[libvirt-users] issue with openssh-server running in a libvirt based centos virtual machine

Sat Jan 27 14:35:35 UTC 2018

On Sat, Jan 27, 2018 at 3:44 PM, Peter Crowther
<peter.crowther at melandra.com> wrote:
> You say you can ping but not ssh. If you install tcpdump on the VM, can you
> see the ping packets arriving and leaving? If not, I suspect an address
> collision - especially if ping continues to work with the VM shut down. If
> you can't ping, check the other end of your bridge. I'm more familiar with
> open vSwitch, but I'm somewhat concerned that your bridge definition doesn't
> include a physical NIC as one of its connections.
>

Peter, thanks for your reply. Yes, I see the icmp request coming into
the cnetos1 VM and the icmp reply going out. I am sure this is not an
ip address collision.

The bridge in the server1 libvirt environment is created like this:

# cat /etc/sysconfig/network-scripts/ifcfg-eno1
DEVICE=eno1
BOOTPROTO=none
BRIDGE=br0
ONBOOT=YES

# cat /etc/sysconfig/network-scripts/ifcfg-br0
DEVICE=br0
TYPE=Bridge
BOOTPROTO=static
IPADDR=x.x.219.54
NETMASK=255.255.255.0
GATEWAY=x.x.219.1
ONBOOT=YES

The result of the above is the following:
# brctl show
bridge name     bridge id               STP enabled     interfaces
br0             8000.fc15b4137688       no              eno1

Then I define the above br0 bridge in libvirt, like below:

# virsh net-dumpxml br0
<network>
  <name>br0</name>
  <uuid>5aaf72a5-023d-4b84-9d7c-d68b0918f620</uuid>
  <forward mode='bridge'/>
  <bridge name='br0'/>
</network>

# virsh net-list
 Name                 State      Autostart     Persistent
----------------------------------------------------------
 br0                  active     no            yes

As soon as I have the br0 bridge defined in libvirt, I start the
centos1 VM, that has eth0 interface connected to this br0 bridge:

# virsh dumpxml centos1
[...]
    <interface type='network'>
      <mac address='52:54:00:40:31:85'/>
      <source network='br0'/>
      <model type='e1000'/>
      <address type='pci' domain='0x0000' bus='0x00' slot='0x03'
function='0x0'/>
    </interface>
[...]

# brctl show
bridge name     bridge id               STP enabled     interfaces
br0             8000.fc15b4137688       no              eno1
                                                        vnet0

And that is all. With this setup I have the centos1 VM interface eth0
directly connected to the br0 bridge through the vnet0 tap interface.
The br0 bridge is also connected to the eno1 physical interface in
server1, so my centos1 VM should be accessible to the outside world.

However, I have the ssh issue described in my initial email, while
ping is working. In the openssh-server debug log, I see the ssh
connection established and later hanging with the last debug message
being "debug1: SSH2_MSG_KEXINIT sent [preauth]".

Am I doing something wrong with my libvirt setup above?