Template podman/fedora is no longer able to SSH

[babariviere]

Description

When creating a VM with podman template using lima version v2.0.1, the process is stuck in the SSH process:

limactl start --name=default --cpus=8 --disk=200 --memory=16 --vm-type=vz --rosetta --mount-type=virtiofs --mount-writable --network=vzNAT template:podman --progress
? Creating an instance "default" Open an editor to review or modify the current configuration
INFO[0038] Starting the instance "default" with internal VM driver "vz"
INFO[0038] Attempting to download the image              arch=aarch64 digest="sha256:66031aea9ec61e6d0d5bba12b9454e80ca94e8a79c913d37ded4c60311705b8b" location="https://dl.fedoraproject.org/pub/fedora/linux/releases/43/Cloud/aarch64/images/Fedora-Cloud-Base-Generic-43-1.6.aarch64.qcow2"
INFO[0038] Using cache "/Users/babariviere/Library/Caches/lima/download/by-url-sha256/53f5b9386607497bb49149938c516958a3d0c8b7eae7a8b9bbba866a068788e3/data"
INFO[0039] [hostagent] hostagent socket created at /Users/babariviere/.lima/default/ha.sock
INFO[0039] [hostagent] Starting VZ (hint: to watch the boot progress, see "/Users/babariviere/.lima/default/serial*.log")
INFO[0039] [hostagent] Setting up Rosetta share
INFO[0039] [hostagent] [VZ] - vm state change: running
INFO[0046] [hostagent] Started vsock forwarder: 127.0.0.1:59344 -> vsock:22 on VM
INFO[0046] [hostagent] Detected SSH server is listening on the vsock port; changed 127.0.0.1:59344 to proxy for the vsock port
INFO[0047] SSH Local Port: 59344
INFO[0046] [hostagent] Waiting for the essential requirement 1 of 3: "ssh"
INFO[0056] [hostagent] Waiting for the essential requirement 1 of 3: "ssh"
INFO[0066] [hostagent] Waiting for the essential requirement 1 of 3: "ssh"
INFO[0077] [hostagent] Waiting for the essential requirement 1 of 3: "ssh"
INFO[0087] [hostagent] Waiting for the essential requirement 1 of 3: "ssh"

Looking at the debug output, we have this:

{"level":"debug","msg":"executing script \"ssh\"","time":"2025-11-12T11:12:13+01:00"}
{"level":"debug","msg":"executing ssh for script \"ssh\": /usr/bin/ssh [ssh -o ControlMaster=no -o ControlPath=none -o ControlPersist=no -F /dev/null -o IdentityFile=\"/Users/babariviere/.lima/_config/user\" -o StrictHostKeyChecking=no -o UserKnownHostsFile=/dev/null -o NoHostAuthenticationForLocalhost=yes -o PreferredAuthentications=publickey -o Compression=no -o BatchMode=yes -o IdentitiesOnly=yes -o GSSAPIAuthentication=no -o Ciphers=\"^aes128-gcm@openssh.com,aes256-gcm@openssh.com\" -o User=babariviere -p 59344 127.0.0.1 -- /bin/bash -c \"$(printf 'param_env=\"$(sudo cat /mnt/lima-cidata/param.env)\"; while read -r line; do [ -n \"$line\" ] \u0026\u0026 export \"$line\"; done\u003c\u003cEOF\\n${param_env}\\nEOF\\n/bin/bash')\"]","time":"2025-11-12T11:12:13+01:00"}
{"level":"debug","msg":"stdout=\"\", stderr=\"Connection closed by 127.0.0.1 port 59344\\r\\n\", err=failed to execute script \"ssh\": stdout=\"\", stderr=\"Connection closed by 127.0.0.1 port 59344\\r\\n\": exit status 255","time":"2025-11-12T11:12:13+01:00"}

Default template is working well, so I guess this is an issue with fedora cloud image 🤔
Also replacing the image with centos-stream works well with podman.

[unsuman]

Default template is working well, so I guess this is an issue with fedora cloud image 🤔

Yes it seems that's the case, you can use Fedora-42 as a workaround

[norio-nomura]

Fedora seems to refuse to connect to SSH over VSOCK.
Please try using LIMA_SSH_OVER_VSOCK=false limactl start ...

[norio-nomura]

opened #4337

[afbjorklund]

This issue seems specific to the vz driver, didn't see any issues with the qemu driver.