Some special tricks
Reverse ssh and sftp from host to guest
ssh and sftp from host to guest are not possible with the default Boxes setup.
Boxes does not by default make a bridge device for the guest VM, so the host
can not see it or get its IP number.
However it is possible to use a technique called reverse tunnelling
From inside my Antix23 Boxes guest run
ssh -NT -R 2222:localhost:22 nevj@_gateway
ignoring bad CNAME "_gateway" for host "_gateway": domain name "_gateway" starts with invalid character
The authenticity of host '_gateway (10.0.2.2)' can't be established.
ED25519 key fingerprint is SHA256:VPekPjtGyeXGQx+l2qWq8Nn8OKpSb/6OZ4elzZ0wWG4.
This host key is known by the following other names/addresses:
~/.ssh/known_hosts:1: [hashed name]
~/.ssh/known_hosts:4: [hashed name]
Are you sure you want to continue connecting (yes/no/[fingerprint])? yes
Warning: Permanently added '_gateway' (ED25519) to the list of known hosts.
nevj@_gateway's password:
The terminal will hang
Then form my Peppermint host do
nevj@trinity:~$ ssh -p 2222 nevj@localhost
The authenticity of host '[localhost]:2222 ([::1]:2222)' can't be established.
ED25519 key fingerprint is SHA256:GdFiD+LFuxBfvpAZFil72zJGUgoZTASUfunpVGVPd88.
This key is not known by any other names.
Are you sure you want to continue connecting (yes/no/[fingerprint])? yes
Warning: Permanently added '[localhost]:2222' (ED25519) to the list of known hosts.
nevj@localhost's password:
Linux antix23 6.1.42-antix.1-amd64-smp #1 SMP PREEMPT_DYNAMIC Mon Jul 31 18:30:05 EEST 2023 x86_64
The programs included with the Debian GNU/Linux system are free software;
the exact distribution terms for each program are described in the
individual files in /usr/share/doc/*/copyright.
Debian GNU/Linux comes with ABSOLUTELY NO WARRANTY, to the extent
permitted by applicable law.
You have no mail.
nevj@antix23:~
So it works, I can ssh into my Antix VM from my Peppermint host.
It also works for sftp
nevj@trinity:~$ sftp -P 2222 localhost
nevj@localhost's password:
Connected to localhost.
sftp> bye
nevj@trinity:~$
So sftp can use an ssh reverse tunnel.
Enabling ping in the guest VM
To make ping work in a boxes guest, one needs to make a new group called
unpriv_ping in the host, and add your user login name to that group.
So in the host do
usermod --appens --groups unpriv_ping nevj
then look at the file /etc/group and see the line
unpriv_ping:x:1003:nevj
that tells us that unpriv_ping is groups number 1003.
Then go to the file /etc/sysctl.conf and add the line
net.ipv4.ping_group_range = 1003 1003
Check with sysctl -p
sysctl -p
net.ipv4.ping_group_range = 1003 1003
that looks right, so reboot
Then open a boxes VM and try ping name_of_host
it should work like this
nevj@debian12vm:~/Desktop$ ping trinity
PING trinity (192.168.0.56) 56(84) bytes of data.
64 bytes from trinity.modem (192.168.0.56): icmp_seq=1 ttl=255 time=0.367 ms
64 bytes from trinity.modem (192.168.0.56): icmp_seq=2 ttl=255 time=0.411 ms
....
My hostname is trinity.
One can ping any computer or network device reachable from the host.
That will work for all guests supported by the current host.
If one changes hosts, one would obviously have to configure it again in the new host.
Using qemu-nbd to mount the gnome-boxes VM file
The gnome-boxes VM files are located at
~/. local/share/gnome-boxes/images
They are QCOW2 files. One can mount a qcow2 file using qemu-nbd and thsi allows one to
read and write on the virtual filesystem that it contains.
The details are given here for virt-manager files,
but gnome-boxes VM files are accessible in the same way.
One reason for doing this would be if a gnome-boxes VM would not boot and one needed to
enter the virtual filesystem and edit some files.
Warning: Do not do an NBD mount while the VM is in use.