virtualbox.org

Host : Windows 10
VM : Red Hat
Network : Nat Network
192.168.100.0

File > Preferences > Network > Port Forwarding

I've opened port 2222 on my Windows Firewall. Red Hat doesn't have any firewall enabled.

ssh -p 2222 root@127.0.0.1
ssh_exchange_identification: read: Connection reset

See Virtualbox Networks: In Pictures: NAT network. 'NAT network' port forwarding requires the port number you plan to use from the host, the IP address that the guest uses inside its OS, and the port number the guest service is listening on. Then you'd usually access the service from the host at 127.0.0.1:portnumber.

I am not certain how SSH sets up the connection, so this example is for Microsoft RDP:

The guest is set to use port 3389, the guest reports its IP address as 10.0.15.4, and you want to use port 3394 on the host.

In the Port Forwarding for the "NAT network" the guest is attached to, Host port = 3394, Guest IP = 10.0.15.4, and Guest Port = 3389.

In the Microsoft RDP client, use 127.0.0.1:3394.

Your update is completely missing the point.

Im sure that i have set port forwarding correctly, but i dont understand why it refuses to work. and there arnt any logs to check or at least i am unaware.

And i know it works as a co-worker of mine has it set up but i just cant catch him online, to get a response how.

Igris wrote:Your update is completely missing the point.

And your response completely misses the point that I don't know you did those things correctly, there are nuances to using Virtualbox correctly, and you came here asking for help, not us coming to you. So I don't understand your snarky attitude.

Assuming you actually did set up port forwarding in your NAT network correctly, an assertion for which you provide absolutely no evidence, your problem could also be how you're configuring the SSH command line, which is beyond my ability to diagnose and beyond the scope of this forum.

So if you care to dial the 'tude back and provide some diagnostic information, we could check your assertion that you set up the port forwarding correctly. Provide these things:

1. Run these commands in the Windows command prompt and provide the text outputs:

cd "C:\Program Files\Oracle\Virtualbox"
vboxmanage list natnets
ipconfig /all

2. Run 'ifconfig' or 'ip address' from within the guest OS and provide the command output.

3. Right-click the guest in the main Virtualbox window's guest list, choose "Show in Explorer/Finder/File Manager". In the window that opens, zip the guest's .vbox file, and post the zip file, using the forum's Upload Attachment tab.

Regarding SSH: Did you explicitly allow root to ssh into the guest OS?

Also, you can use ssh -vvv[...] to get more detailed information.

I dont see how this helps but anyway :

NetworkName: rhcsa8
IP: 192.168.100.1
Network: 192.168.100.0/24
IPv6 Enabled: No
IPv6 Prefix: fd17:625c:f037:2::/64
DHCP Enabled: No
Enabled: Yes
Port-forwarding (ipv4)
SSH:tcp:[127.0.0.1][192.168.100.2]:22
loopback mappings (ipv4)
127.0.0.1=2

Wireless LAN adapter Wi-Fi:

Connection-specific DNS Suffix . :
Link-local IPv6 Address . . . . . : fe80::f11f:f3ff:9d9c:95ff%20
IPv4 Address. . . . . . . . . . . : 192.168.1.5
Subnet Mask . . . . . . . . . . . : 255.255.255.0
Default Gateway . . . . . . . . . : 192.168.1.1

Vbox file : https://gofile.io/d/1RzHB0

@fth0

already done, the -vvv is useless as well.

Im getting denied and the only possible root cause can be the buggy software.

ssh_exchange_identification: read: Connection reset

Igris wrote:already done, the -vvv is useless as well.

Im getting denied and the only possible root cause can be the buggy software.

The SSH client's debug output is rarely useless, because most of the time it shows that your "buggy software" is the setup of the guest OS you're responsible for ...

fth0 wrote:

Igris wrote:already done, the -vvv is useless as well.

Im getting denied and the only possible root cause can be the buggy software.

The SSH client's debug output is rarely useless, because most of the time it shows that your "buggy software" is the setup of the guest OS you're responsible for ...

Sure let's see how can you solve the problem with the debug.

C:\Users\Admin>ssh -p 2222 root@127.0.0.1 -vvv
OpenSSH_for_Windows_7.7p1, LibreSSL 2.6.5
debug3: Failed to open file:C:/Users/Admin/.ssh/config error:2
debug3: Failed to open file:C:/ProgramData/ssh/ssh_config error:2
debug2: resolve_canonicalize: hostname 127.0.0.1 is address
debug2: ssh_connect_direct: needpriv 0
debug1: Connecting to 127.0.0.1 [127.0.0.1] port 2222.
debug1: Connection established.
debug3: Failed to open file:C:/Users/Admin/.ssh/id_rsa error:2
debug3: Failed to open file:C:/Users/Admin/.ssh/id_rsa.pub error:2
debug1: key_load_public: No such file or directory
debug1: identity file C:\\Users\\Admin/.ssh/id_rsa type -1
debug3: Failed to open file:C:/Users/Admin/.ssh/id_rsa-cert error:2
debug3: Failed to open file:C:/Users/Admin/.ssh/id_rsa-cert.pub error:2
debug1: key_load_public: No such file or directory
debug1: identity file C:\\Users\\Admin/.ssh/id_rsa-cert type -1
debug3: Failed to open file:C:/Users/Admin/.ssh/id_dsa error:2
debug3: Failed to open file:C:/Users/Admin/.ssh/id_dsa.pub error:2
debug1: key_load_public: No such file or directory
debug1: identity file C:\\Users\\Admin/.ssh/id_dsa type -1
debug3: Failed to open file:C:/Users/Admin/.ssh/id_dsa-cert error:2
debug3: Failed to open file:C:/Users/Admin/.ssh/id_dsa-cert.pub error:2
debug1: key_load_public: No such file or directory
debug1: identity file C:\\Users\\Admin/.ssh/id_dsa-cert type -1
debug3: Failed to open file:C:/Users/Admin/.ssh/id_ecdsa error:2
debug3: Failed to open file:C:/Users/Admin/.ssh/id_ecdsa.pub error:2
debug1: key_load_public: No such file or directory
debug1: identity file C:\\Users\\Admin/.ssh/id_ecdsa type -1
debug3: Failed to open file:C:/Users/Admin/.ssh/id_ecdsa-cert error:2
debug3: Failed to open file:C:/Users/Admin/.ssh/id_ecdsa-cert.pub error:2
debug1: key_load_public: No such file or directory
debug1: identity file C:\\Users\\Admin/.ssh/id_ecdsa-cert type -1
debug3: Failed to open file:C:/Users/Admin/.ssh/id_ed25519 error:2
debug3: Failed to open file:C:/Users/Admin/.ssh/id_ed25519.pub error:2
debug1: key_load_public: No such file or directory
debug1: identity file C:\\Users\\Admin/.ssh/id_dsa type -1
debug3: Failed to open file:C:/Users/Admin/.ssh/id_dsa-cert error:2
debug3: Failed to open file:C:/Users/Admin/.ssh/id_dsa-cert.pub error:2
debug1: key_load_public: No such file or directory
debug1: identity file C:\\Users\\Admin/.ssh/id_dsa-cert type -1
debug3: Failed to open file:C:/Users/Admin/.ssh/id_ecdsa error:2
debug3: Failed to open file:C:/Users/Admin/.ssh/id_ecdsa.pub error:2
debug1: key_load_public: No such file or directory
debug1: identity file C:\\Users\\Admin/.ssh/id_ecdsa type -1
debug3: Failed to open file:C:/Users/Admin/.ssh/id_ecdsa-cert error:2
debug3: Failed to open file:C:/Users/Admin/.ssh/id_ecdsa-cert.pub error:2
debug1: key_load_public: No such file or directory
debug1: identity file C:\\Users\\Admin/.ssh/id_ecdsa-cert type -1
debug3: Failed to open file:C:/Users/Admin/.ssh/id_ed25519 error:2
debug3: Failed to open file:C:/Users/Admin/.ssh/id_ed25519.pub error:2
debug1: key_load_public: No such file or directory
debug1: identity file C:\\Users\\Admin/.ssh/id_ed25519 type -1
debug3: Failed to open file:C:/Users/Admin/.ssh/id_ed25519-cert error:2
debug3: Failed to open file:C:/Users/Admin/.ssh/id_ed25519-cert.pub error:2
debug1: key_load_public: No such file or directory
debug1: identity file C:\\Users\\Admin/.ssh/id_ed25519-cert type -1
debug3: Failed to open file:C:/Users/Admin/.ssh/id_xmss error:2
debug3: Failed to open file:C:/Users/Admin/.ssh/id_xmss.pub error:2
debug1: key_load_public: No such file or directory
debug1: identity file C:\\Users\\Admin/.ssh/id_xmss type -1
debug3: Failed to open file:C:/Users/Admin/.ssh/id_xmss-cert error:2
debug3: Failed to open file:C:/Users/Admin/.ssh/id_xmss-cert.pub error:2
debug1: key_load_public: No such file or directory
debug1: identity file C:\\Users\\Admin/.ssh/id_xmss-cert type -1
debug1: Local version string SSH-2.0-OpenSSH_for_Windows_7.7
debug3: recv - from CB(2) ERROR:108, io:0000018CABEBE6C0
ssh_exchange_identification: read: Connection reset

Thanks for the diagnostic info, Igris.

Igris wrote:I dont see how this helps

Let me show you how it helps so you can see better.

You didn't follow directions, but there might be enough to get along with.

Igris wrote:Wireless LAN adapter Wi-Fi:
Connection-specific DNS Suffix . :
Link-local IPv6 Address . . . . . : fe80::f11f:f3ff:9d9c:95ff%20
IPv4 Address. . . . . . . . . . . : 192.168.1.5
Subnet Mask . . . . . . . . . . . : 255.255.255.0
Default Gateway . . . . . . . . . : 192.168.1.1

'ipconfig /all' produces far more data than what you filtered out. Failure to allow all data to be seen by the persons you ask for help may caused missed problems, such as if you have set other networks in your PC to the same IP range as your NAT network. There is no way for us to determine this from the data you chose to post.

scottgus1 wrote:Run 'ifconfig' or 'ip address' from within the guest OS

There is no 'ifconfig' or 'ip address' from the RedHat guest. Knowing the guest IP address is necessary in case you have your guest set to static IP address, which you apparently do, since your NAT network has DHCP disabled. Without the guest IP address confirmed through the requested command we cannot tell if your post forward rule is accurate.

scottgus1 wrote:zip the guest's .vbox file, and post the zip file, using the forum's Upload Attachment tab.

Igris wrote:Vbox file : https://gofile.io/d/1RzHB0

You actually uploaded the .vbox-prev file, which might be old data, unzipped, and that shady 'gofile.io' is not the forum's Upload Attachment tab. Nonetheless, your guest is connected to the NAT network 'rhcsa8', whose ip address range of 192.168.100.0/24 is different from the physical PC's LAN IP range 192.168.1.0/24, from your 'ipconfig /all'. NAT only works reliably when the private and public sides are different IP ranges. No idea if other networks on the host PC are conflicting.

Your port forward:

Igris wrote:SSH:tcp:[127.0.0.1][192.168.100.2]:22

A port forward that contains the minimum necessary info of host port, guest IP address, and guest port.

Rule 1:tcp:[][172.16.8.6]:3389

Note the empty [] in the minimum required rule, vs your [127.0.0.1]. Your rule has extra information, which was counseled against above:

scottgus1 wrote:'NAT network' port forwarding requires the port number you plan to use from the host, the IP address that the guest uses inside its OS, and the port number the guest service is listening on.

While this data may not be interfering, the watchphrase with computers is "Least said soonest mended."

It is wise that the person requesting help follow the directions given by the helper.

Now, re the 'ssh -vvv' output, I am no SSH guru, but the lines you didn't display in your first quote seem to indicate a different issue than the one you believe.

fth0, please educate me: does this quoted part:

Igris wrote:debug2: resolve_canonicalize: hostname 127.0.0.1 is address
debug2: ssh_connect_direct: needpriv 0
debug1: Connecting to 127.0.0.1 [127.0.0.1] port 2222.
debug1: Connection established.

mean that SSH was able to connect to the guest OS?

And does this part:

Igris wrote:debug3: Failed to open file:C:/Users/Admin/.ssh/id_rsa error:2
debug3: Failed to open file:C:/Users/Admin/.ssh/id_rsa.pub error:2
debug1: key_load_public: No such file or directory
debug1: identity file C:\\Users\\Admin/.ssh/id_rsa type -1
...etc.

mean that some form of authentication certificate or password that RedHat or SSH needs has not been set up?

scottgus1 wrote:fth0, please educate me

At your service. Please see the explanations below.

Igris wrote:debug1: Connecting to 127.0.0.1 [127.0.0.1] port 2222.
debug1: Connection established.
[...]
debug1: identity file C:\\Users\\Admin/.ssh/id_xmss-cert type -1
debug1: Local version string SSH-2.0-OpenSSH_for_Windows_7.7
[...]
debug3: recv - from CB(2) ERROR:108, io:0000018CABEBE6C0
ssh_exchange_identification: read: Connection reset

The first pair of messages indicate that the TCP connection between the SSH client and the guest OS has been successfully established, which shows that the port forwarding of VirtualBox is generally working.

The second pair of messages indicate that the SSH client has found an identity file (after searching for several possible identity files) to authenticate the local user to the SSH server later on, has sent the initial SSH Client Hello message, and is therefore waiting for the SSH Server Hello message.

The first message of the third pair of messages is new to me, since I rarely use SSH on a Windows OS. But it more or less means the same as the last message of the third pair of messages: The underlying TCP session has been reset.

The next analysis steps would be (1) Wireshark traces on the host and the guest, to see the full communication details, and (2) further investigation about the SSH configuration on both sides (or at least on the side that resets the connection). Up to now, it doesn't look like VirtualBox is part of the problem, but who knows ...

Thanks for the school, ftho! Makes perfect sense.

Igris, it appears that your host SSH client is getting into the guest OS through a working port forward. However there is more to be done to make the connection stay on.

FWIW while there is always a remote possibility that Virtualbox has a bug, the possibility is very remote, as there have been lots of mentions of people successfully SSHing into a guest through a Virtualbox network. This type of error would have been mentioned more often in the past if there was a bug in Virtualbox.

Time to look deeper into the SSH client and server setup in the host and guest OS, rather than Virtualbox itself, and the Wireshark traces will help. At this point I'll have to back out and let fth0 take over, since I definitely don't grok Wireshark.

The reason I wasted time to create an account here hoping to get something along the lines, do this and make and it will work

Im not interested in troubleshooting virtual box I already have a workaround in place using a second interface.

If you
1. Dont know the solution
2. Dont have the proper knowledge to assist

There is no point going forward.

Very good! As you wish.

Reminds me of a lyric in a Rolling Stones song: https://www.youtube.com/watch?v=jv9sDn_2XkI

Yeah i think when i have time i will move to vmware workstation, seems like a better product and hopefully they will have better support, and knowledge.