@8:37 as was said in the comments of the VM video: "Craftsman Shops Woodworking: Hi Jay great tutorial congrats on your next season in life. Just so everyone knows they may have to run sudo dpkg-reconfigure openssh-server first in the Proxmox VNC terminal. This will rebuild the SSH keys. Thanks again keep up the good work." This was required before I could SSH into the cloned containers. Others have stated to avoid needing this command to instead run "cloud-init clean" as the last operation on the VM or CT that is to be converted into a template. By doing so, when that VM or CT is booted after being cloned, Cloud-Init will see it as a first boot and rebuild the SSH keys. It's 2022 and it doesn't look Jay has addressed this any where in comments or description.

@nashvaughan3175

Жыл бұрын

I know he puts in a lot of work for this material, but it would be nice if he came back and updated with the correction. At least pin the most accurate fix

@ourkid2000

6 ай бұрын

This stopped me dead in my tracks. Thanks for the help. It actually worked to do the cloud-init thing in the pre-template VM but didn't work for the pre-template CT.

@PrezentEnt

6 ай бұрын

Thank God for the comment section. W

@waqashanif6142

9 күн бұрын

Thanks for this special comment; it saved me a lot of time.. 🙂

The IP address conflicts associated with not clearing the machine-id file in prior template tutorials took forever to figure out.... until I found your post from a while back with the same issue. Glad you can fix the issues from within the template. Great video!

@LearnLinuxTV

2 жыл бұрын

Thank you! I'm still somewhat surprised that there's not a ton of information out there about this issue, it makes me think there's a lot of people suffering with it in silence.

Thanks! I've been watching your whole Proxmox VE course and really appreciate the content and presentation. A new server should be arriving next week for me start setting my first Proxmox instance.

Thank you for getting me into Arch linux a few years back, I've learned a lot from your channel.

Thank you, Jay; you are a great professor. I really appreciate your content.

Great course! Thank you!

This is an awesome series! Makes KZread's existence worthwhile! Appreciate all you do, Jay.

I think you have some of the best Linux videos.

Thanks Jay.

awesome stuff thx!

Thanks for the video

Thank you so much for sharing your knowledge. Quick info just in case somebody experience the same problem as i did after cloning container. ssh(d).service issue on cloned containers was solved using "ssh-keygen -A" & "systemctl restart ssh.service" in my case. Thank you very much.

@rafal9ck817

2 жыл бұрын

Nice I had same problem probably. "ssh_exchange_identification: read: Connection reset by peer" Fixed with "sudo ssh-keygen -A && sudo systemctl restart ssh.service"

@kenrock2

Жыл бұрын

@@rafal9ck817 thank you both of you...

@kriptop3019

Жыл бұрын

@@rafal9ck817 yes this tip works!

@airbeast5671

11 ай бұрын

THX a lot!

This Proxmox series is very interesting ! 😃 At the begining, before convert to template, you make "apt update etc" and clean and autoremove. This can reduce the size of the template. Why not doing a "logrotate" to compress or remove logs ? Logs are not usefull in a template, and sometime take a lot of place 🤔 Thanks

Hello! This has been a fantastic series and helped me get started on Prixmox 7. I have an Ubuntu 20.04 container running, with Home Assistant running as a docker container. An issue I've run into is passing a USB device to home assistant. I've tried to follow a couple guides on forums but so far no luck. I was thinking and hoping maybe this could be a topic for a future video. I do realize running HA in a VM is also possible and is actually what I'm doing now, however I've found I actually like HA in a container better.

@AubsUK

Жыл бұрын

The following is what I have set up from multiple different sources. I'm using a Raspberry Pi 4 with PiMox7. I am creating an Octoprint container which has the serial USB device passed through. Before starting, make sure to reboot the host which should put the USB device on its default port. On the host -------------------- i. This is the default connection for the USB device root@pve03:~# lsusb Bus 001 Device 003: ID 1a86:7523 QinHeng Electronics CH340 serial converter root@pve03:~# usb-devices T: Bus=01 Lev=02 Prnt=02 Port=02 Cnt=01 Dev#= 3 Spd=12 MxCh= 0 D: Ver= 1.10 Cls=ff(vend.) Sub=00 Prot=00 MxPS= 8 #Cfgs= 1 P: Vendor=1a86 ProdID=7523 Rev=02.64 S: Product=USB Serial C: #Ifs= 1 Cfg#= 1 Atr=80 MxPwr=98mA I: If#=0x0 Alt= 0 #EPs= 3 Cls=ff(vend.) Sub=01 Prot=02 Driver=ch341 root@pve03:~# ls -l /dev/bus/usb/001/003 crw-rw-r-- 1 root root 189, 2 Jun 16 17:30 /dev/bus/usb/001/003 root@pve03:~# ls -la /dev/ttyUSB0 crw-rw---- 1 root dialout 188, 0 Jun 16 17:30 /dev/ttyUSB0 -------------------- ii. Make a folder for the device in the LXC folder: mkdir /var/lib/lxc/221/devices cd /var/lib/lxc/221/devices mknod -m 660 ttyUSB0 c 188 0 chown 100000:100020 ttyUSB0 -------------------- iii. Set the LXC .conf file to use the USB: nano /etc/pve/lxc/221.conf Add in lxc.cgroup2.devices.allow: c 188:* rwm lxc.mount.entry: /dev/bus/usb/001/003 dev/bus/usb/001/003 none bind,optional,create=file lxc.mount.entry: /var/lib/lxc/221/devices/ttyUSB0 dev/ttyUSB0 none bind,optional,create=file -------------------- iv. Create a udev rule for permissions ??? nano /etc/udev/rules.d/50-usb_serial_ender3v2.rules Add in SUBSYSTEM=="tty", ATTRS{idVendor}=="1a86", ATTRS{idProduct}=="7523", MODE="0666", SYMLINK+="ender" -------------------- v. Update udev to reload the rules udevadm control --reload-rules && service udev restart && udevadm trigger -------------------- vi. Boot the Pi, log in as user. -------------------- vii. Check we can see the USB device user@octoprint:~$ sudo ls -al /dev/bus/usb/001/003 crw-rw-r-- 1 nobody nogroup 189, 2 Jun 16 17:08 /dev/bus/usb/001/003 -------------------- viii. Install USB Utils sudo apt install usbutils -y -------------------- ix. Check we can see the USB device user@octoprint:~$ sudo lsusb Bus 001 Device 003: ID 1a86:7523 QinHeng Electronics CH340 serial converter -------------------- x. Check we can see the tty device user@octoprint:~$ sudo ls -la /dev/tty* crw-rw---- 1 root dialout 188, 0 Jun 16 17:07 /dev/ttyUSB0

Thanks!

An idea to make the host keys auto generate on the container boot would be something like this: 1. Create a bash script that checks of the host keys exist. If they don't exist, get them generated via the dpkg-reconfigure of openssh-server 2. Create a systemd service that runs the script when the multi-user target is reached. 3. Convert the container into a template. Success.

@LearnLinuxTV

2 жыл бұрын

Yes, that would work. To make it even easier, you could download the systemd unit that Raspberry Pi OS uses. It does basically the same things you mentioned, but all inside the systemd unit file. I'll probably make a separate video about that. Great suggestion.

@ninja2807

2 жыл бұрын

@@LearnLinuxTV Have you done the video?

@robertwoodruff8491

2 жыл бұрын

I feel stupid. If he removed the keys before he created the template, why did he have to remove and recreate them after creating the container from the template? Wouldn't he just have to create them at that point also how was he able to ssh to the containers if they were removed before creating the template? What am I missing?

@perkyzombie

Жыл бұрын

@@robertwoodruff8491 I do believe that was an editing issue. You are not missing anything.

@PhilVerghese

Жыл бұрын

Replying here to give visibility to this comment below that has a great solution to use cron @reboot to accomplish this kzread.info/dash/bejne/fGZt0dCrgtSrj6w.html&lc=UgximaADj1IySi-S8Vp4AaABAg

if you getting "kex_exchange_identification: read: Connection reset", try "sudo dpkg-reconfigure openssh-server" in server console.

@ourkid2000

6 ай бұрын

This worked for me, thx

Thank you for you course..it's great.. just to let you know that with proxmox version 8 it is not necessary to truncate the machine-id as you describe.I have give it a try and each CT i have create from the CT template has obtain a unique machine id automatically.

How come that you had to remove the SSH host keys right after starting the container? You deleted them in the template, right?

@FoX84tac022

2 жыл бұрын

Right? I thought that was the whole point of deleting them. Sooo, I tested it. After purging from the to-be template, there were NO keys (aside from the custom one I made) in the clone of said template. So, keys do carry over, but new ones are not created. I have no idea why his clone has 'ssh_host_' keys, unless he has already ran the 'dpkg-reconfigure' command in testing or something.

@dbishop9085

Жыл бұрын

@@FoX84tac022 there was a mistake made in there that has not been addressed i also believe

@gg-gn3re

9 ай бұрын

@@FoX84tac022 he probably made the other content first then realized he should have deleted the keys before the template and videoed that after the fact

Why do we have to delete and recreate the ssh keys again? Shouldn't new containers auto create their own ssh keys? This was a pretty confusing video compared to your previous content.

@MichaelAlderete

11 ай бұрын

Agree that it’s not clear where the host keys came from for the two containers created from the template, where you _also_ deleted the host keys.

@gg-gn3re

9 ай бұрын

@@MichaelAlderete yea it's some editing issue. some other comments were talking about it too. When you create the new containers there will simply be no keys in there.

For me Like in PROXMOX VM tutorial (video NR6 in series) SSH keys are not automatically generated in new cloned and started instances (all fine when manually starting new container or VM for template creation). I am not the only one with such template behavior, but like minority based on Video NR 6 comments. Repeated identical steps while creating template like Jay, Even container names are identical. Have to re-generate SSH keys for the first time in order to connect to cloned containers or VMs via SSH.

@weirbm

2 жыл бұрын

Hi there, I'm not 100% on Containers, but I too ran into a similar issue with my VM template, clones, and SSH Host keys being regenerated. I was able to solve the issue completely by running "sudo cloud-init clean" on my yet-to-become- template VM just prior to powering it off. Hope this helps!

lol damn got half way through the course to realize it isnt finished lmao hope its done soon was finding this really useful

@snekbaev

2 жыл бұрын

same, binge watched as I needed the info RN without checking if full course was out... :)

You removed the SSH host keys from the template, so when starting up each new cloned container wouldn't the startup process generate new host keys when the ssh daemon is first started? UPDATE: I just went into my laptops /etc/ssh directory, rm ssh_host_*, ls -l (no host keys), systemctl restart sshd and all the host key files were automatically recreated without needing to dpkg-reconfigure sshd.

@dereksapergia

2 жыл бұрын

I deleted the ssh_host files in a container and then created a container template. When I created a container from the template, host keys were not automatically created on startup. I had to run the dpkg-reconfigure openssh-server command to generate them then. Machine ID was generated however

@jameswhite1910

2 жыл бұрын

I wonder if different OS handle this automatically? Because yes, in the video, Jay first deleted ssh_host_* on the original, and then had to do it again on the fresh clones - so where did those keys come from?

Would you delete Root keys as well, or just non-root keys? Like leaving accounts for Ansible user...just because.

When I run sudo dpkg-reconfigure openssh-server, I get "rescue-ssh.target is a disabled or a static unit, not starting it." Can I use, "sudo ssh-keygen -A" instead?

How do the containers store state. I have run k8s server and shutting one down clears any installs and configurations. Does pro mix do something different?

When creating a clone from the template I was able to create 1 clone out of the template, when I go to create the second it gives me an error stating "missing 'rootfs' configuration. Please advise thank you.

Try to connect via ssh was giving "connection reset error kex_exchange_identification: read: Connection reset by peer Connection reset by x.x.x.x port 22", running dpkg-reconfigure openssh-server from the container then retying to ssh worked.

@RocketBoom1966

Жыл бұрын

I had to do this too. I guess something changed in later versions of Proxmox.

@josephjoestar4318

8 ай бұрын

My hero.

so followed step-by-step but when cloning the template the ssh_host_* files are all gone as well as being denied the ability to ssh or even restart the ssh service. Running dpkg-reconfigure openssh-server states it failed to become active

packer is a good solution for automate it

Why did you reset the host keys a second time, after the new clones were started?

Does it make any sense to make templates! There are only 2 to 3 clicks creating new VM and containers. Plus we have to remember resources allocated to the template.

6:15 how come and you didnt check here for the symbolic link points to the machine id as in the VM guide

This seems so backwards compared to docker where you have a file where you specify the commands to run to create the template making it reproducible and documented. With this i have to type out commands manually everytime i want it to be based on a newer base template? So if i forget what commands i ran to create it I'm skewed.

@LearnLinuxTV

Жыл бұрын

Thankfully, you can absolutely run docker containers in Proxmox, but I agree - there’s pros and cons to each.

And how does one go about creating a template like the ones available directly on proxmox? There is no need to do all that cleanup, removing keys and machine-id. Each time you spin a new container using one of those templates there is no need for any of that, what is the difference between those two types of templates?

Can we have a pve video on snippets please. Thank you

Solution to SSH Problem: if you follow everything in the video and your container is not reachable per ssh just go into the containers shell and paste "dpkg-reconfigure openssh-server".

I remove the ssh before I clone then install ssh on the clone

401/1231 sudo apt clean did not work for me

Do Proxmox and Docker do essentially the same thing regarding containers?

@pubdigitalix

2 жыл бұрын

No. Proxmox uses LXC containers and not Docker containers. They are very different. In fact if you need to use Docker or Kubernetes in Proxmox it's a good idea installing them inside a full VM and not inside of an LXC container. As Jay said an LXC container is more like a VM but not really a VM. You can think an LXC container like a light VM. Docker containers are more light than LXC because then don't save the state unless you specify it in an yaml file or in the console at launch. Sorry for my terrible writing skills. I hope you can understood me.

@Petoj87

Жыл бұрын

Docker has a few advantages one of them being that it's self documented, if you have the docker file you can easily recreate the image (template in lxc) where as with proxmox I guess you have to write down the commands on your own (not sure if I'm right as I'm new to lxc)

Am getting this when I run what I've cloned: kex_exchange_identification: read: Connection reset

@dulcisfate6060

2 жыл бұрын

sudo ssh-keygen -A && sudo systemctl restart ssh.service

i created a bootup shell script that checked for the existance of said host keys and if it didn't find them it would regenerate them.

@concep86

2 жыл бұрын

can you share the script. TIA

@cgarafulic

Жыл бұрын

@@concep86 #!/bin/bash # Check for existing host keys if [ -f /etc/ssh/ssh_host_rsa_key ]; then echo "Host RSA key exists" else echo "Generating new RSA host key..." ssh-keygen -f /etc/ssh/ssh_host_rsa_key -N "" -t rsa fi if [ -f /etc/ssh/ssh_host_dsa_key ]; then echo "Host DSA key exists" else echo "Generating new DSA host key..." ssh-keygen -f /etc/ssh/ssh_host_dsa_key -N "" -t dsa fi if [ -f /etc/ssh/ssh_host_ecdsa_key ]; then echo "Host ECDSA key exists" else echo "Generating new ECDSA host key..." ssh-keygen -f /etc/ssh/ssh_host_ecdsa_key -N "" -t ecdsa fi if [ -f /etc/ssh/ssh_host_ed25519_key ]; then echo "Host ED25519 key exists" else echo "Generating new ED25519 host key..." ssh-keygen -f /etc/ssh/ssh_host_ed25519_key -N "" -t ed25519 fi

Operation not permitted

CT taking different timezone than host ... how synch them??

@Jason.K.O

5 ай бұрын

I found this when updating the packages and it spits out a response stating timezone is incorrect and to run "sudo dpkg-reconfigure tzdata"

You kind of lost me! You deleted the ssh_host-* files and zeroed out the machine-id file in the "master" lxc, then made a template of it. When you clone that template, shouldn't that clone regenerate new and unique ssh_host_* and machine-id files when it's started? or did I miss something.

Anyone automated this with ansible and ready to share?!

I added this line to the crontab to regenerate ssh host keys: @reboot dpkg-reconfigure openssh-server && crontab -r

Cool video but into was wayyyyyy to long

Thanks!