Solved Able to SSH to a VM on Windows, but not on Linux (Ubuntu)

[ozfbu]

Salutations,

I am attempting to SSH into a virtual machine. I can do so on a Windows host, but not on a Linux host. I am hoping that a group of Linux experts may be able to help
I am using VirtualBox 7.2.0 on both hosts

Pinging 192.168.99.2 works as expected with both hosts


Host machine: Windows 10
When I ssh [email protected], I am asked for root's password. Once entered, I can SSH in as expected

ip a

1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN qlen 1000
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
inet 127.0.0.1/8 scope host lo
valid_lft forever preferred_lft forever
inet6 ::1/128 scope host
valid_lft forever preferred_lft forever
2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc fq_codel master br-lan state UP qlen 1000
link/ether [removed] brd ff:ff:ff:ff:ff:ff
3: eth1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc fq_codel state UP qlen 1000
link/ether [removed] brd ff:ff:ff:ff:ff:ff
inet 10.0.3.15/24 brd 10.0.3.255 scope global eth1
valid_lft forever preferred_lft forever
inet6 [removed] scope link
valid_lft forever preferred_lft forever
4: eth2: <BROADCAST,MULTICAST> mtu 1500 qdisc noop state DOWN qlen 1000
link/ether [removed] brd ff:ff:ff:ff:ff:ff
5: br-lan: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP qlen 1000
link/ether [removed] brd ff:ff:ff:ff:ff:ff
inet 192.168.99.2/24 brd 192.168.99.255 scope global br-lan
valid_lft forever preferred_lft forever
inet6 [removed]/64 scope link
valid_lft forever preferred_lft forever

ifconfig

br-lan Link encap:Ethernet HWaddr [removed]
inet addr:192.168.99.2 Bcast:192.168.99.255 Mask:255.255.255.0
inet6 addr: [removed] Scope:Link
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:94 errors:0 dropped:0 overruns:0 frame:0
TX packets:44 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:1000
RX bytes:7635 (7.4 KiB) TX bytes:6402 (6.2 KiB)

eth0 Link encap:Ethernet HWaddr [removed]
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:94 errors:0 dropped:0 overruns:0 frame:0
TX packets:44 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:1000
RX bytes:8951 (8.7 KiB) TX bytes:6450 (6.2 KiB)

eth1 Link encap:Ethernet HWaddr [removed]
inet addr:10.0.3.15 Bcast:10.0.3.255 Mask:255.255.255.0
inet6 addr: [removed] Scope:Link
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:466 errors:0 dropped:0 overruns:0 frame:0
TX packets:584 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:1000
RX bytes:39668 (38.7 KiB) TX bytes:52128 (50.9 KiB)

lo Link encap:Local Loopback
inet addr:127.0.0.1 Mask:255.0.0.0
inet6 addr: ::1/128 Scope:Host
UP LOOPBACK RUNNING MTU:65536 Metric:1
RX packets:632 errors:0 dropped:0 overruns:0 frame:0
TX packets:632 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:1000
RX bytes:49296 (48.1 KiB) TX bytes:49296 (48.1 KiB)

Host machine: Ubuntu
EDIT: Ubuntu 24.04
When I ssh [email protected], I get "ssh: connect to host 192.168.99.2 port 22: Connection refused"
When I ssh [email protected], I am asked for root's password. I enter it correctly, but then I get "Permission denied, please try again"

ip a and ifconfig return identical results to the VM on the Windows host, except for the removed addresses

arping 192.168.99.1 returns "Interface "lo" is not ARPable"

arping 192.168.99.2 returns
"ARPING 192.168.992. from 192.168.99.1 vboxnet0
Unicast reply from 192.168.99.2 [a hardware address] [a very small amount of milliseconds]
Unicast reply from 192.168.99.2 [a hardware address] [a very small amount of milliseconds]"

arp-scan -l
gives one interface on the Linux host, then three IP addresses, all of which are distinct

Please Keep It Simple, as I am am new to Linux (and networks!)

 

[dos2unix]

Curious why are you trying two different IP addresses?

Most linux's won't let you ssh as root. You can try as another user, or...

Edit your /etc/ssh/sshd_config file.
Find the Line that starts with #PermitRootLogin
Uncomment it and change it to.
PermitRootLogin yes (delete the rest of the line)
Then you need to enable and start sshd

systemctl enable sshd
systemctl start sshd

 

[ozfbu]

Thank you for the swift response

Curious why are you trying two different IP addresses?

To see what would happen, and to see if either gives me any clues

Most linux's won't let you ssh as root. You can try as another user, or...

Edit your /etc/ssh/sshd_config file.
Find the Line that starts with #PermitRootLogin
Uncomment it and change it to.
PermitRootLogin yes (delete the rest of the line)
Then you need to enable and start sshd

systemctl enable sshd
systemctl start sshd

sshd_config now has
PermitRootLogin yes

sshd was running, so I ran
sudo systemctl stop sshd
sudo systemctl stop ssh.socket
sudo systemctl start ssh.socket
sudo systemctl start sshd.service
sudo systemctl status sshd.service
gave

● ssh.service - OpenBSD Secure Shell server
     Loaded: loaded (/usr/lib/systemd/system/ssh.service; enabled; preset: enab>
     Active: active (running) since Wed 2025-09-03 09:39:09 BST; 7s ago
...
Sep 03 09:39:09 user-MacBookPro systemd[1]: Starting ssh.service - OpenBSD Secu>
Sep 03 09:39:09 user-MacBookPro sshd[8263]: Server listening on 0.0.0.0 port 22.
Sep 03 09:39:09 user-MacBookPro sshd[8263]: Server listening on :: port 22.
Sep 03 09:39:09 user-MacBookPro systemd[1]: Started ssh.service - OpenBSD Secur>

I started my VM

ssh [email protected]
did not yield an initial result, so I stepped away for a few. On coming back
ssh: connect to host 192.168.99.2 port 22: Connection timed out
Similarly for ssh [email protected]


sudo systemctl status sshd.service
gave

● ssh.service - OpenBSD Secure Shell server
     Loaded: loaded (/usr/lib/systemd/system/ssh.service; enabled; preset: enabled)
     Active: active (running) since Wed 2025-09-03 09:39:09 BST; 7min ago
...
Sep 03 09:39:09 user-MacBookPro systemd[1]: Starting ssh.service - OpenBSD Secure Shell server...
Sep 03 09:39:09 user-MacBookPro sshd[8263]: Server listening on 0.0.0.0 port 22.
Sep 03 09:39:09 user-MacBookPro sshd[8263]: Server listening on :: port 22.
Sep 03 09:39:09 user-MacBookPro systemd[1]: Started ssh.service - OpenBSD Secure Shell server.

Which indicates that my ssh request is not hitting the sshd service?


Recalling something I read elsewhere, I tried
ssh [email protected] -v

OpenSSH_9.6p1 Ubuntu-3ubuntu13.13, OpenSSL 3.0.13 30 Jan 2024
debug1: Reading configuration data /etc/ssh/ssh_config
debug1: /etc/ssh/ssh_config line 19: include /etc/ssh/ssh_config.d/*.conf matched no files
debug1: /etc/ssh/ssh_config line 21: Applying options for *
debug1: Connecting to 192.168.99.1 [192.168.99.1] port 22.
debug1: connect to address 192.168.99.1 port 22: Connection timed out
ssh: connect to host 192.168.99.1 port 22: Connection timed out

Lines 19-22 of /etc/ssh/ssh_config are

Include /etc/ssh/ssh_config.d/*.conf

Host *
# ForwardAgent no

 

[f33dm3bits]

ssh: connect to host 192.168.99.1 port 22: Connection timed out

Did you check if port 22 is open on your local firewall?

 

[ozfbu]

Did you check if port 22 is open on your local firewall?

Hmm...I'm not sure

The instructions I have do not mention needing to open a port - and the fact that the same setup on a Windows host did not require me to do anything specific around ports would indicate that it's already open...but I'm no expert

uci show firewall

firewall.@defaults[0]=defaults
firewall.@defaults[0].syn_flood='1'
firewall.@defaults[0].input='REJECT'
firewall.@defaults[0].output='ACCEPT'
firewall.@defaults[0].forward='REJECT'
firewall.@zone[0]=zone
firewall.@zone[0].name='mng'
firewall.@zone[0].network='mng'
firewall.@zone[0].input='REJECT'
firewall.@zone[0].output='ACCEPT'
firewall.@zone[0].forward='REJECT'
firewall.@zone[1]=zone
firewall.@zone[1].name='wan'
firewall.@zone[1].network='wan' 'wan6'
firewall.@zone[1].input='REJECT'
firewall.@zone[1].output='ACCEPT'
firewall.@zone[1].forward='REJECT'
firewall.@zone[1].masq='1'
firewall.@zone[1].mtu_fix='1'
fireall.@forwarding[0]=forwarding
fireall.@forwarding[0].src='lan'
fireall.@forwarding[0].dest='wan
firewall.@rule[0]=rule
firewall.@rule[0].name='Allow-DHCP-Renew'
firewall.@rule[0].src='wan'
firewall.@rule[0].proto='udp'
firewall.@rule[0].dest_port='68'
firewall.@rule[0].target='ACCEPT'
firewall.@rule[0].family='ipv4'
firewall.@rule[1]=rule
firewall.@rule[1].name='Allow-Ping'
firewall.@rule[1].src='wan'
firewall.@rule[1].proto='icmp'
firewall.@rule[1].icmp_type='echo-request'
firewall.@rule[1].family='ipv4'
firewall.@rule[1].target='ACCEPT'
firewall.@rule[2]=rule
firewall.@rule[2].name='Allow-IGMP'
firewall.@rule[2].src='wan'
firewall.@rule[2].proto='igmp'
firewall.@rule[2].family='ipv4'
firewall.@rule[2].target='ACCEPT'
firewall.@rule[3]=rule
firewall.@rule[3].name='Allow-DHCPv6'
firewall.@rule[3].src='wan'
firewall.@rule[3].proto='udp'
firewall.@rule[3].dest_port='546'
firewall.@rule[3].family='ipv6'
firewall.@rule[3].target='ACCEPT'
firewall.@rule[4]=rule
firewall.@rule[4].name='Allow-MLD'
firewall.@rule[4].src='wan'
firewall.@rule[4].proto='icmp'
firewall.@rule[4].src_ip='fe80::/10'
firewall.@rule[4].icmp_type='130/0' '131/0' '132/0' '143/0'
firewall.@rule[4].family='ipv6'
firewall.@rule[4].target='ACCEPT'
firewall.@rule[5]=rule
firewall.@rule[5].name='Allow-ICMPv6-Input'
firewall.@rule[5].src='wan'
firewall.@rule[5].proto='icmp'
firewall.@rule[5].icmp_type='echo-request' 'echo-reply' 'destination-unreachable' 'packet-too-big' 'time-exceeded' 'bad-header' 'unknown-header-type' 'router-solicitation' 'neighbour-solicitation' 'router-advertisement' neighbour-advertisement'
firewall.@rule[5].limit='1000/sec'
firewall.@rule[5].family='ipv6'
firewall.@rule[5].target='ACCEPT'
firewall.@rule[6]=rule
firewall.@rule[6].name='Allow-ICMPv6-Forward'
firewall.@rule[6].src='wan'
firewall.@rule[6].dest='*'
firewall.@rule[6].proto='icmp'
firewall.@rule[6].icmp_type='echo-request' 'echo-reply' 'destination-unreachable' 'packet-too-big' 'time-exceeded' 'bad-header' 'unknown-header-type'
firewall.@rule[6].limit='1000/sec'
firewall.@rule[6].family='ipv6'
firewall.@rule[6].target='ACCEPT'
firewall.@rule[7]=rule
firewall.@rule[7].name='Allow-IPSec-ESP'
firewall.@rule[7].src='wan'
firewall.@rule[7].dest='lan'
firewall.@rule[7].proto='esp'
firewall.@rule[7].target='ACCEPT'
firewall.@rule[8]=rule
firewall.@rule[8].name='Allow-ISAKMP'
firewall.@rule[8].src='wan'
firewall.@rule[8].dest='lan'
firewall.@rule[8].dest_port='500'
firewall.@rule[8].proto='udp'
firewall.@rule[8].target='ACCEPT'

 

[CaffeineAddict]

firewall.@defaults[0].input='REJECT'

@f33dm3bits is right, you don't have port 22 open, and input it dropped.

the same setup on a Windows host did not require me to do anything specific around ports

Because Windows automatically creates rules as needed on behalf users without asking them (and it never reverses that), making their PC's insecure and users left clueless about safety.

 

[ozfbu]

@f33dm3bits is right, you don't have port 22 open, and input it dropped.


Because Windows automatically creates rules as needed on behalf users without asking them (and it never reverses that), making their PC's insecure and users left clueless about safety.

Thank you for the explanation. Add another reason I'm keen to get onto Linux/OSS in general...

Thank you for being patient with me so far
I have added

firewall.@rule[9].name='Allow-SSH'
firewall.@rule[9].src='wan'
firewall.@rule[9].dest='lan'
firewall.@rule[9].dest_port='22'
firewall.@rule[9].proto='tcp'
firewall.@rule[9].family='ipv4'
firewall.@rule[9].target='ACCEPT'

but I am still getting Connection refused. What do I need to correct please?

 

[CaffeineAddict]

I am attempting to SSH into a virtual machine.

firewall.@rule[9].src='wan'

This won't work as your rule applies to SSH over WAN, e.g. when you ssh from behind gateway.

If your host and guest are on same local subnet then src has to be same as dest which is lan

 

[ozfbu]

This won't work as your rule applies to SSH over WAN, e.g. when you ssh from behind gateway.

If your host and guest are on same local subnet then src has to be same as dest which is lan

Thank you
Host is the physical machine; guest is a virtual machine on the host machine

firewall.@rule[9].name='Allow-SSH'
firewall.@rule[9].src='lan'
firewall.@rule[9].dest='lan'
firewall.@rule[9].dest_port='22'
firewall.@rule[9].proto='tcp'
firewall.@rule[9].target='ACCEPT'

ssh: connect to host 192.168.99.2 port 22: Connection refused

Adapter 1: Host-only Adapter, vboxnet0
Adapter 2: NAT
Adapter 3: Bridged Adapter, wlp5s0

 

[CaffeineAddict]

It depends on what lan means in your firewall.

According to ip a output you posted:
inet 192.168.99.2/24 brd 192.168.99.255 is your VM network
and
inet 10.0.3.15/24 brd 10.0.3.255 is your host network

While the address space is LAN for both, they're not on same subnet and so meaning on lan for your firewall is needed to understand if rule will work.

You'll need watch firewall logs in real time to see if packets are dropped.
However I know nothing about how your firewall functions so can't give details about troubleshooting it.

You can run the following command on guest system to inspect SSH server logs in real time:

sudo journalctl -fu sshd

The command will print what's happening with ssh server, try reproduce your problem and see what it says.
If it says nothing while you try to connect from host then your firewall is certainly blocking.

 

[ozfbu]

However I know nothing about how your firewall functions so can't give details about troubleshooting it.

That makes two of us!

While the address space is LAN for both, they're not on same subnet and so meaning on lan for your firewall is needed to understand if rule will work.

Pardon?

sudo journalctl -fu sshd, then ssh [email protected] in a separate Terminal window resulted in no logs being output, so I infer that it's the firewall
All four combinations of src and dest being wan or lan result in the same outcome, with no records for journalctl -fu sshd
I have tried deleting both .src and .dest in my firewall rule (in an attempt to get the rule to ignore where they're coming from), but I still get Connection Refused and no data for journalctl

Where can I go from here please?

 

[CaffeineAddict]

Where can I go from here please?

The easiest would be to temporarily disable firewall and try again.

sudo journalctl -fu sshd, then ssh [email protected] in a separate Terminal window resulted in no logs being output, so I infer that it's the firewall

Note that sudo journalctl -fu sshd should be run in guest system not on host system.

Also you need to make sure that ssh daemon user is called sshd and not something else.
On guest system run lslogins and see if there is sshd user, if there isn't then the journalctl command will do nothing and always stay blank.
The user may actually be called ssh.

Please post output of lslogins in your guest system if you're unsure.

 

[ozfbu]

The easiest would be to temporarily disable firewall and try again.


Note that sudo journalctl -fu sshd should be run in guest system not on host system.

Also you need to make sure that ssh daemon user is called sshd and not something else.
On guest system run lslogins and see if there is sshd user, if there isn't then the journalctl command will do nothing and always stay blank.
The user may actually be called ssh.

Please post output of lslogins in your guest system if you're unsure.

The guest machine is running OpenWRT, and my searching has yet to uncover what (if any) are the equivalent commands (despite OpenWRT being Linux-based? )


Looking at something from the OpenWRT forum (and with the further understanding I have from this thread):

ssh -vvv [email protected]

OpenSSH_9.6p1 Ubuntu-3ubuntu13.13, OpenSSL 3.0.13 30 Jan 2024
debug1: Reading configuration data /etc/ssh/ssh_config
debug1: /etc/ssh/ssh_config line 19: include /etc/ssh/ssh_config.d/*.conf matched no files
debug1: /etc/ssh/ssh_config line 21: Applying options for *
debug2: resolve_canonicalize: hostname 192.168.99.1 is address
debug3: expanded UserKnownHostsFile '~/.ssh/known_hosts' -> '/home/user/.ssh/known_hosts'
debug3: expanded UserKnownHostsFile '~/.ssh/known_hosts2' -> '/home/user/.ssh/known_hosts2'
debug3: channel_clear_timeouts: clearing
debug3: ssh_connect_direct: entering
debug1: Connecting to 192.168.99.1 [192.168.99.1] port 22.
debug3: set_sock_tos: set socket 3 IP_TOS 0x10
debug1: Connection established.
debug1: identity file /home/user/.ssh/id_rsa type -1
debug1: identity file /home/user/.ssh/id_rsa-cert type -1
debug1: identity file /home/user/.ssh/id_ecdsa type -1
debug1: identity file /home/user/.ssh/id_ecdsa-cert type -1
debug1: identity file /home/user/.ssh/id_ecdsa_sk type -1
debug1: identity file /home/user/.ssh/id_ecdsa_sk-cert type -1
debug1: identity file /home/user/.ssh/id_ed25519 type -1
debug1: identity file /home/user/.ssh/id_ed25519-cert type -1
debug1: identity file /home/user/.ssh/id_ed25519_sk type -1
debug1: identity file /home/user/.ssh/id_ed25519_sk-cert type -1
debug1: identity file /home/user/.ssh/id_xmss type -1
debug1: identity file /home/user/.ssh/id_xmss-cert type -1
debug1: identity file /home/user/.ssh/id_dsa type -1
debug1: identity file /home/user/.ssh/id_dsa-cert type -1
debug1: Local version string SSH-2.0-OpenSSH_9.6p1 Ubuntu-3ubuntu13.13
debug1: Remote protocol version 2.0, remote software version OpenSSH_9.6p1 Ubuntu-3ubuntu13.13
debug1: compat_banner: match: OpenSSH_9.6p1 Ubuntu-3ubuntu13.13 pat OpenSSH* compat 0x04000000
debug2: fd 3 setting O_NONBLOCK
debug1: Authenticating to 192.168.99.1:22 as 'root'
debug3: record_hostkey: found key type ED25519 in file /home/user/.ssh/known_hosts:1
debug3: load_hostkeys_file: loaded 1 keys from 192.168.99.1
debug1: load_hostkeys: fopen /home/user/.ssh/known_hosts2: No such file or directory
debug1: load_hostkeys: fopen /etc/ssh/ssh_known_hosts: No such file or directory
debug1: load_hostkeys: fopen /etc/ssh/ssh_known_hosts2: No such file or directory
debug3: order_hostkeyalgs: have matching best-preference key type [email protected], using HostkeyAlgorithms verbatim
debug3: send packet: type 20
debug1: SSH2_MSG_KEXINIT sent
debug3: receive packet: type 20
debug1: SSH2_MSG_KEXINIT received
debug2: local client KEXINIT proposal
debug2: KEX algorithms: [email protected],curve25519-sha256,[email protected],ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,ext-info-c,[email protected]
debug2: host key algorithms: [email protected],[email protected],[email protected],[email protected],[email protected],[email protected],[email protected],[email protected],ssh-ed25519,ecdsa-sha2-nistp256,ecdsa-sha2-nistp384,ecdsa-sha2-nistp521,[email protected],[email protected],rsa-sha2-512,rsa-sha2-256
debug2: ciphers ctos: [email protected],aes128-ctr,aes192-ctr,aes256-ctr,[email protected],[email protected]
debug2: ciphers stoc: [email protected],aes128-ctr,aes192-ctr,aes256-ctr,[email protected],[email protected]
debug2: MACs ctos: [email protected],[email protected],[email protected],[email protected],[email protected],[email protected],[email protected],hmac-sha2-256,hmac-sha2-512,hmac-sha1
debug2: MACs stoc: [email protected],[email protected],[email protected],[email protected],[email protected],[email protected],[email protected],hmac-sha2-256,hmac-sha2-512,hmac-sha1
debug2: compression ctos: none,[email protected],zlib
debug2: compression stoc: none,[email protected],zlib
debug2: languages ctos: 
debug2: languages stoc: 
debug2: first_kex_follows 0 
debug2: reserved 0 
debug2: peer server KEXINIT proposal
debug2: KEX algorithms: [email protected],curve25519-sha256,[email protected],ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,ext-info-s,[email protected]
debug2: host key algorithms: rsa-sha2-512,rsa-sha2-256,ecdsa-sha2-nistp256,ssh-ed25519
debug2: ciphers ctos: [email protected],aes128-ctr,aes192-ctr,aes256-ctr,[email protected],[email protected]
debug2: ciphers stoc: [email protected],aes128-ctr,aes192-ctr,aes256-ctr,[email protected],[email protected]
debug2: MACs ctos: [email protected],[email protected],[email protected],[email protected],[email protected],[email protected],[email protected],hmac-sha2-256,hmac-sha2-512,hmac-sha1
debug2: MACs stoc: [email protected],[email protected],[email protected],[email protected],[email protected],[email protected],[email protected],hmac-sha2-256,hmac-sha2-512,hmac-sha1
debug2: compression ctos: none,[email protected]
debug2: compression stoc: none,[email protected]
debug2: languages ctos: 
debug2: languages stoc: 
debug2: first_kex_follows 0 
debug2: reserved 0 
debug3: kex_choose_conf: will use strict KEX ordering
debug1: kex: algorithm: [email protected]
debug1: kex: host key algorithm: ssh-ed25519
debug1: kex: server->client cipher: [email protected] MAC: <implicit> compression: none
debug1: kex: client->server cipher: [email protected] MAC: <implicit> compression: none
debug3: send packet: type 30
debug1: expecting SSH2_MSG_KEX_ECDH_REPLY
debug3: receive packet: type 31
debug1: SSH2_MSG_KEX_ECDH_REPLY received
debug1: Server host key: ssh-ed25519 SHA256:MZfBThAd0i8BxeLP8bD1Jnal66aZu/fLeOgVZuAhe/A
debug3: record_hostkey: found key type ED25519 in file /home/user/.ssh/known_hosts:1
debug3: load_hostkeys_file: loaded 1 keys from 192.168.99.1
debug1: load_hostkeys: fopen /home/user/.ssh/known_hosts2: No such file or directory
debug1: load_hostkeys: fopen /etc/ssh/ssh_known_hosts: No such file or directory
debug1: load_hostkeys: fopen /etc/ssh/ssh_known_hosts2: No such file or directory
debug1: Host '192.168.99.1' is known and matches the ED25519 host key.
debug1: Found key in /home/user/.ssh/known_hosts:1
debug3: send packet: type 21
debug1: ssh_packet_send2_wrapped: resetting send seqnr 3
debug2: ssh_set_newkeys: mode 1
debug1: rekey out after 134217728 blocks
debug1: SSH2_MSG_NEWKEYS sent
debug1: Sending SSH2_MSG_EXT_INFO
debug3: send packet: type 7
debug1: expecting SSH2_MSG_NEWKEYS
debug3: receive packet: type 21
debug1: ssh_packet_read_poll2: resetting read seqnr 3
debug1: SSH2_MSG_NEWKEYS received
debug2: ssh_set_newkeys: mode 0
debug1: rekey in after 134217728 blocks
debug3: send packet: type 5
debug3: receive packet: type 7
debug1: SSH2_MSG_EXT_INFO received
debug3: kex_input_ext_info: extension server-sig-algs
debug1: kex_ext_info_client_parse: server-sig-algs=<ssh-ed25519,ecdsa-sha2-nistp256,ecdsa-sha2-nistp384,ecdsa-sha2-nistp521,[email protected],[email protected],rsa-sha2-512,rsa-sha2-256>
debug3: kex_input_ext_info: extension [email protected]
debug1: kex_ext_info_check_ver: [email protected]=<0>
debug3: kex_input_ext_info: extension [email protected]
debug1: kex_ext_info_check_ver: [email protected]=<0>
debug3: receive packet: type 6
debug2: service_accept: ssh-userauth
debug1: SSH2_MSG_SERVICE_ACCEPT received
debug3: send packet: type 50
debug3: receive packet: type 7
debug1: SSH2_MSG_EXT_INFO received
debug3: kex_input_ext_info: extension server-sig-algs
debug1: kex_ext_info_client_parse: server-sig-algs=<ssh-ed25519,ecdsa-sha2-nistp256,ecdsa-sha2-nistp384,ecdsa-sha2-nistp521,[email protected],[email protected],rsa-sha2-512,rsa-sha2-256>
debug3: receive packet: type 51
debug1: Authentications that can continue: publickey,password
debug3: start over, passed a different list publickey,password
debug3: preferred gssapi-with-mic,publickey,keyboard-interactive,password
debug3: authmethod_lookup publickey
debug3: remaining preferred: keyboard-interactive,password
debug3: authmethod_is_enabled publickey
debug1: Next authentication method: publickey
debug3: ssh_get_authentication_socket_path: path '/run/user/1000/keyring/ssh'
debug1: get_agent_identities: bound agent to hostkey
debug1: get_agent_identities: ssh_fetch_identitylist: agent contains no identities
debug1: Will attempt key: /home/user/.ssh/id_rsa 
debug1: Will attempt key: /home/user/.ssh/id_ecdsa 
debug1: Will attempt key: /home/user/.ssh/id_ecdsa_sk 
debug1: Will attempt key: /home/user/.ssh/id_ed25519 
debug1: Will attempt key: /home/user/.ssh/id_ed25519_sk 
debug1: Will attempt key: /home/user/.ssh/id_xmss 
debug1: Will attempt key: /home/user/.ssh/id_dsa 
debug2: pubkey_prepare: done
debug1: Trying private key: /home/user/.ssh/id_rsa
debug3: no such identity: /home/user/.ssh/id_rsa: No such file or directory
debug1: Trying private key: /home/user/.ssh/id_ecdsa
debug3: no such identity: /home/user/.ssh/id_ecdsa: No such file or directory
debug1: Trying private key: /home/user/.ssh/id_ecdsa_sk
debug3: no such identity: /home/user/.ssh/id_ecdsa_sk: No such file or directory
debug1: Trying private key: /home/user/.ssh/id_ed25519
debug3: no such identity: /home/user/.ssh/id_ed25519: No such file or directory
debug1: Trying private key: /home/user/.ssh/id_ed25519_sk
debug3: no such identity: /home/user/.ssh/id_ed25519_sk: No such file or directory
debug1: Trying private key: /home/user/.ssh/id_xmss
debug3: no such identity: /home/user/.ssh/id_xmss: No such file or directory
debug1: Trying private key: /home/user/.ssh/id_dsa
debug3: no such identity: /home/user/.ssh/id_dsa: No such file or directory
debug2: we did not send a packet, disable method
debug3: authmethod_lookup password
debug3: remaining preferred: ,password
debug3: authmethod_is_enabled password
debug1: Next authentication method: password

"debug1: Remote protocol version 2.0, remote software version OpenSSH_9.6p1 Ubuntu-3ubuntu13.13"

VirtualBox's Network page is set up so that 192.168.99.1 should be the address of the VM. Why is SSH treating this IP address as if it is using the host machine's OS?
(if it's a misconfiguration on my part, I don't mind being told this!)

 

[ozfbu]

(hopeful) Any Friday Linux help please?

 

[f33dm3bits]

(hopeful) Any Friday Linux help please?

Host machine: Windows 10
When I ssh [email protected], I am asked for root's password. Once entered, I can SSH in as expected

Host machine: Ubuntu
EDIT: Ubuntu 24.04
When I ssh [email protected], I get "ssh: connect to host 192.168.99.2 port 22: Connection refused"

You're setup isn't clear. Are you dual-booting Windows with Ubuntu on the same host? And what's the ip address of your OpenWRT guest? Do you have the same virtual network defined in virtualbox on both Ubuntu and Windows?

When I ssh [email protected], I am asked for root's password. I enter it correctly, but then I get "Permission denied, please try again"

.1 is usually the gateway, if that it a network only on your host than that would connect to your host and not to your vm.

VirtualBox's Network page is set up so that 192.168.99.1 should be the address of the VM. Why is SSH treating this IP address as if it is using the host machine's OS?
(if it's a misconfiguration on my part, I don't mind being told this!)

Your network setup is confusing because there you showed what the local virtual networks are within virtual box. Showing the network information of your host could be useful as well, so things like this.

ip a
ip route

It could be also useful to know the same information from you OpenWRT guest.

Lastly, how did you install OpenWRT in a vm from what I can remember they most support ARM. What's the point running OpenWRT in a vm it's usually run on physical consume routers as alternative router software?

 

[ozfbu]

You're setup isn't clear. Are you dual-booting Windows with Ubuntu on the same host?

These are two distinct VMs, on two different machines

And what's the ip address of your OpenWRT guest? Do you have the same virtual network defined in virtualbox on both Ubuntu and Windows?

192.168.99.1, in both Windows and Linux

.1 is usually the gateway, if that it a network only on your host than that would connect to your host and not to your vm.

Ruefully: That would explain the working ping...thanks

Your network setup is confusing because there you showed what the local virtual networks are within virtual box. Showing the network information of your host could be useful as well, so things like this.

ip a
ip route

It could be also useful to know the same information from you OpenWRT guest.

Lastly, how did you install OpenWRT in a vm from what I can remember they most support ARM. What's the point running OpenWRT in a vm it's usually run on physical consume routers as alternative router software?

Host:
ip a

1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000
    link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
    inet 127.0.0.1/8 scope host lo
       valid_lft forever preferred_lft forever
    inet6 ::1/128 scope host noprefixroute 
       valid_lft forever preferred_lft forever
2: enxb0227a680346: <NO-CARRIER,BROADCAST,MULTICAST,UP> mtu 1500 qdisc fq_codel state DOWN group default qlen 1000
    link/ether [probably a hardware address; removed] brd ff:ff:ff:ff:ff:ff
3: wlp5s0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc fq_codel state UP group default qlen 1000
    link/ether [probably a hardware address; removed] brd ff:ff:ff:ff:ff:ff
    inet 192.168.1.170/24 brd 192.168.1.255 scope global dynamic noprefixroute wlp5s0
       valid_lft 79722sec preferred_lft 79722sec
    inet6 [probably a hardware address; removed]/64 scope link noprefixroute 
       valid_lft forever preferred_lft forever
4: [VPN's connection]: <POINTOPOINT,MULTICAST,NOARP,UP,LOWER_UP> mtu 1380 qdisc fq_codel state UNKNOWN group default qlen 500
    link/none 
    inet [removed] scope global wg0-mullvad
       valid_lft forever preferred_lft forever
    inet6 [probably a hardware address; removed]/128 scope global 
       valid_lft forever preferred_lft forever
    inet6 [probably a hardware address; removed]/64 scope link stable-privacy 
       valid_lft forever preferred_lft forever
6: vboxnet0: <BROADCAST,MULTICAST> mtu 1500 qdisc noop state DOWN group default qlen 1000
    link/ether [probably a hardware address; removed] brd ff:ff:ff:ff:ff:ff

ip route

default via 192.168.1.1 dev wlp5s0 proto dhcp src 192.168.1.170 metric 600 
10.64.0.1 dev wg0-[VPN] proto static 
185.195.232.66 dev wg0-[VPN] proto static 
192.168.1.0/24 dev wlp5s0 proto kernel scope link src 192.168.1.170 metric 600

Guest:
ip a

1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000
    link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
    inet 127.0.0.1/8 scope host lo
       valid_lft forever preferred_lft forever
    inet6 ::1/128 scope host 
       valid_lft forever preferred_lft forever
2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc fq_codel master br-lan state UP qlen 1000
    link/ether [probably a hardware address; removed] brd ff:ff:ff:ff:ff:ff
3: eth1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc fq_codel state UP qlen 1000
    link/ether [probably a hardware address; removed] brd ff:ff:ff:ff:ff:ff
    inet 10.0.3.15/24 br 10.0.3.255 scope global eth1
       valid_lft forever preferred_lft forever
    inet6 [probably a hardware address; removed]/64 scope link 
       valid_lft forever preferred_lft forever
4: eth2: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc fq_codel state UP qlen 1000
    link/ether [probably a hardware address; removed] brd ff:ff:ff:ff:ff:ff
    inet 192.168.1.179/24 br 192.168.1.255 scope global eth2
       valid_lft forever preferred_lft forever
    inet6 [probably a hardware address; removed]/64 scope link 
       valid_lft forever preferred_lft forever
5: br-lan: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc fq_codel state UP qlen 1000
    link/ether [probably a hardware address; removed] brd ff:ff:ff:ff:ff:ff
    inet 192.168.99.2/24 br 192.168.99.255 scope global br-lan
       valid_lft forever preferred_lft forever
    inet6 [probably a hardware address; removed]/64 scope link 
       valid_lft forever preferred_lft forever

ip route (not sure if it's significant, but those are double spaces before "src")

default via 192.168.1.1 dev eth2  src 192.168.1.179 
10.0.3.1/24 dev eth1 scope link  src 10.0.3.15 
192.168.1.0/24 dev eth2 scope link  src 192.168.1.179 
192.168.99.0/24 dev br-lan scope link  src 192.168.99.2

 

[f33dm3bits]

192.168.99.1, in both Windows and Linux

That looks like the range for your virtual box local network is 192.168.99.0/24. That would mean the ip of your guest would need to be in that range.

default via 192.168.1.1 dev wlp5s0 proto dhcp src 192.168.1.170 metric 600

That means your host is in 192.168.1.0/24 and that your host should have an ip in that range. Which it does.

2: enxb0227a680346: <NO-CARRIER,BROADCAST,MULTICAST,UP> mtu 1500 qdisc fq_codel state DOWN group default qlen 1000 link/ether [probably a hardware address; removed] brd ff:ff:ff:ff:ff:ff 3: wlp5s0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc fq_codel state UP group default qlen 1000 link/ether [probably a hardware address; removed] brd ff:ff:ff:ff:ff:ff inet 192.168.1.170/24 brd 192.168.1.255 scope global dynamic noprefixroute wlp5s0

Your guest has several ip's.
eth1: 10.0.3.15/24
eth2: 192.168.1.179/24
br-lan: 192.168.99.2

The default gateway is this on your guest.

default via 192.168.1.1 dev eth2 src 192.168.1.179

Together with eth2(192.168.1.179/24) which makes it seem as if that network interface is a bridge interface because is has an ip in the same network range as your host.

It might be useful to see how the network adapters for those three virtual network interfaces are configured on your virtualbox vm.

Just to try something, are you able to connect like this?

ssh [email protected]
ssh [email protected]

With "[email protected]" you get a connection refused right? How did you configure br-lan in your vm, did you manually configure that or was that automatically setup

Your guest is OpenWRT right?

Also something to consider how Windows does netowrking will not necesarrily be the exact the same Linux does it.

 

[ozfbu]

It might be useful to see how the network adapters for those three virtual network interfaces are configured on your virtualbox vm.

Just to try something, are you able to connect like this?

ssh [email protected]
ssh [email protected]

Pinging 10.0.3.15 gets 100% package loss, but no Connection Refused error
SSH'ing 10.0.3.15 times out

Pinging 192.168.1.179 gets Destination Port Unreachable/ping: sendmsg: Operation not permitted
SSH'ing 192.168.1.179 gets Connection Refused

With "[email protected]" you get a connection refused right? How did you configure br-lan in your vm, did you manually configure that or was that automatically setup

Correct
br-lan configured according to https://openwrt.org/docs/guide-user/virtualization/virtualbox-vm

Your guest is OpenWRT right?

Correct

Also something to consider how Windows does netowrking will not necesarrily be the exact the same Linux does it.

Do all Linux distributions do networking the same, or can different distributions network differently?

 

[f33dm3bits]

Do all Linux distributions do networking the same, or can different distributions network differently?

Mostly the same, can differ here and there, as most distributions use NetworkManager.

Pinging 10.0.3.15 gets 100% package loss, but no Connection Refused error
SSH'ing 10.0.3.15 times out

Pinging 192.168.1.179 gets Destination Port Unreachable/ping: sendmsg: Operation not permitted
SSH'ing 192.168.1.179 gets Connection Refused

Try disabling your vpn connection and then try again, to rule that out.

ssh [email protected]
ssh [email protected]
ssh root@ 192.168.99.2

Looking at those screenshots it seems like this.
Adapter1: Is an adapter for a network only for that host, thinking isolated.
Adapter2: Is an adapter using NAT through the adapter of the host
Adapter3: is an adapter bridged with the host.

That explains why with 10.0.3.15 your probably aren't able to access it, for the ip on adapter2 on the guest thinking it could maybe have to do with your vpn on te host.

Btw I'm not here to give you an answer, I'm just here to give you new ideas so that you will figure out the rest yourself and learn something from it. Also because don't quite get your setup still.

 

[ozfbu]

VPN disabled
I can now SSH into the OpenWRT machine and access its UI from the expected IP address

VPN re-enabled
No SSH, no UI

(confused)

On the one hand, thank you so much for suggesting this! <3
On the other hand...wut?