Stuck on "Waiting for the essential requirement 1 of 5: "ssh"; Permission denied (publickey)

[ankit-sa]

Description

I'm trying to start lima with default settings using limactl start and with default settings but I'm stuck on this error.

INFO[0003] SSH Local Port: 60022                        
INFO[0003] [hostagent] Waiting for the essential requirement 1 of 5: "ssh" 
DEBU[0003] [hostagent] executing script "ssh"           
DEBU[0003] [hostagent] executing ssh for script "ssh": /usr/bin/ssh [ssh -F /dev/null -o IdentityFile="/Users/shadow/.lima/_config/user" -o IdentityFile="/Users/shadow/.ssh/id_rsa" -o StrictHostKeyChecking=no -o UserKnownHostsFile=/dev/null -o NoHostAuthenticationForLocalhost=yes -o GSSAPIAuthentication=no -o PreferredAuthentications=publickey -o Compression=no -o BatchMode=yes -o IdentitiesOnly=yes -o Ciphers="^aes128-gcm@openssh.com,aes256-gcm@openssh.com" -o User=shadow -o ControlMaster=auto -o ControlPath="/Users/shadow/.lima/default/ssh.sock" -o ControlPersist=5m -p 60022 127.0.0.1 -- /bin/bash] 
DEBU[0010] [hostagent] stdout="", stderr="kex_exchange_identification: read: Connection reset by peer\r\nConnection reset by 127.0.0.1 port 60022\r\n", err=failed to execute script "ssh": stdout="", stderr="kex_exchange_identification: read: Connection reset by peer\r\nConnection reset by 127.0.0.1 port 60022\r\n": exit status 255 
INFO[0020] [hostagent] Waiting for the essential requirement 1 of 5: "ssh" 
DEBU[0020] [hostagent] executing script "ssh"           
DEBU[0020] [hostagent] executing ssh for script "ssh": /usr/bin/ssh [ssh -F /dev/null -o IdentityFile="/Users/shadow/.lima/_config/user" -o IdentityFile="/Users/shadow/.ssh/id_rsa" -o StrictHostKeyChecking=no -o UserKnownHostsFile=/dev/null -o NoHostAuthenticationForLocalhost=yes -o GSSAPIAuthentication=no -o PreferredAuthentications=publickey -o Compression=no -o BatchMode=yes -o IdentitiesOnly=yes -o Ciphers="^aes128-gcm@openssh.com,aes256-gcm@openssh.com" -o User=shadow -o ControlMaster=auto -o ControlPath="/Users/shadow/.lima/default/ssh.sock" -o ControlPersist=5m -p 60022 127.0.0.1 -- /bin/bash] 
DEBU[0020] [hostagent] stdout="", stderr="shadow@127.0.0.1: Permission denied (publickey).\r\n", err=failed to execute script "ssh": stdout="", stderr="shadow@127.0.0.1: Permission denied (publickey).\r\n": exit status 255 
INFO[0030] [hostagent] Waiting for the essential requirement 1 of 5: "ssh" 
DEBU[0030] [hostagent] executing script "ssh"           
DEBU[0030] [hostagent] executing ssh for script "ssh": /usr/bin/ssh [ssh -F /dev/null -o IdentityFile="/Users/shadow/.lima/_config/user" -o IdentityFile="/Users/shadow/.ssh/id_rsa" -o StrictHostKeyChecking=no -o UserKnownHostsFile=/dev/null -o NoHostAuthenticationForLocalhost=yes -o GSSAPIAuthentication=no -o PreferredAuthentications=publickey -o Compression=no -o BatchMode=yes -o IdentitiesOnly=yes -o Ciphers="^aes128-gcm@openssh.com,aes256-gcm@openssh.com" -o User=shadow -o ControlMaster=auto -o ControlPath="/Users/shadow/.lima/default/ssh.sock" -o ControlPersist=5m -p 60022 127.0.0.1 -- /bin/bash] 
DEBU[0030] [hostagent] stdout="", stderr="shadow@127.0.0.1: Permission denied (publickey).\r\n", err=failed to execute script "ssh": stdout="", stderr="shadow@127.0.0.1: Permission denied (publickey).\r\n": exit status 255 
INFO[0040] [hostagent] Waiting for the essential requirement 1 of 5: "ssh" 
DEBU[0040] [hostagent] executing script "ssh"           
DEBU[0040] [hostagent] executing ssh for script "ssh": /usr/bin/ssh [ssh -F /dev/null -o IdentityFile="/Users/shadow/.lima/_config/user" -o IdentityFile="/Users/shadow/.ssh/id_rsa" -o StrictHostKeyChecking=no -o UserKnownHostsFile=/dev/null -o NoHostAuthenticationForLocalhost=yes -o GSSAPIAuthentication=no -o PreferredAuthentications=publickey -o Compression=no -o BatchMode=yes -o IdentitiesOnly=yes -o Ciphers="^aes128-gcm@openssh.com,aes256-gcm@openssh.com" -o User=shadow -o ControlMaster=auto -o ControlPath="/Users/shadow/.lima/default/ssh.sock" -o ControlPersist=5m -p 60022 127.0.0.1 -- /bin/bash] 
DEBU[0040] [hostagent] stdout="", stderr="shadow@127.0.0.1: Permission denied (publickey).\r\n", err=failed to execute script "ssh": stdout="", stderr="shadow@127.0.0.1: Permission denied (publickey).\r\n": exit status 255 

limactl version 0.11.2
colima version 0.4.4
QEMU emulator version 7.0.0
System: MacOS v12.4 M1

I have already gone through other related issues (#525, #17, #745, #767, #745, #713, #503, #543) but still no luck. I even tried it with some other versions of ubuntu but all show the same error. But ya fedora works fine.

[afbjorklund]

The logs might have more info

[ankit-sa]

Any update on this??

[afbjorklund]

There might be more details in the sshd log, why it is rejecting the key. You can also run ssh with some more -v options.

[ankit-sa]

This is the error which I keep getting. Initially I thought it might be coz the ssh key has a passphrase but even after I removed it the issue persists.

{"level":"debug","msg":"Creating iso file /Users/shadow/.lima/default/cidata.iso","time":"2022-08-04T14:18:19+05:30"}
{"level":"debug","msg":"Using /var/folders/8c/0cmpb48d4klb3v93jbcsn00h0000gp/T/diskfs_iso840991425 as workspace","time":"2022-08-04T14:18:19+05:30"}
{"level":"debug","msg":"firmware candidates = [/Users/shadow/.local/share/qemu/edk2-aarch64-code.fd /opt/homebrew/share/qemu/edk2-aarch64-code.fd /usr/share/AAVMF/AAVMF_CODE.fd /usr/share/qemu-efi-aarch64/QEMU_EFI.fd]","time":"2022-08-04T14:18:20+05:30"}
{"level":"debug","msg":"OpenSSH version 8.6.1 detected","time":"2022-08-04T14:18:20+05:30"}
{"level":"debug","msg":"AES accelerator seems available, prioritizing aes128-gcm@openssh.com and aes256-gcm@openssh.com","time":"2022-08-04T14:18:20+05:30"}
{"level":"info","msg":"Starting QEMU (hint: to watch the boot progress, see \"/Users/shadow/.lima/default/serial.log\")","time":"2022-08-04T14:18:20+05:30"}
{"level":"debug","msg":"Start udp server listening on: 127.0.0.1:53381","time":"2022-08-04T14:18:20+05:30"}
{"level":"debug","msg":"qCmd.Args: [/opt/homebrew/bin/qemu-system-aarch64 -m 4096 -cpu host -machine virt,accel=hvf -smp 4,sockets=1,cores=4,threads=1 -drive if=pflash,format=raw,readonly=on,file=/opt/homebrew/share/qemu/edk2-aarch64-code.fd -boot order=c,splash-time=0,menu=on -drive file=/Users/shadow/.lima/default/diffdisk,if=virtio -cdrom /Users/shadow/.lima/default/cidata.iso -netdev user,id=net0,net=192.168.5.0/24,dhcpstart=192.168.5.15,hostfwd=tcp:127.0.0.1:60022-:22 -device virtio-net-pci,netdev=net0,mac=xx:xx:xx:xx:xx:xx -device virtio-rng-pci -display none -vga none -device ramfb -device qemu-xhci,id=usb-bus -device usb-kbd,bus=usb-bus.0 -device usb-mouse,bus=usb-bus.0 -parallel none -chardev socket,id=char-serial,path=/Users/shadow/.lima/default/serial.sock,server=on,wait=off,logfile=/Users/shadow/.lima/default/serial.log -serial chardev:char-serial -chardev socket,id=char-qmp,path=/Users/shadow/.lima/default/qmp.sock,server=on,wait=off -qmp chardev:char-qmp -name lima-default -pidfile /Users/shadow/.lima/default/qemu.pid]","time":"2022-08-04T14:18:20+05:30"}
{"level":"debug","msg":"Start tcp server listening on: 127.0.0.1:51370","time":"2022-08-04T14:18:20+05:30"}
{"level":"info","msg":"Waiting for the essential requirement 1 of 5: \"ssh\"","time":"2022-08-04T14:18:20+05:30"}
{"level":"debug","msg":"executing script \"ssh\"","time":"2022-08-04T14:18:20+05:30"}
{"level":"debug","msg":"executing ssh for script \"ssh\": /usr/bin/ssh [ssh -F /dev/null -o IdentityFile=\"/Users/shadow/.lima/_config/user\" -o IdentityFile=\"/Users/shadow/.ssh/id_rsa\" -o StrictHostKeyChecking=no -o UserKnownHostsFile=/dev/null -o NoHostAuthenticationForLocalhost=yes -o GSSAPIAuthentication=no -o PreferredAuthentications=publickey -o Compression=no -o BatchMode=yes -o IdentitiesOnly=yes -o Ciphers=\"^aes128-gcm@openssh.com,aes256-gcm@openssh.com\" -o User=shadow -o ControlMaster=auto -o ControlPath=\"/Users/shadow/.lima/default/ssh.sock\" -o ControlPersist=5m -p 60022 127.0.0.1 -- /bin/bash]","time":"2022-08-04T14:18:20+05:30"}
{"level":"debug","msg":"stdout=\"\", stderr=\"kex_exchange_identification: read: Connection reset by peer\\r\\nConnection reset by 127.0.0.1 port 60022\\r\\n\", err=failed to execute script \"ssh\": stdout=\"\", stderr=\"kex_exchange_identification: read: Connection reset by peer\\r\\nConnection reset by 127.0.0.1 port 60022\\r\\n\": exit status 255","time":"2022-08-04T14:18:28+05:30"}
{"level":"debug","msg":"handleQuery received DNS query: ;; opcode: QUERY, status: NOERROR, id: 6196\n;; flags: rd; QUERY: 1, ANSWER: 0, AUTHORITY: 0, ADDITIONAL: 1\n\n;; OPT PSEUDOSECTION:\n; EDNS: version 0; flags: ; udp: 1472\n\n;; QUESTION SECTION:\n;api.snapcraft.io.\tIN\t AAAA\n","time":"2022-08-04T14:18:32+05:30"}
{"level":"debug","msg":"handleQuery received DNS query: ;; opcode: QUERY, status: NOERROR, id: 18018\n;; flags: rd; QUERY: 1, ANSWER: 0, AUTHORITY: 0, ADDITIONAL: 0\n\n;; QUESTION SECTION:\n;api.snapcraft.io.\tIN\t AAAA\n","time":"2022-08-04T14:18:32+05:30"}
{"level":"info","msg":"Waiting for the essential requirement 1 of 5: \"ssh\"","time":"2022-08-04T14:18:38+05:30"}
{"level":"debug","msg":"executing script \"ssh\"","time":"2022-08-04T14:18:38+05:30"}
{"level":"debug","msg":"executing ssh for script \"ssh\": /usr/bin/ssh [ssh -F /dev/null -o IdentityFile=\"/Users/shadow/.lima/_config/user\" -o IdentityFile=\"/Users/shadow/.ssh/id_rsa\" -o StrictHostKeyChecking=no -o UserKnownHostsFile=/dev/null -o NoHostAuthenticationForLocalhost=yes -o GSSAPIAuthentication=no -o PreferredAuthentications=publickey -o Compression=no -o BatchMode=yes -o IdentitiesOnly=yes -o Ciphers=\"^aes128-gcm@openssh.com,aes256-gcm@openssh.com\" -o User=shadow -o ControlMaster=auto -o ControlPath=\"/Users/shadow/.lima/default/ssh.sock\" -o ControlPersist=5m -p 60022 127.0.0.1 -- /bin/bash]","time":"2022-08-04T14:18:38+05:30"}
{"level":"debug","msg":"stdout=\"\", stderr=\"shadow@127.0.0.1: Permission denied (publickey).\\r\\n\", err=failed to execute script \"ssh\": stdout=\"\", stderr=\"shadow@127.0.0.1: Permission denied (publickey).\\r\\n\": exit status 255","time":"2022-08-04T14:18:38+05:30"}
{"level":"info","msg":"Waiting for the essential requirement 1 of 5: \"ssh\"","time":"2022-08-04T14:18:48+05:30"}
{"level":"debug","msg":"executing script \"ssh\"","time":"2022-08-04T14:18:48+05:30"}
{"level":"debug","msg":"executing ssh for script \"ssh\": /usr/bin/ssh [ssh -F /dev/null -o IdentityFile=\"/Users/shadow/.lima/_config/user\" -o IdentityFile=\"/Users/shadow/.ssh/id_rsa\" -o StrictHostKeyChecking=no -o UserKnownHostsFile=/dev/null -o NoHostAuthenticationForLocalhost=yes -o GSSAPIAuthentication=no -o PreferredAuthentications=publickey -o Compression=no -o BatchMode=yes -o IdentitiesOnly=yes -o Ciphers=\"^aes128-gcm@openssh.com,aes256-gcm@openssh.com\" -o User=shadow -o ControlMaster=auto -o ControlPath=\"/Users/shadow/.lima/default/ssh.sock\" -o ControlPersist=5m -p 60022 127.0.0.1 -- /bin/bash]","time":"2022-08-04T14:18:48+05:30"}
{"level":"debug","msg":"stdout=\"\", stderr=\"shadow@127.0.0.1: Permission denied (publickey).\\r\\n\", err=failed to execute script \"ssh\": stdout=\"\", stderr=\"shadow@127.0.0.1: Permission denied (publickey).\\r\\n\": exit status 255","time":"2022-08-04T14:18:48+05:30"}
{"level":"info","msg":"Waiting for the essential requirement 1 of 5: \"ssh\"","time":"2022-08-04T14:18:58+05:30"}
{"level":"debug","msg":"executing script \"ssh\"","time":"2022-08-04T14:18:58+05:30"}
{"level":"debug","msg":"executing ssh for script \"ssh\": /usr/bin/ssh [ssh -F /dev/null -o IdentityFile=\"/Users/shadow/.lima/_config/user\" -o IdentityFile=\"/Users/shadow/.ssh/id_rsa\" -o StrictHostKeyChecking=no -o UserKnownHostsFile=/dev/null -o NoHostAuthenticationForLocalhost=yes -o GSSAPIAuthentication=no -o PreferredAuthentications=publickey -o Compression=no -o BatchMode=yes -o IdentitiesOnly=yes -o Ciphers=\"^aes128-gcm@openssh.com,aes256-gcm@openssh.com\" -o User=shadow -o ControlMaster=auto -o ControlPath=\"/Users/shadow/.lima/default/ssh.sock\" -o ControlPersist=5m -p 60022 127.0.0.1 -- /bin/bash]","time":"2022-08-04T14:18:58+05:30"}
{"level":"debug","msg":"stdout=\"\", stderr=\"shadow@127.0.0.1: Permission denied (publickey).\\r\\n\", err=failed to execute script \"ssh\": stdout=\"\", stderr=\"shadow@127.0.0.1: Permission denied (publickey).\\r\\n\": exit status 255","time":"2022-08-04T14:18:58+05:30"}
{"level":"debug","msg":"handleQuery received DNS query: ;; opcode: QUERY, status: NOERROR, id: 8964\n;; flags: rd; QUERY: 1, ANSWER: 0, AUTHORITY: 0, ADDITIONAL: 0\n\n;; QUESTION SECTION:\n;ntp.ubuntu.com.\tIN\t A\n","time":"2022-08-04T14:19:00+05:30"}
{"level":"debug","msg":"handleQuery received DNS query: ;; opcode: QUERY, status: NOERROR, id: 12952\n;; flags: rd; QUERY: 1, ANSWER: 0, AUTHORITY: 0, ADDITIONAL: 0\n\n;; QUESTION SECTION:\n;ntp.ubuntu.com.\tIN\t AAAA\n","time":"2022-08-04T14:19:00+05:30"}
{"level":"info","msg":"Waiting for the essential requirement 1 of 5: \"ssh\"","time":"2022-08-04T14:19:08+05:30"}
{"level":"debug","msg":"executing script \"ssh\"","time":"2022-08-04T14:19:08+05:30"}
{"level":"debug","msg":"executing ssh for script \"ssh\": /usr/bin/ssh [ssh -F /dev/null -o IdentityFile=\"/Users/shadow/.lima/_config/user\" -o IdentityFile=\"/Users/shadow/.ssh/id_rsa\" -o StrictHostKeyChecking=no -o UserKnownHostsFile=/dev/null -o NoHostAuthenticationForLocalhost=yes -o GSSAPIAuthentication=no -o PreferredAuthentications=publickey -o Compression=no -o BatchMode=yes -o IdentitiesOnly=yes -o Ciphers=\"^aes128-gcm@openssh.com,aes256-gcm@openssh.com\" -o User=shadow -o ControlMaster=auto -o ControlPath=\"/Users/shadow/.lima/default/ssh.sock\" -o ControlPersist=5m -p 60022 127.0.0.1 -- /bin/bash]","time":"2022-08-04T14:19:08+05:30"}
{"level":"debug","msg":"stdout=\"\", stderr=\"shadow@127.0.0.1: Permission denied (publickey).\\r\\n\", err=failed to execute script \"ssh\": stdout=\"\", stderr=\"shadow@127.0.0.1: Permission denied (publickey).\\r\\n\": exit status 255","time":"2022-08-04T14:19:09+05:30"}

[ankit-sa]

Any update??
Also, fedora works fine; the issue is only with ubuntu and a few others. I haven't tested all.

[tuannguyen-groove]

Same issue here on my M1, may I ask if you've solved it yet?

[Spaider]

Same issue here, problem with permissions for public key.
Colima version: 0.6.7
Lima version: 0.19.1
macOS: Sonoma 14.2.1
Processor: M1, 2020

Cleaning ~/.colima and ~/.lima directories did not help.

[afbjorklund]

There should be some logs in systemctl status ssh

The pubkey itself should be in ~/.ssh/authorized_keys

[Spaider]

There should be some logs in systemctl status ssh

I assume this should be done inside VM. How can I get in to run this?

The pubkey itself should be in ~/.ssh/authorized_keys

On host or in VM?

[afbjorklund]

Both the logs and the ssh files are in the VM*, since ssh seems to be broken you probably have to use the console.

* The host/client uses ~/.lima/_config/user.pub or something similar (under $LIMA_HOME) for storing the public key

[afbjorklund]

Hmm, authenticating might be an issue. I think the boot will dump you at a login prompt on the console.

So not sure you will be able to get at the logs by using the serial.sock, probably needs a single-user boot.

[Spaider]

@afbjorklund here's the line from ha.stderr.log:

{"level":"debug","msg":"executing ssh for script \"ssh\": /usr/bin/ssh [ssh -F /dev/null -o IdentityFile=\"/Users/admin/.lima/_config/user\" -o IdentityFile=\"/Users/admin/.ssh/id_rsa\" -o IdentityFile=\"/Users/admin/.ssh/iron-proxy\" -o IdentityFile=\"/Users/admin/.ssh/its-admins\" -o IdentityFile=\"/Users/admin/.ssh/its-shared\" -o StrictHostKeyChecking=no -o UserKnownHostsFile=/dev/null -o NoHostAuthenticationForLocalhost=yes -o GSSAPIAuthentication=no -o PreferredAuthentications=publickey -o Compression=no -o BatchMode=yes -o IdentitiesOnly=yes -o Ciphers=\"^aes128-gcm@openssh.com,aes256-gcm@openssh.com\" -o User=admin -o ControlMaster=auto -o ControlPath=\"/Users/admin/.lima/default/ssh.sock\" -o ControlPersist=yes -p 60022 127.0.0.1 -- /bin/bash]","time":"2024-01-06T15:28:04+03:00"}

As you can see, it lists identities both from lima config and from my local ~/.ssh folder.
All these have -rw------- permission as per security recommendations.

[afbjorklund]

You can disable the adding of your regular keys. It is probably going to be the default soon.

ssh:

  # Load ~/.ssh/*.pub in addition to $LIMA_HOME/_config/user.pub .
  # This option is useful when you want to use other SSH-based
  # applications such as rsync with the Lima instance.
  # If you have an insecure key under ~/.ssh, do not use this option.
  # 🟢 Builtin default: true
  loadDotSSHPubKeys: null

The comment (about usefulness) is mostly obsolete, now that there is -F .../ssh.config

• https://lima-vm.io/docs/reference/limactl_show-ssh/

[afbjorklund]

The curious part is what happens on the server, if there is anything in serial.log or sshd log...

Booting single user is "hard", probably should be documented under the internal/developers

---

Currently you have to set up some special files, and then qemu will pick those up during boot.

kernel:

• kernel: the kernel
• kernel.cmdline: the kernel cmdline (<--- this is where single goes)
• initrd: the initrd

Not something that you would normally have to resort to, but only for debugging/resolving this.

anders@lima-default:/home/anders$ sudo cp /boot/vmlinuz /tmp/lima/kernel
anders@lima-default:/home/anders$ sudo cp /boot/initrd.img /tmp/lima/initrd
anders@lima-default:/home/anders$ cat /proc/cmdline > /tmp/lima/kernel.cmdline

socat - unix-connect:$HOME/.lima/default/serial.sock

You are in rescue mode. After logging in, type "journalctl -xb" to view
system logs, "systemctl reboot" to reboot, "systemctl default" or "exit"
to boot into default mode.
Press Enter for maintenance
(or press Control-D to continue): 
root@lima-default:~# 

[Spaider]

I'll be glad to debug and help. But regarding to (co)lima I'm just a user who wants his images to run. If there's somewhat meaningful description exists then I'll try to follow it.

Please note that I'm using macOS on M1.

[afbjorklund]

That is OK, and not expected.

Do you get the regular output from cloud-init (in serial.log), where it prints out the authorized keys and the host keys?

ci-info: +++++++++++++++++++++++++++++++Authorized keys from /home/anders.linux/.ssh/authorized_keys for user anders++++++++++++++++++++++++++++++++
ci-info: +-------------+-------------------------------------------------------------------------------------------------+---------+---------------+
ci-info: |   Keytype   |                                       Fingerprint (sha256)                                      | Options |    Comment    |
ci-info: +-------------+-------------------------------------------------------------------------------------------------+---------+---------------+
ci-info: | ssh-ed25519 | 62:49:b4:0b:2d:da:9f:7d:e3:1d:3c:15:99:59:d0:e2:b5:52:73:fd:4c:6b:ab:81:3b:67:50:87:9c:4c:03:c3 |    -    | anders@ubuntu |
ci-info: +-------------+-------------------------------------------------------------------------------------------------+---------+---------------+
<14>Jan  6 14:01:05 cloud-init: #############################################################
<14>Jan  6 14:01:05 cloud-init: -----BEGIN SSH HOST KEY FINGERPRINTS-----
<14>Jan  6 14:01:05 cloud-init: 1024 SHA256:R/VZpJMEFwQZHg2dNEOJkOBlv6uOE2x9tb+vKDkirls root@lima-default (DSA)
<14>Jan  6 14:01:05 cloud-init: 256 SHA256:juQhkjN2pthhgRyuMsElojI4sq86nQS11kITO8moJ60 root@lima-default (ECDSA)
<14>Jan  6 14:01:05 cloud-init: 256 SHA256:o/FiOTjLAZRFaaEZoxPpSOtiZczvf3gz28H4uHLlOQ8 root@lima-default (ED25519)
<14>Jan  6 14:01:05 cloud-init: 3072 SHA256:luqbyEmRnph59hSu7yR66pfS47DRY58vmh7NbFHT5Mo root@lima-default (RSA)
<14>Jan  6 14:01:05 cloud-init: -----END SSH HOST KEY FINGERPRINTS-----
<14>Jan  6 14:01:05 cloud-init: #############################################################

(they all start with ci-info)

There should also be the regular systemd output for the service itself.

         Starting ssh.service - OpenBSD Secure Shell server...
[  OK  ] Started ssh.service - OpenBSD Secure Shell server.

But we can't really see the login happening from the "outside".

It requires something like journalctl -u ssh, to see the sshd logs.

[Spaider]

Here's something suspicious I see in serialp.log:

lima-default login: [   26.388197] cloud-init[2359]: + '[' '!' -f /usr/local/bin/nerdctl ']'
[   26.389247] cloud-init[2359]: + '[' -f /usr/local/bin/nerdctl ']'
[   26.389426] cloud-init[2359]: + tar Cxzf /usr/local /mnt/lima-cidata/nerdctl-full.tgz
[   29.428937] cloud-init[2359]: + mkdir -p /etc/bash_completion.d
[   29.452918] cloud-init[2359]: + nerdctl completion bash
[   29.473242] cloud-init[2359]: + rm -rf /tmp/tmp.yhotkxLurZ
[   29.475320] cloud-init[2359]: + : default
[   29.475371] cloud-init[2359]: + : overlayfs
[   29.475414] cloud-init[2359]: + '[' '' = 1 ']'
[   29.475598] cloud-init[2359]: + '[' 1 = 1 ']'
[   29.475955] cloud-init[2359]: + '[' '!' -e /home/admin.linux/.config/containerd/config.toml ']'
[   29.476442] cloud-init[2359]: + mkdir -p /home/admin.linux/.config/containerd
[   29.478436] cloud-init[2359]: + cat
[   29.480865] cloud-init[2359]: + chown -R admin /home/admin.linux/.config
[   29.482122] cloud-init[2359]: chown: invalid user: ‘admin’
[   29.483055] cloud-init[2359]: LIMA| WARNING: Failed to execute /mnt/lima-cidata/boot/40-install-containerd.sh
[   29.484671] cloud-init[2359]: LIMA| Exiting with code 1
[   29.485475] cloud-init[2359]: 2024-01-06 12:27:55,630 - cc_scripts_per_boot.py[WARNING]: Failed to run module scripts_per_boot (per-boot in /var/lib/cloud/scripts/per-boot)
[   29.487775] cloud-init[2359]: 2024-01-06 12:27:55,631 - util.py[WARNING]: Running module scripts_per_boot (<module 'cloudinit.config.cc_scripts_per_boot' from '/usr/lib/python3/dist-packages/cloudinit/config/cc_scripts_per_boot.py'>) failed
[   29.491134] cloud-init[2359]: 2024-01-06 12:27:55,636 - util.py[WARNING]: Running module ssh_authkey_fingerprints (<module 'cloudinit.config.cc_ssh_authkey_fingerprints' from '/usr/lib/python3/dist-packages/cloudinit/config/cc_ssh_authkey_fingerprints.py'>) failed

admin is a my user on host machine.

[afbjorklund]

Oh, you can't use the name "admin".

We should probably look for some names...

Like "bobby tables": https://xkcd.com/327/

Or for the error from cloud-init, where it tries to add an existing groupname (this one is reserved by the Ubuntu OS)

By default each new user will create a group with the same name, so it can't use any of the existing groups (or users)

The same reason for the original: "shadow"

shadow:x:42:
admin:x:114:

---

But there should have been a warning:

[WARNING]: Failed to create user admin

[afbjorklund]

• Faulty installation of Ubuntu (Waiting for the essential requirement 1 of 5: "ssh"): util.py[WARNING]: Failed to create user admin #2037

[Spaider]

Bummer. Looks like it explains everything.
Yes, there is such warning in logs.

[Spaider]

@afbjorklund case is closed for me, thanks a lot.
I've created another user, su'd to it and lima starts successfully.

[Spaider]

For the history, here's my solution to a problem:

Create new user on behalf of whom '[co]lima` will work:

# Create new user and put its home dir under /var
sudo sysadminctl -addUser lima -fullName "Lima Colima" -password procedure -admin
# Hide user's home
dscl . create /Users/lima IsHidden 1
# Create alternative user's home under /var
sudo dscl . -create /Users/lima NFSHomeDirectory /var/lima
mv /Users/lima /var/lima

From this point it's possible to run [co]lima after su-ing to lima user.
Alternatively, create new docker context and point it to /var/lima/.colima/docker.sock (adjusting this file permissions, of course).

[afbjorklund]

In the future it should be possible to choose a different name.

• Configuration option for specifying the username #1015