Building macOS 12.x VMs with packer and Fusion

I have looked into tart and the packer plugin for tart. Here is what I know is missing from them currently to match what is being done on the x86_64 macOS vms.

• tart can’t handle the VMs rebooting
• tart is missing the option to boot VMs in recovery mode
• tart packer plugin is missing creation of VMs from ipsw file
• tart packer plugin boot commands not supported (need to confirm this one)

I’ll be keeping an eye on these tools and have opened an issue around supporting the creation of VMs from an ipsw source. You can use their existing macOS images from the github image repo, which appear to be hand-built so that ssh and other settings are configured. It’s an encouraging start, but it’s unclear how interested veertu who created the tool are in rounding it out with the missing parts.

–re-posted from my normal account–

Hi @trodemaster is there a way to install legacy machines? There are similar projects for legacy macOS’s such as GitHub - startergo/macos: Virtual machine templates for macOS written in legacy JSON
In general I can create the VM, but ssh auto login does not work and automatic upgrades.
The error:

Attempting SSH connection to 192.168.45.129:22...
2024/05/20 11:46:25 packer-plugin-vmware_v1.0.11_x5.0_darwin_amd64 plugin: 2024/05/20 11:46:25 [DEBUG] reconnecting to TCP connection for SSH
2024/05/20 11:46:25 packer-plugin-vmware_v1.0.11_x5.0_darwin_amd64 plugin: 2024/05/20 11:46:25 [DEBUG] handshaking with SSH
2024/05/20 11:46:25 packer-plugin-vmware_v1.0.11_x5.0_darwin_amd64 plugin: 2024/05/20 11:46:25 [DEBUG] SSH handshake err: ssh: handshake failed: EOF
2024/05/20 11:46:32 packer-plugin-vmware_v1.0.11_x5.0_darwin_amd64 plugin: 2024/05/20 11:46:32 [INFO] Attempting SSH connection to 192.168.45.129:22...
2024/05/20 11:46:32 packer-plugin-vmware_v1.0.11_x5.0_darwin_amd64 plugin: 2024/05/20 11:46:32 [DEBUG] reconnecting to TCP connection for SSH
2024/05/20 11:46:32 packer-plugin-vmware_v1.0.11_x5.0_darwin_amd64 plugin: 2024/05/20 11:46:32 [DEBUG] handshaking with SSH
2024/05/20 11:46:32 packer-plugin-vmware_v1.0.11_x5.0_darwin_amd64 plugin: 2024/05/20 11:46:32 [DEBUG] SSH handshake err: ssh: handshake failed: EOF
2024/05/20 11:46:39 packer-plugin-vmware_v1.0.11_x5.0_darwin_amd64 plugin: 2024/05/20 11:46:39 [INFO] Attempting SSH connection to 192.168.45.129:22.

But I can ssh externally via:

ssh vagrant@192.168.45.129
Unable to negotiate with 192.168.45.129 port 22: no matching host key type found. Their offer: ssh-rsa,ssh-dss

ssh -oHostKeyAlgorithms=+ssh-rsa vagrant@192.168.45.129
The authenticity of host '192.168.45.129 (192.168.45.129)' can't be established.
RSA key fingerprint is SHA256:

If I understand correctly your trying to build old versions of macOS with packer here? So the ssh key algorithms packer uses are part of the go libraray and I don’t know any way to tweak the settings like you are doing with the ssh flag on the cli. The only option I can think of is creating a custom build of packer that configures the ssh connection as you require.

Looking further. Now trying VirtualBox-iso:

ssh -vv vagrant@localhost
OpenSSH_9.6p1, LibreSSL 3.3.6
debug1: Reading configuration data /Users/mbp151/.ssh/config
debug1: Reading configuration data /etc/ssh/ssh_config
debug1: /etc/ssh/ssh_config line 21: include /etc/ssh/ssh_config.d/* matched no files
debug1: /etc/ssh/ssh_config line 54: Applying options for *
debug1: Authenticator provider $SSH_SK_PROVIDER did not resolve; disabling
debug1: Connecting to localhost port 22.
debug1: Connection established.
debug1: identity file /Users/mbp151/.ssh/id_rsa type -1
debug1: identity file /Users/mbp151/.ssh/id_rsa-cert type -1
debug1: identity file /Users/mbp151/.ssh/id_ecdsa type -1
debug1: identity file /Users/mbp151/.ssh/id_ecdsa-cert type -1
debug1: identity file /Users/mbp151/.ssh/id_ecdsa_sk type -1
debug1: identity file /Users/mbp151/.ssh/id_ecdsa_sk-cert type -1
debug1: identity file /Users/mbp151/.ssh/id_ed25519 type -1
debug1: identity file /Users/mbp151/.ssh/id_ed25519-cert type -1
debug1: identity file /Users/mbp151/.ssh/id_ed25519_sk type -1
debug1: identity file /Users/mbp151/.ssh/id_ed25519_sk-cert type -1
debug1: identity file /Users/mbp151/.ssh/id_xmss type -1
debug1: identity file /Users/mbp151/.ssh/id_xmss-cert type -1
debug1: identity file /Users/mbp151/.ssh/id_dsa type -1
debug1: identity file /Users/mbp151/.ssh/id_dsa-cert type -1
debug1: Local version string SSH-2.0-OpenSSH_9.6
debug1: Remote protocol version 2.0, remote software version OpenSSH_9.6
debug1: compat_banner: match: OpenSSH_9.6 pat OpenSSH* compat 0x04000000
debug1: Authenticating to localhost:22 as 'vagrant'
debug1: load_hostkeys: fopen /Users/mbp151/.ssh/known_hosts2: No such file or directory
debug1: load_hostkeys: fopen /etc/ssh/ssh_known_hosts: No such file or directory
debug1: load_hostkeys: fopen /etc/ssh/ssh_known_hosts2: No such file or directory
debug1: SSH2_MSG_KEXINIT sent
debug1: SSH2_MSG_KEXINIT received
debug2: local client KEXINIT proposal
debug2: KEX algorithms: sntrup761x25519-sha512@openssh.com,curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com
debug2: host key algorithms: ssh-ed25519-cert-v01@openssh.com,ecdsa-sha2-nistp256-cert-v01@openssh.com,ecdsa-sha2-nistp384-cert-v01@openssh.com,ecdsa-sha2-nistp521-cert-v01@openssh.com,sk-ssh-ed25519-cert-v01@openssh.com,sk-ecdsa-sha2-nistp256-cert-v01@openssh.com,rsa-sha2-512-cert-v01@openssh.com,rsa-sha2-256-cert-v01@openssh.com,ssh-ed25519,ecdsa-sha2-nistp256,ecdsa-sha2-nistp384,ecdsa-sha2-nistp521,sk-ssh-ed25519@openssh.com,sk-ecdsa-sha2-nistp256@openssh.com,rsa-sha2-512,rsa-sha2-256
debug2: ciphers ctos: chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com
debug2: ciphers stoc: chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com
debug2: MACs ctos: umac-64-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha1-etm@openssh.com,umac-64@openssh.com,umac-128@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1
debug2: MACs stoc: umac-64-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha1-etm@openssh.com,umac-64@openssh.com,umac-128@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1
debug2: compression ctos: none,zlib@openssh.com,zlib
debug2: compression stoc: none,zlib@openssh.com,zlib
debug2: languages ctos: 
debug2: languages stoc: 
debug2: first_kex_follows 0 
debug2: reserved 0 
debug2: peer server KEXINIT proposal
debug2: KEX algorithms: sntrup761x25519-sha512@openssh.com,curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,ext-info-s,kex-strict-s-v00@openssh.com
debug2: host key algorithms: rsa-sha2-512,rsa-sha2-256,ecdsa-sha2-nistp256,ssh-ed25519
debug2: ciphers ctos: chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com
debug2: ciphers stoc: chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com
debug2: MACs ctos: umac-64-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha1-etm@openssh.com,umac-64@openssh.com,umac-128@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1
debug2: MACs stoc: umac-64-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha1-etm@openssh.com,umac-64@openssh.com,umac-128@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1
debug2: compression ctos: none,zlib@openssh.com
debug2: compression stoc: none,zlib@openssh.com
debug2: languages ctos: 
debug2: languages stoc: 
debug2: first_kex_follows 0 
debug2: reserved 0 
debug1: kex: algorithm: sntrup761x25519-sha512@openssh.com
debug1: kex: host key algorithm: ssh-ed25519
debug1: kex: server->client cipher: chacha20-poly1305@openssh.com MAC: <implicit> compression: none
debug1: kex: client->server cipher: chacha20-poly1305@openssh.com MAC: <implicit> compression: none
debug1: expecting SSH2_MSG_KEX_ECDH_REPLY
debug1: SSH2_MSG_KEX_ECDH_REPLY received
debug1: Server host key: ssh-ed25519 SHA256:0dznFmFTv7qx4vTnwUen75seestt4A2HAI4OV919SpQ
debug1: load_hostkeys: fopen /Users/mbp151/.ssh/known_hosts2: No such file or directory
debug1: load_hostkeys: fopen /etc/ssh/ssh_known_hosts: No such file or directory
debug1: load_hostkeys: fopen /etc/ssh/ssh_known_hosts2: No such file or directory
debug1: hostkeys_find_by_key_cb: found matching key in ~/.ssh/known_hosts:9
debug1: hostkeys_find_by_key_cb: found matching key in ~/.ssh/known_hosts:12
debug1: hostkeys_find_by_key_hostfile: hostkeys file /Users/mbp151/.ssh/known_hosts2 does not exist
debug1: hostkeys_find_by_key_hostfile: hostkeys file /etc/ssh/ssh_known_hosts does not exist
debug1: hostkeys_find_by_key_hostfile: hostkeys file /etc/ssh/ssh_known_hosts2 does not exist
The authenticity of host 'localhost (::1)' can't be established.
ED25519 key fingerprint is SHA256:0dznFmFTv7qx4vTnwUen75seestt4A2HAI4OV919SpQ.
This host key is known by the following other names/addresses:
    ~/.ssh/known_hosts:9: 192.168.1.145
    ~/.ssh/known_hosts:12: 127.0.0.1
Are you sure you want to continue connecting (yes/no/[fingerprint])? 

Maybe I need to implicitly set the key and cipher?

Back to Vmware:

nmap --script ssh2-enum-algos -sV -p 22 192.168.45.129
Starting Nmap 7.95 ( https://nmap.org ) at 2024-05-20 20:00 EDT
Nmap scan report for 192.168.45.129
Host is up (0.88s latency).

PORT   STATE SERVICE VERSION
22/tcp open  ssh     OpenSSH 6.2 (protocol 2.0)
| ssh2-enum-algos: 
|   kex_algorithms: (4)
|       diffie-hellman-group-exchange-sha256
|       diffie-hellman-group-exchange-sha1
|       diffie-hellman-group14-sha1
|       diffie-hellman-group1-sha1
|   server_host_key_algorithms: (2)
|       ssh-rsa
|       ssh-dss
|   encryption_algorithms: (15)
|       aes128-ctr
|       aes192-ctr
|       aes256-ctr
|       arcfour256
|       arcfour128
|       aes128-gcm@openssh.com
|       aes256-gcm@openssh.com
|       aes128-cbc
|       3des-cbc
|       blowfish-cbc
|       cast128-cbc
|       aes192-cbc
|       aes256-cbc
|       arcfour
|       rijndael-cbc@lysator.liu.se
|   mac_algorithms: (19)
|       hmac-md5-etm@openssh.com
|       hmac-sha1-etm@openssh.com
|       umac-64-etm@openssh.com
|       umac-128-etm@openssh.com
|       hmac-sha2-256-etm@openssh.com
|       hmac-sha2-512-etm@openssh.com
|       hmac-ripemd160-etm@openssh.com
|       hmac-sha1-96-etm@openssh.com
|       hmac-md5-96-etm@openssh.com
|       hmac-md5
|       hmac-sha1
|       umac-64@openssh.com
|       umac-128@openssh.com
|       hmac-sha2-256
|       hmac-sha2-512
|       hmac-ripemd160
|       hmac-ripemd160@openssh.com
|       hmac-sha1-96
|       hmac-md5-96
|   compression_algorithms: (2)
|       none
|_      zlib@openssh.com

Service detection performed. Please report any incorrect results at https://nmap.org/submit/ .
Nmap done: 1 IP address (1 host up) scanned in 5.24 seconds