# Trellis on M1 Pro: vm start (Failed to connect to the host via ssh) **URL:** https://discourse.roots.io/t/trellis-on-m1-pro-vm-start-failed-to-connect-to-the-host-via-ssh/26809 **Category:** trellis **Tags:** lima **Created:** 2024-03-02T05:00:26Z **Posts:** 10 ## Post 1 by @conorseed — 2024-03-02T05:00:26Z Hey all :slight_smile: I’d appreciate some help getting started. I’m new to Trellis and trying to get the local dev environment working on my M1 Pro. I’m using the lima setup, seen as Vagrant requires Parallels on apple silicon and I don’t want to use that if I don’t have to! So I have python 3.9.6, limactl version 0.20.1, and trellis 1.11.1. Here’s the steps I’m taking: 1. `trellis new domain.com` 2. `cd domain.com` 3. `trellis init` 4. `trellis vm start` At this point I get this error: ``` PLAY [WordPress Server: Install LEMP Stack with PHP and MariaDB MySQL] ********* TASK [Gathering Facts] ********************************************************* [WARNING]: Unhandled error in Python interpreter discovery for host default: Failed to connect to the host via ssh: username@127.0.0.1: Permission denied (publickey). fatal: [default]: UNREACHABLE! => {"changed": false, "msg": "Data could not be sent to remote host \"127.0.0.1\". Make sure this host can be reached over ssh: username@127.0.0.1: Permission denied (publickey).\r\n", "unreachable": true} ``` I’m not sure what I’m doing wrong, nor what the problem is. Any assistance would be greatly appreciated. Thanks! --- ## Post 3 by @conorseed — 2024-04-22T20:59:24Z @Jack_Kudla - I see you posted asking if I Had fixed it, but have now deleted the post. I was unable to fix it. Have you managed to figure it out? --- ## Post 4 by @Jack_Kudla — 2024-04-22T21:42:50Z Generate new key add to keychain, cleared hosts and deleted the vm started a new one > **[Generating a new SSH key and adding it to the ssh-agent - GitHub Docs](https://docs.github.com/en/authentication/connecting-to-github-with-ssh/generating-a-new-ssh-key-and-adding-it-to-the-ssh-agent)** > > After you've checked for existing SSH keys, you can generate a new SSH key to use for authentication, then add it to the ssh-agent. --- ## Post 5 by @Jack_Kudla — 2024-04-25T15:11:31Z Were you able to get it working? --- ## Post 6 by @luke — 2024-04-26T17:21:41Z Since I upgraded from Intel to M3 Pro/macOS 14.4.1 I also had a lot of issues (both with lima and parallels, which is another topic). I found out that you need to disable the firewall to get it working properly. My steps to reproduce, even though I am not sure you have the same problem. ## Start VM (failing) `trellis vm start` failed with `Could not determine IP address for VM instance: no IP address could be matched in the ip route output`. > **Full output** > > ``` > $ trellis vm start > Running command => limactl start example > INFO[0000] Using the existing instance "example" > INFO[0000] Starting the instance "example" with VM driver "vz" > INFO[0000] [hostagent] hostagent socket created at /Users/user/.lima/pinotandrock/ha.sock > INFO[0000] [hostagent] Starting VZ (hint: to watch the boot progress, see "/Users/user/.lima/example/serial*.log") > INFO[0000] [hostagent] new connection from to > INFO[0000] SSH Local Port: 52445 > INFO[0000] [hostagent] Waiting for the essential requirement 1 of 2: "ssh" > INFO[0000] [hostagent] [VZ] - vm state change: running > INFO[0009] [hostagent] Waiting for the essential requirement 1 of 2: "ssh" > INFO[0009] [hostagent] The essential requirement 1 of 2 is satisfied > INFO[0009] [hostagent] Waiting for the essential requirement 2 of 2: "user session is ready for ssh" > INFO[0012] [hostagent] The essential requirement 2 of 2 is satisfied > INFO[0013] [hostagent] Waiting for the guest agent to be running > INFO[0013] [hostagent] Guest agent is running > INFO[0013] [hostagent] Waiting for the final requirement 1 of 1: "boot scripts must have finished" > INFO[0013] [hostagent] Not forwarding TCP 127.0.0.53:53 > INFO[0013] [hostagent] Forwarding TCP from 127.0.0.1:3306 to 127.0.0.1:3306 > INFO[0013] [hostagent] The final requirement 1 of 1 is satisfied > INFO[0013] READY. Run `limactl shell example` to open the shell. > Error starting VM. > Could not determine IP address for VM instance: no IP address could be matched in the ip route output > ``` I could access the vm via `limactl shell example`, but i could not access it in the browser. I noticed that `/etc/hosts` was not updated. I used `trellis vm sudoers | sudo tee /etc/sudoers.d/trellis`, but it did not change anything. ## Manually edited /etc/hosts So, I added the entry myself: ``` 127.0.0.1 example.test www.example.test ``` ## Provision Then, I ran `trellis provision development`. Now I can access the site via the browser. ## Disable firewall This issue helped a lot: > > > ### Description > > Attempting to start `--network-address` fails. Additional start…s without the flag fail with a different error message. Removing `~/.colima` allows for a successful start, without the network address. > > ### Version > > Colima Version: 0.4.6 > Lima Version: 0.12.0, 0.13.0 > Qemu Version: 7.1.0 > > > ### Operating System > > - [] macOS Intel > - [X] macOS M1 > - [] Linux > > ### Reproduction Steps > > 1. `colima start --network-address` > > > ### Expected behaviour > > Colima starts correctly. > > ### Additional context > > ### First start: > ``` > INFO[0000] starting colima > INFO[0000] runtime: docker > INFO[0000] preparing network ... context=vm > WARN[0015] error starting network: error at 'preparing network': error running [/opt/homebrew/bin/colima daemon status default], output: "time=\"2022-10-27T09:57:15-04:00\" level=fatal msg=\"pid file not found: stat /Users/joel.johnson/.colima/default/daemon/daemon.pid: no such file or directory\"", err: "exit status 1" context=vm > INFO[0015] creating and starting ... context=vm > WARN[0015] error setting up routable IP address: vmnet ptp socket file not found: stat /Users/joel.johnson/.colima/default/daemon/vmnet.ptp: no such file or directory > > Using cache "/Users/joel.johnson/Library/Caches/lima/download/by-url-sha256/e9bac04e9bdb31be4d3de1506d97eb60d59d9ad1a2d97f2b21f760e06f3e4408/data" > > [hostagent] Starting QEMU (hint: to watch the boot progress, see "/Users/joel.johnson/.lima/colima/serial.log") > > SSH Local Port: 57347 > > [hostagent] Waiting for the essential requirement 1 of 5: "ssh" > > [hostagent] QEMU has exited > > exiting, status={Running:false Degraded:false Exiting:true Errors:[] SSHLocalPort:0} (hint: see "/Users/joel.johnson/.lima/colima/ha.stderr.log") > FATA[0017] error starting vm: error at 'creating and starting': exit status 1 > ``` > > ha.stderr.log: > ``` > {"level":"debug","msg":"Creating iso file /Users/joel.johnson/.lima/colima/cidata.iso","time":"2022-10-27T09:57:15-04:00"} > {"level":"debug","msg":"Using /var/folders/1n/fvnyc01554s0240g36s382jh6nvfqs/T/diskfs_iso413631167 as workspace","time":"2022-10-27T09:57:15-04:00"} > {"level":"debug","msg":"firmware candidates = [/Users/joel.johnson/.local/share/qemu/edk2-aarch64-code.fd /Users/joel.johnson/.colima/_wrapper/3a9197e1ca3cd2da076da2b473d7a7eb118e2cca/share/qemu/edk2-aarch64-code.fd /usr/share/AAVMF/AAVMF_CODE.fd /usr/share/qemu-efi-aarch64/QEMU_EFI.fd]","time":"2022-10-27T09:57:17-04:00"} > {"level":"debug","msg":"OpenSSH version 8.6.1 detected","time":"2022-10-27T09:57:17-04:00"} > {"level":"debug","msg":"AES accelerator seems available, prioritizing aes128-gcm@openssh.com and aes256-gcm@openssh.com","time":"2022-10-27T09:57:17-04:00"} > {"level":"info","msg":"Starting QEMU (hint: to watch the boot progress, see \"/Users/joel.johnson/.lima/colima/serial.log\")","time":"2022-10-27T09:57:17-04:00"} > {"level":"debug","msg":"qCmd.Args: [/Users/joel.johnson/.colima/_wrapper/3a9197e1ca3cd2da076da2b473d7a7eb118e2cca/bin/qemu-system-aarch64 -m 2048 -cpu host -machine virt,accel=hvf,highmem=off -smp 2,sockets=1,cores=2,threads=1 -drive if=pflash,format=raw,readonly=on,file=/Users/joel.johnson/.colima/_wrapper/3a9197e1ca3cd2da076da2b473d7a7eb118e2cca/share/qemu/edk2-aarch64-code.fd -boot order=d,splash-time=0,menu=on -drive file=/Users/joel.johnson/.lima/colima/basedisk,media=cdrom,readonly=on -drive file=/Users/joel.johnson/.lima/colima/diffdisk,if=virtio,discard=on -cdrom /Users/joel.johnson/.lima/colima/cidata.iso -netdev user,id=net0,net=192.168.5.0/24,dhcpstart=192.168.5.15,hostfwd=tcp:127.0.0.1:57347-:22 -device virtio-net-pci,netdev=net0,mac=52:55:55:56:07:0a -device virtio-rng-pci -display none -vga none -device ramfb -device qemu-xhci,id=usb-bus -device usb-kbd,bus=usb-bus.0 -device usb-mouse,bus=usb-bus.0 -parallel none -chardev socket,id=char-serial,path=/Users/joel.johnson/.lima/colima/serial.sock,server=on,wait=off,logfile=/Users/joel.johnson/.lima/colima/serial.log -serial chardev:char-serial -chardev socket,id=char-qmp,path=/Users/joel.johnson/.lima/colima/qmp.sock,server=on,wait=off -qmp chardev:char-qmp -name lima-colima -pidfile /Users/joel.johnson/.lima/colima/qemu.pid]","time":"2022-10-27T09:57:17-04:00"} > {"level":"info","msg":"Waiting for the essential requirement 1 of 5: \"ssh\"","time":"2022-10-27T09:57:17-04:00"} > {"level":"debug","msg":"qemu[stderr]: time=\"2022-10-27T09:57:17-04:00\" level=fatal msg=\"dial unix /Users/joel.johnson/.colima/default/daemon/gvproxy.sock: connect: no such file or directory\"","time":"2022-10-27T09:57:17-04:00"} > {"level":"debug","msg":"executing script \"ssh\"","time":"2022-10-27T09:57:17-04:00"} > {"error":"exit status 1","level":"info","msg":"QEMU has exited","time":"2022-10-27T09:57:17-04:00"} > {"level":"debug","msg":"executing ssh for script \"ssh\": /usr/bin/ssh [ssh -F /dev/null -o IdentityFile=\"/Users/joel.johnson/.lima/_config/user\" -o IdentityFile=\"/Users/joel.johnson/.ssh/id_ed25519\" -o IdentityFile=\"/Users/joel.johnson/.ssh/id_rsa\" -o StrictHostKeyChecking=no -o UserKnownHostsFile=/dev/null -o NoHostAuthenticationForLocalhost=yes -o GSSAPIAuthentication=no -o PreferredAuthentications=publickey -o Compression=no -o BatchMode=yes -o IdentitiesOnly=yes -o Ciphers=\"^aes128-gcm@openssh.com,aes256-gcm@openssh.com\" -o User=lima -o ControlMaster=auto -o ControlPath=\"/Users/joel.johnson/.lima/colima/ssh.sock\" -o ControlPersist=5m -p 57347 127.0.0.1 -- /bin/bash]","time":"2022-10-27T09:57:17-04:00"} > {"level":"debug","msg":"stdout=\"\", stderr=\"ssh: connect to host 127.0.0.1 port 57347: Connection refused\\r\\n\", err=failed to execute script \"ssh\": stdout=\"\", stderr=\"ssh: connect to host 127.0.0.1 port 57347: Connection refused\\r\\n\": exit status 255","time":"2022-10-27T09:57:17-04:00"} > ``` > > > ### Second start: > ``` > INFO[0000] starting colima > INFO[0000] runtime: docker > INFO[0000] preparing network ... context=vm > WARN[0015] error starting network: error at 'preparing network': error running [/opt/homebrew/bin/colima daemon status default], output: "time=\"2022-10-27T10:01:35-04:00\" level=fatal msg=\"pid file not found: stat /Users/joel.johnson/.colima/default/daemon/daemon.pid: no such file or directory\"", err: "exit status 1" context=vm > WARN[0015] error setting up routable IP address: vmnet ptp socket file not found: stat /Users/joel.johnson/.colima/default/daemon/vmnet.ptp: no such file or directory > INFO[0015] starting ... context=vm > > Using the existing instance "colima" > > [hostagent] Starting QEMU (hint: to watch the boot progress, see "/Users/joel.johnson/.lima/colima/serial.log") > > SSH Local Port: 57370 > > [hostagent] QEMU has exited > > exiting, status={Running:false Degraded:false Exiting:true Errors:[] SSHLocalPort:0} (hint: see "/Users/joel.johnson/.lima/colima/ha.stderr.log") > FATA[0017] error starting vm: error at 'starting': exit status 1 > ``` > > which is obviously due to the colima.yaml being updated with the `--network-address` flag. I disabled my firewall, now the output is the following: > **Full output** > > ``` > $ trellis vm start > Running command => limactl start example > INFO[0000] Using the existing instance "example" > INFO[0000] Starting the instance "example" with VM driver "vz" > INFO[0000] [hostagent] hostagent socket created at /Users/user/.lima/example/ha.sock > INFO[0000] [hostagent] Starting VZ (hint: to watch the boot progress, see "/Users/user/.lima/example/serial*.log") > INFO[0000] [hostagent] new connection from to > INFO[0000] SSH Local Port: 52514 > INFO[0000] [hostagent] Waiting for the essential requirement 1 of 2: "ssh" > INFO[0000] [hostagent] [VZ] - vm state change: running > INFO[0010] [hostagent] Waiting for the essential requirement 1 of 2: "ssh" > INFO[0010] [hostagent] The essential requirement 1 of 2 is satisfied > INFO[0010] [hostagent] Waiting for the essential requirement 2 of 2: "user session is ready for ssh" > INFO[0010] [hostagent] The essential requirement 2 of 2 is satisfied > INFO[0010] [hostagent] Waiting for the guest agent to be running > INFO[0010] [hostagent] Guest agent is running > INFO[0010] [hostagent] Waiting for the final requirement 1 of 1: "boot scripts must have finished" > INFO[0010] [hostagent] Forwarding TCP from 127.0.0.1:3306 to 127.0.0.1:3306 > INFO[0010] [hostagent] The final requirement 1 of 1 is satisfied > INFO[0010] [hostagent] Forwarding TCP from 0.0.0.0:80 to 127.0.0.1:80 > INFO[0010] READY. Run `limactl shell example` to open the shell. > > Updating /etc/hosts file (sudo may be required, see `trellis vm sudoers` for more details) > > Your Trellis VM is ready to use! > > * Composer and WP-CLI commands need to be run on the virtual machine for any post-provision modifications. > * You can SSH into the machine with 'trellis vm shell' > * Then navigate to your WordPress sites at '/srv/www' > ``` The `/etc/hosts` file was updated automatically: ``` ## trellis-start-example 192.168.106.2 example.test www.example.test ## trellis-end-example ``` Note the different IP address. `127.0.0.1` was working for me, at least sometimes :smiley: I deleted my manual entry. --- ## Post 7 by @luke — 2024-07-30T10:36:31Z To make the VM start correctly while having the macOS firewall enabled, this worked for me: ``` /usr/libexec/ApplicationFirewall/socketfilterfw --add /usr/libexec/bootpd /usr/libexec/ApplicationFirewall/socketfilterfw --unblock /usr/libexec/bootpd ``` Source: [GitHub - lima-vm/socket\_vmnet: vmnet.framework support for unmodified rootless QEMU (no dependency on VDE)](https://github.com/lima-vm/socket_vmnet?tab=readme-ov-file#ip-address-is-not-assigned) --- ## Post 8 by @luke — 2024-11-28T17:39:09Z I need to do this once after every reboot (before starting the vm). Do other people have the same problem? I am still on Sonoma, will rereport after updating. --- ## Post 9 by @ben — 2024-11-29T16:50:02Z I used to have this issue with Lima pretty consistently, but it seems to have been a lot more stable as of this summer FWIW I was also on Sonoma until fairly recently --- ## Post 10 by @luke — 2025-03-04T18:11:46Z Finally updated to Sonoma a while ago, the issue seems to be resolved now :slight_smile: