[Date Prev] [Date Index] [Date Next] [Thread Prev] [Thread Index] [Thread Next]

Re: conserver and ssh

Robert Berger robert.karl.berger@gmail.com
Fri, 4 Jan 2013 12:18:01 GMT 

Hi Anton,

On 01/04/2013 12:53 PM, Anton Lundin wrote:
> On 04 January, 2013 - Robert Berger wrote:
> 
> <snip/>
> 
> The ssh exec'ed there won't have a local pty, so by default it won't
> allocate a remote pty. What you need is to add -tt to ssh to force it to
> allocate a remote pty. Also usefull for this type of debugging is to add
> some -v's to ssh-cmdline to see whats its actualy doing.

As you suggested I did the following:

console ssh {
master 192.168.2.132;
rw *;
type exec;
exec ssh -vvv -tt 192.168.2.160;
}

now ssh.log shows:

[-- Console up -- Fri Jan  4 14:09:16 2013]
OpenSSH_5.9p1 Debian-5ubuntu1, OpenSSL 1.0.1 14 Mar 2012
debug1: Reading configuration data /etc/ssh/ssh_config
debug1: /etc/ssh/ssh_config line 19: Applying options for *
debug2: ssh_connect: needpriv 0
debug1: Connecting to 192.168.2.160 [192.168.2.160] port 22.
debug1: Connection established.
debug1: SELinux support disabled
Could not create directory '/etc/conserver/.ssh'.
debug1: identity file /etc/conserver/.ssh/id_rsa type -1
debug1: identity file /etc/conserver/.ssh/id_rsa-cert type -1
debug1: identity file /etc/conserver/.ssh/id_dsa type -1
debug1: identity file /etc/conserver/.ssh/id_dsa-cert type -1
debug1: identity file /etc/conserver/.ssh/id_ecdsa type -1
debug1: identity file /etc/conserver/.ssh/id_ecdsa-cert type -1
debug1: Remote protocol version 2.0, remote software version
OpenSSH_5.9p1 Debian-5ubuntu1
debug1: match: OpenSSH_5.9p1 Debian-5ubuntu1 pat OpenSSH*
debug1: Enabling compatibility mode for protocol 2.0
debug1: Local version string SSH-2.0-OpenSSH_5.9p1 Debian-5ubuntu1
debug2: fd 3 setting O_NONBLOCK
debug1: SSH2_MSG_KEXINIT sent
debug1: SSH2_MSG_KEXINIT received
debug2: kex_parse_kexinit:
ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman
-group14-sha1,diffie-hellman-group1-sha1
debug2: kex_parse_kexinit:
ecdsa-sha2-nistp256-cert-v01@openssh.com,ecdsa-sha2-nistp384-cert-v01@openssh.com,ecdsa-sha2-nistp521-cert-v01@openssh.com,ssh-rsa-cert-v01@ope
nssh.com,ssh-dss-cert-v01@openssh.com,ssh-rsa-cert-v00@openssh.com,ssh-dss-cert-v00@openssh.com,ecdsa-sha2-nistp256,ecdsa-sha2-nistp384,ecdsa-sha2-nistp521,ssh-rsa,ssh-ds
s
debug2: kex_parse_kexinit:
aes128-ctr,aes192-ctr,aes256-ctr,arcfour256,arcfour128,aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,aes192-cbc,aes256-cbc,arcfour,rijndael-cbc@
lysator.liu.se
debug2: kex_parse_kexinit:
aes128-ctr,aes192-ctr,aes256-ctr,arcfour256,arcfour128,aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,aes192-cbc,aes256-cbc,arcfour,rijndael-cbc@
lysator.liu.se
debug2: kex_parse_kexinit:
hmac-md5,hmac-sha1,umac-64@openssh.com,hmac-sha2-256,hmac-sha2-256-96,hmac-sha2-512,hmac-sha2-512-96,hmac-ripemd160,hmac-ripemd160@openssh.com,
hmac-sha1-96,hmac-md5-96
debug2: kex_parse_kexinit:
hmac-md5,hmac-sha1,umac-64@openssh.com,hmac-sha2-256,hmac-sha2-256-96,hmac-sha2-512,hmac-sha2-512-96,hmac-ripemd160,hmac-ripemd160@openssh.com,
hmac-sha1-96,hmac-md5-96
debug2: kex_parse_kexinit: none,zlib@openssh.com,zlib
debug2: kex_parse_kexinit: none,zlib@openssh.com,zlib
debug2: kex_parse_kexinit:
debug2: kex_parse_kexinit:
debug2: kex_parse_kexinit: first_kex_follows 0
debug2: kex_parse_kexinit: reserved 0
debug2: kex_parse_kexinit:
ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman
-group14-sha1,diffie-hellman-group1-sha1
debug2: kex_parse_kexinit: ssh-rsa,ssh-dss,ecdsa-sha2-nistp256
debug2: kex_parse_kexinit:
aes128-ctr,aes192-ctr,aes256-ctr,arcfour256,arcfour128,aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,aes192-cbc,aes256-cbc,arcfour,rijndael-cbc@
lysator.liu.se
debug2: kex_parse_kexinit:
aes128-ctr,aes192-ctr,aes256-ctr,arcfour256,arcfour128,aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,aes192-cbc,aes256-cbc,arcfour,rijndael-cbc@lysator.liu.se
debug2: kex_parse_kexinit:
hmac-md5,hmac-sha1,umac-64@openssh.com,hmac-sha2-256,hmac-sha2-256-96,hmac-sha2-512,hmac-sha2-512-96,hmac-ripemd160,hmac-ripemd160@openssh.com,hmac-sha1-96,hmac-md5-96
debug2: kex_parse_kexinit:
hmac-md5,hmac-sha1,umac-64@openssh.com,hmac-sha2-256,hmac-sha2-256-96,hmac-sha2-512,hmac-sha2-512-96,hmac-ripemd160,hmac-ripemd160@openssh.com,hmac-sha1-96,hmac-md5-96
debug2: kex_parse_kexinit: none,zlib@openssh.com,zlib
debug2: kex_parse_kexinit: none,zlib@openssh.com,zlib
debug2: kex_parse_kexinit:
debug2: kex_parse_kexinit:
debug2: kex_parse_kexinit: first_kex_follows 0
debug2: kex_parse_kexinit: reserved 0
debug2: kex_parse_kexinit:
ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1
debug2: kex_parse_kexinit: ssh-rsa,ssh-dss,ecdsa-sha2-nistp256
debug2: kex_parse_kexinit:
aes128-ctr,aes192-ctr,aes256-ctr,arcfour256,arcfour128,aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,aes192-cbc,aes256-cbc,arcfour,rijndael-cbc@lysator.liu.se
debug2: kex_parse_kexinit:
aes128-ctr,aes192-ctr,aes256-ctr,arcfour256,arcfour128,aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,aes192-cbc,aes256-cbc,arcfour,rijndael-cbc@lysator.liu.se
debug2: kex_parse_kexinit:
hmac-md5,hmac-sha1,umac-64@openssh.com,hmac-sha2-256,hmac-sha2-256-96,hmac-sha2-512,hmac-sha2-512-96,hmac-ripemd160,hmac-ripemd160@openssh.com,hmac-sha1-96,hmac-md5-96
debug2: kex_parse_kexinit:
hmac-md5,hmac-sha1,umac-64@openssh.com,hmac-sha2-256,hmac-sha2-256-96,hmac-sha2-512,hmac-sha2-512-96,hmac-ripemd160,hmac-ripemd160@openssh.com,hmac-sha1-96,hmac-md5-96
debug2: kex_parse_kexinit: none,zlib@openssh.com
debug2: kex_parse_kexinit: none,zlib@openssh.com
debug2: kex_parse_kexinit:
debug2: kex_parse_kexinit:
debug2: kex_parse_kexinit: first_kex_follows 0
debug2: kex_parse_kexinit: reserved 0
debug2: mac_setup: found hmac-md5
debug1: kex: server->client aes128-ctr hmac-md5 none
debug2: mac_setup: found hmac-md5
debug1: kex: client->server aes128-ctr hmac-md5 none
debug1: sending SSH2_MSG_KEX_ECDH_INIT
debug1: expecting SSH2_MSG_KEX_ECDH_REPLY
debug1: Server host key: ECDSA
a1:64:63:58:4c:a1:71:f9:86:ec:f7:be:f0:06:57:62
The authenticity of host '192.168.2.160 (192.168.2.160)' can't be
established.
ECDSA key fingerprint is a1:64:63:58:4c:a1:71:f9:86:ec:f7:be:f0:06:57:62.
Are you sure you want to continue connecting (yes/no)?

and I still get:

student@vlab2-gateone:/etc/conserver$ console -D -p 3109 ssh
console: DEBUG: [cutil.c:2263] ProbeInterfaces(): ifc_len==64 max_count==2
console: DEBUG: [cutil.c:2318] ProbeInterfaces(): name=lo addr=127.0.0.1
console: DEBUG: [cutil.c:2318] ProbeInterfaces(): name=eth0
addr=192.168.2.132
console: DEBUG: [cutil.c:355] AllocString(): 0x97720d8 created string #3
console: DEBUG: [cutil.c:355] AllocString(): 0x9772178 created string #4
console: DEBUG: [cutil.c:355] AllocString(): 0x97721c0 created string #5
console: DEBUG: [console.c:2477] cmds[1] = call
console: DEBUG: [console.c:2477] cmds[0] = attach
console: DEBUG: [console.c:611] GetPort: hostname=console (console),
ip=192.168.2.132, port=3109
console: DEBUG: [cutil.c:355] AllocString(): 0x9772818 created string #6
console: DEBUG: [cutil.c:355] AllocString(): 0x9772750 created string #7
console: DEBUG: [cutil.c:355] AllocString(): 0x9772768 created string #8
console: DEBUG: [cutil.c:355] AllocString(): 0x9772780 created string #9
console: DEBUG: [console.c:769] ReadReply: `ok^M^J'
console: DEBUG: [cutil.c:355] AllocString(): 0x9772fe8 created string #10
console: DEBUG: [cutil.c:355] AllocString(): 0x9773000 created string #11
console: DEBUG: [cutil.c:355] AllocString(): 0x9773060 created string #12
console: DEBUG: [console.c:769] ReadReply: `encryption required^M^J'
console: DEBUG: [cutil.c:329] DestroyString(): 0x9772818 string
destroyed (count==11)
console: encryption required
console: DEBUG: [cutil.c:329] DestroyString(): 0x97721c0 string
destroyed (count==10)
console: DEBUG: [cutil.c:329] DestroyString(): 0x9773060 string
destroyed (count==9)
console: DEBUG: [cutil.c:329] DestroyString(): 0x9773000 string
destroyed (count==8)
console: DEBUG: [cutil.c:329] DestroyString(): 0x9772fe8 string
destroyed (count==7)
console: DEBUG: [cutil.c:329] DestroyString(): 0x9772780 string
destroyed (count==6)
console: DEBUG: [cutil.c:329] DestroyString(): 0x9772768 string
destroyed (count==5)
console: DEBUG: [cutil.c:329] DestroyString(): 0x9772750 string
destroyed (count==4)
console: DEBUG: [cutil.c:329] DestroyString(): 0x9772178 string
destroyed (count==3)
console: DEBUG: [cutil.c:329] DestroyString(): 0x97720d8 string
destroyed (count==2)
console: DEBUG: [cutil.c:329] DestroyString(): 0x9772020 string
destroyed (count==1)
console: DEBUG: [cutil.c:329] DestroyString(): 0x9772008 string
destroyed (count==0)
student@vlab2-gateone:/etc/conserver$

Maybe the client needs to be rebuilt with crypto support?

student@vlab2-gateone:/etc/conserver$ ldd /usr/local/bin/console
        linux-gate.so.1 =>  (0x00902000)
        libc.so.6 => /lib/i386-linux-gnu/libc.so.6 (0x00e34000)
        /lib/ld-linux.so.2 (0x00a63000)

E         ignored - encryption not compiled into code

Can I get away without encryption support?

> 
> //Anton
> 

Regards,

Robert