in my case it produced different results thant running the command with sudo. But you are using a different image than I am so there could be other problems sadly, I am sorry I cannot provide more clarification

adam commented 2025-12-29 00:21:52 +01:00

Author

Owner

Copy Link

@cyruscook commented on GitHub (Oct 8, 2021):

Thank You for your help, that's fine!
I was trying to run catalina but I ran into problems with the install process freezing which is why I am trying to use the pre-installed image. Perhaps I should just try again with catalina.

@cyruscook commented on GitHub (Oct 8, 2021): Thank You for your help, that's fine! I was trying to run catalina but I ran into problems with the install process freezing which is why I am trying to use the pre-installed image. Perhaps I should just try again with catalina.

adam commented 2025-12-29 00:21:52 +01:00

Author

Owner

Copy Link

@jpmorrison commented on GitHub (Oct 8, 2021):

@jpmorrison

Thank You, I am now able to login with ssh arch@172.17.0.2, however I am not sure what to do from here.

I am still unable to boot macOS, docker still does not start because of the original error:

Disk is being copied between layers. Repeating until able to copy SSH key into OSX...
/usr/sbin/ssh-copy-id: INFO: Source of key(s) to be installed: "/home/arch/.ssh/id_docker_osx.pub"
ssh: connect to host 127.0.0.1 port 10022: Connection refused

Do you have any ideas?

If you can ssh or attach the container then it's running. ps aux should show qemu running.
I had issues with Catalina freezing, but I think it's a qemu bug using X displays. Could look at suggestions in https://github.com/sickcodes/Docker-OSX/issues/191 https://github.com/sickcodes/Docker-OSX/issues/218

Eventually I got Catalina installed with SSH/VNC enabled and I could confirm macOS was running. I gave up on X and used the spice config. Also virt-viewer/remote-viewer in Ubuntu is too old and doesn't work - mouse won't move. Installed version 10 for Windows and remote viewer works fine https://virt-manager.org/download/sources/virt-viewer/virt-viewer-10.0.tar.xz

@jpmorrison commented on GitHub (Oct 8, 2021): > @jpmorrison > > Thank You, I am now able to login with `ssh arch@172.17.0.2`, however I am not sure what to do from here. > > I am still unable to boot macOS, docker still does not start because of the original error: > > ``` > Disk is being copied between layers. Repeating until able to copy SSH key into OSX... > /usr/sbin/ssh-copy-id: INFO: Source of key(s) to be installed: "/home/arch/.ssh/id_docker_osx.pub" > ssh: connect to host 127.0.0.1 port 10022: Connection refused > ``` > > Do you have any ideas? If you can ssh or attach the container then it's running. `ps aux` should show qemu running. I had issues with Catalina freezing, but I think it's a qemu bug using X displays. Could look at suggestions in https://github.com/sickcodes/Docker-OSX/issues/191 https://github.com/sickcodes/Docker-OSX/issues/218 Eventually I got Catalina installed with SSH/VNC enabled and I could confirm macOS was running. I gave up on X and used the spice config. Also virt-viewer/remote-viewer in Ubuntu is too old and doesn't work - mouse won't move. Installed version 10 for Windows and remote viewer works fine https://virt-manager.org/download/sources/virt-viewer/virt-viewer-10.0.tar.xz

adam referenced this issue 2025-12-29 01:24:57 +01:00

[PR #253] [MERGED] Downgrade file to 5.39 due to libguestfs bug. All Dockerfiles though. #738

Sign in to join this conversation.

No Branch/Tag Specified

Branches Tags

master

tahoe

sequoia

runtime-download

mouse-fix

sonoma

ventura

naked-vnc-legacy-patch

persistent

rollback-naked

shrink-naked

mojave-high-sierra

libguestfs-linux-hold

netdev

stock-images-in-dockerfile

monterey

naked-auto

cpu-max-features

glibc-revert-wip

file-downgrade-all-images

osx-serial-update

custom-plist-always

custom-identity

No results found.

Labels

Clear labels

bug

documentation

enhancement

following upstream developments

good first issue

help wanted

invalid

pull-request

Mirrored from GitHub Pull Request

question

No Label

Milestone

No items

No Milestone

Projects

Clear projects

No project

Assignees

Clear assignees

adam

No Assignees

1 Participants

Notifications

Subscribe

Due Date

No due date set.

Dependencies

No dependencies set.

Reference: starred/Docker-OSX#253