[WSL2/Ubuntu] SSH Handshake Failure After Host Reboot Forcing Destructive Onboarding

[duypd1309]

Description

After a host machine reboot, the NemoClaw/OpenShell environment fails to reconnect to existing sandboxes. The system encounters an SSH connection: handshake verification failed error. Currently, the only workaround to regain access is a full onboard process, which destroys the existing sandbox and wipes all agent data, memory, and configurations.

Actual Behavior

The SSH handshake fails persistently after reboot. The nemoclaw onboard command fails at step [6/7] Setting up OpenClaw unless the existing sandbox is destroyed. Re-onboarding recreates the sandbox, causing a total loss of previous agent state.

Expected Behavior

NemoClaw should implement a mechanism to refresh or re-sync SSH/TLS credentials after a host reboot without requiring the destruction of the existing sandbox environment.

Reproduction Steps

1. Successfully run nemoclaw onboard and verify the agent is running.
2. Generate workspace data (create files, logs, or agent memory).
3. Reboot the host machine.
4. Restart the Docker containers (if not auto-started).
5. Verify sandbox status: openshell sandbox list shows the sandbox is in Ready phase.
6. Attempt to connect: nemoclaw <name> connect.
   • Result: Command returns nothing.
7. Check logs: nemoclaw <name> logs.
   • Result: Repeated handshake verification failed warnings.

Environment

• OS: Windows 11 + WSL2 (Ubuntu 22.04)
• Node.js: v22.22.1
• Docker: Docker Desktop v4.66.1 / Docker Engine v29.3.1
• NemoClaw: v0.1.0

Debug Output

## Supporting Logs (`nemoclaw <name> logs`) or (`nemoclaw debug --quick`)

[gateway] [INFO ] SSH tunnel: connecting to sandbox
[gateway] [INFO ] SSH tunnel: TCP connected to sandbox
[gateway] [INFO ] SSH tunnel: sending NSSH1 handshake preface
[gateway] [INFO ] SSH tunnel: waiting for handshake response
[gateway] [INFO ] SSH tunnel: handshake response received
[sandbox] [INFO ] SSH connection: reading handshake preface peer=10.42.0.33
[sandbox] [INFO ] SSH connection: preface received, verifying peer=10.42.0.33 preface_len=155
[sandbox] [WARN ] SSH connection: handshake verification failed peer=10.42.0.33

Checklist

• I confirmed this bug is reproducible
• I searched existing issues and this is not a duplicate

[rinfimate]

I have noticed the same issue too. Happens with only a restart of the gateway container.

Success: [INFO ] [openshell_sandbox::ssh] SSH handshake accepted peer=10.42.0.8:60434
Failure: [WARN ] [openshell_sandbox::ssh] SSH connection: handshake verification failed peer=10.42.0.17:33126.
IP and port are changed

[wscurran]

✨ Thanks for submitting this issue with a detailed description, it identifies a bug with SSH handshake failure after a host machine reboot on WSL2/Ubuntu, which could be related to the OpenShell integration or platform configuration.

[jieunl24]

This looks to be a duplicate of #486 which has been resolved via #1587. Please re-open the issue if the problem persists. Thanks!