Connecting to ssh-chat with webssh
APIPLM opened this issue · comments
Here as we have a webserver within the lib paramiko/paramiko to connect the ssh-chat,but it failed in Auth process in paramiko/paramiko. we typed user name and password in web form, the Auth method have to be choiced. Not sure what kind of actions will be doing in the ssh-chat service site
One more point is that we have a piece of code demo_simple.py in paramiko/paramiko, run it with type user name and password. it works.I mean that it can connect ssh-chat server
The point is that what happened in the server ssh-chat site when the Auth method is being choiced. The log information as connecting sshd
[I 201022 16:56:20 web:2243] 200 POST / (192.168.0.104) 228.54ms
[I 201022 16:58:08 handler:446] Connecting to 192.168.0.105:22
[I 201022 16:58:08 transport:1819] Connected (version 2.0, client OpenSSH_7.4)
[I 201022 16:58:09 handler:86] Trying password authentication
[I 201022 16:58:09 transport:1819] Authentication (password) successful!
[I 201022 16:58:09 web:2243] 200 POST / (192.168.0.104) 994.67ms
[I 201022 16:58:09 web:2243] 101 GET /ws?id=140332369092224 (192.168.0.104) 1.82ms
[I 201022 16:58:09 handler:531] Connected from 192.168.0.104:55724
[I 201022 17:40:59 web:2243] 200 GET / (192.168.0.104) 4.14ms
[I 201022 17:40:59 web:2243] 304 GET /static/css/bootstrap.min.css (192.168.0.104) 6.01ms
[I 201022 17:40:59 web:2243] 304 GET /static/js/jquery.min.js (192.168.0.104) 6.82ms
[I 201022 17:40:59 web:2243] 304 GET /static/css/xterm.min.css (192.168.0.104) 6.95ms
[I 201022 17:40:59 web:2243] 304 GET /static/css/fullscreen.min.css (192.168.0.104) 7.38ms
[I 201022 17:40:59 web:2243] 304 GET /static/js/popper.min.js (192.168.0.104) 7.46ms
[I 201022 17:40:59 web:2243] 304 GET /static/js/bootstrap.min.js (192.168.0.104) 5.45ms
[I 201022 17:40:59 web:2243] 304 GET /static/js/xterm.min.js (192.168.0.104) 6.31ms
[I 201022 17:40:59 web:2243] 304 GET /static/js/xterm-addon-fit.min.js (192.168.0.104) 7.07ms
[I 201022 17:40:59 web:2243] 304 GET /static/js/main.js (192.168.0.104) 7.36ms
the log information as connecting ssh-chat
[I 201022 16:28:50 web:2243] 200 POST / (192.168.0.104) 158.50ms
Connected[I 201022 16:55:58 web:2243] 200 GET / (192.168.0.104) 6.64ms
[I 201022 16:55:58 web:2243] 200 GET /static/css/bootstrap.min.css (192.168.0.104) 33.55ms
[I 201022 16:55:58 web:2243] 200 GET /static/css/xterm.min.css (192.168.0.104) 3.90ms
[I 201022 16:55:58 web:2243] 200 GET /static/css/fullscreen.min.css (192.168.0.104) 4.58ms
[I 201022 16:55:58 web:2243] 200 GET /static/js/jquery.min.js (192.168.0.104) 11.39ms
[I 201022 16:55:58 web:2243] 200 GET /static/js/popper.min.js (192.168.0.104) 13.89ms
[I 201022 16:55:58 web:2243] 200 GET /static/js/bootstrap.min.js (192.168.0.104) 17.34ms
[I 201022 16:55:58 web:2243] 200 GET /static/js/xterm-addon-fit.min.js (192.168.0.104) 4.05ms
[I 201022 16:55:58 web:2243] 200 GET /static/js/main.js (192.168.0.104) 7.34ms
[I 201022 16:55:58 web:2243] 200 GET /static/js/xterm.min.js (192.168.0.104) 36.48ms
[I 201022 16:55:58 web:2243] 200 GET /static/img/favicon.png (192.168.0.104) 2.62ms
[I 201022 16:56:20 handler:446] Connecting to 192.168.0.105:22
[I 201022 16:56:20 transport:1819] Connected (version 2.0, client Go)
/usr/local/lib/python3.6/site-packages/paramiko-2.7.2-py3.6.egg/paramiko/client.py:837: UserWarning: Unknown ssh-ed25519 host key for 192.168.0.105: b'bde23c07f54658f2f391d95c6e84bf54'
key.get_name(), hostname, hexlify(key.get_fingerprint())
[I 201022 16:56:20 handler:86] Trying password authentication
[I 201022 16:56:20 transport:1819] Authentication (password) failed.
[E 201022 16:56:20 handler:510] Traceback (most recent call last):
Hi there, I'm having a little bit of trouble understanding the issue, please confirm if I understand it correctly:
You're trying to connect to your own ssh-chat server using a paramiko script, but it's not working--is this correct?
If so, could you please share the full command you're using to run ssh-chat and also a paramiko script to reproduce this error so that I can try it locally?
Thank you!
@shazow Yes. you are right. I was connecting the own ssh-chat server. In my side, I tried to two kind of ways to connect my own ssh-chat server. One is using the paramiko script, which is demo_simple.py in repo paramiko/paramiko/ in github demo_simple.py. in this case, there are no issue. The problem is about the second one web version webssh, As I tried it, transport of paramiko/paramiko connect to Go application.which made me confused .
One more point, as I tried to connect your public ssh-chat server ssh.chat:2022, the connect correct application Connected (version 2.0, client OpenSSH_7.4p1)
See the below log information
[I 201023 16:02:30 web:2243] 200 POST / (192.168.0.104) 1790.43ms
[I 201023 16:04:02 handler:446] Connecting to ssh.chat:2022
[I 201023 16:04:02 transport:1819] Connected (version 2.0, client OpenSSH_7.4p1)
[I 201023 16:04:02 handler:86] Trying password authentication
[E 201023 16:04:03 handler:510] Traceback (most recent call last):
File "/usr/local/lib/python3.6/site-packages/webssh-1.5.3-py3.6.egg/webssh/handler.py", line 449, in ssh_connect
ssh.connect(*args, timeout=options.timeout)
File "/usr/local/lib/python3.6/site-packages/paramiko-2.7.2-py3.6.egg/paramiko/client.py", line 446, in connect
passphrase,
File "/usr/local/lib/python3.6/site-packages/webssh-1.5.3-py3.6.egg/webssh/handler.py", line 100, in _auth
raise saved_exception
File "/usr/local/lib/python3.6/site-packages/webssh-1.5.3-py3.6.egg/webssh/handler.py", line 88, in _auth
self._transport.auth_password(username, password)
File "/usr/local/lib/python3.6/site-packages/paramiko-2.7.2-py3.6.egg/paramiko/transport.py", line 1509, in auth_password
return self.auth_handler.wait_for_response(my_event)
File "/usr/local/lib/python3.6/site-packages/paramiko-2.7.2-py3.6.egg/paramiko/auth_handler.py", line 250, in wait_for_response
raise e
paramiko.ssh_exception.BadAuthenticationType: Bad authentication type; allowed types: ['publickey']
During handling of the above exception, another exception occurred:
Traceback (most recent call last):
File "/usr/local/lib/python3.6/site-packages/webssh-1.5.3-py3.6.egg/webssh/handler.py", line 508, in post
worker = yield future
File "/usr/local/lib/python3.6/site-packages/tornado-6.1b1-py3.6-linux-x86_64.egg/tornado/gen.py", line 747, in run
value = future.result()
File "/usr/lib64/python3.6/concurrent/futures/_base.py", line 425, in result
return self.__get_result()
File "/usr/lib64/python3.6/concurrent/futures/_base.py", line 384, in __get_result
raise self._exception
File "/usr/lib64/python3.6/concurrent/futures/thread.py", line 56, in run
result = self.fn(*self.args, **self.kwargs)
File "/usr/local/lib/python3.6/site-packages/webssh-1.5.3-py3.6.egg/webssh/handler.py", line 453, in ssh_connect
raise ValueError('Bad authentication type.')
ValueError: Bad authentication type.
Connecting my own ssh-chat
[I 201023 16:04:03 web:2243] 200 POST / (192.168.0.104) 1657.74ms
[I 201023 16:05:19 handler:446] Connecting to 192.168.0.105:2022
[I 201023 16:05:19 transport:1819] Connected (version 2.0, client Go)
[I 201023 16:05:19 handler:86] Trying password authentication
[I 201023 16:05:19 handler:96] Trying password 2fa
[E 201023 16:05:19 handler:510] Traceback (most recent call last):
File "/usr/local/lib/python3.6/site-packages/webssh-1.5.3-py3.6.egg/webssh/handler.py", line 508, in post
worker = yield future
File "/usr/local/lib/python3.6/site-packages/tornado-6.1b1-py3.6-linux-x86_64.egg/tornado/gen.py", line 747, in run
value = future.result()
File "/usr/lib64/python3.6/concurrent/futures/_base.py", line 425, in result
return self.__get_result()
File "/usr/lib64/python3.6/concurrent/futures/_base.py", line 384, in __get_result
raise self._exception
File "/usr/lib64/python3.6/concurrent/futures/thread.py", line 56, in run
result = self.fn(*self.args, **self.kwargs)
File "/usr/local/lib/python3.6/site-packages/webssh-1.5.3-py3.6.egg/webssh/handler.py", line 449, in ssh_connect
ssh.connect(*args, timeout=options.timeout)
File "/usr/local/lib/python3.6/site-packages/paramiko-2.7.2-py3.6.egg/paramiko/client.py", line 446, in connect
passphrase,
File "/usr/local/lib/python3.6/site-packages/webssh-1.5.3-py3.6.egg/webssh/handler.py", line 97, in _auth
return self.auth_interactive(username, self.handler)
File "/usr/local/lib/python3.6/site-packages/webssh-1.5.3-py3.6.egg/webssh/handler.py", line 59, in auth_interactive
raise ValueError('Need a verification code for 2fa.')
ValueError: Need a verification code for 2fa.
Thanks
@APIPLM So you're saying paramiko directly works fine, but webssh does not work? Why do you figure it's ssh-chat's fault and not webssh's problem?
@shazow Yes. paramiko directly works fine, webssh does not work. The reason why I tried to figure out there is possibility of an issue about ssh-chat is that as the log information is [I 201023 16:05:19 transport:1819] Connected (version 2.0, client Go), which got me confused a little.
During Init Auth process, there is one step to check the running service ssh-chat version, your version string is SSH-2.0-Go ssh-chat , so the transport/paramiko to identify it as Go by splitting the version string of the application. See the log file in the below.
DEB [20201024-19:13:46.831] thr=1 paramiko.transport: starting thread (client mode): 0x6a34f048
DEB [20201024-19:13:46.832] thr=1 paramiko.transport: Local version/idstring: SSH-2.0-paramiko_2.7.2
DEB [20201024-19:13:46.832] thr=1 paramiko.transport: Remote version/idstring: SSH-2.0-Go ssh-chat
INF [20201024-19:13:46.832] thr=1 paramiko.transport: Connected (version 2.0, client Go)
Below is that connecting to sshd, its whole version string is SSH-2.0-OpenSSH_7.4
DEB [20201024-19:18:38.412] thr=1 paramiko.transport: starting thread (client mode): 0x76ab2048
DEB [20201024-19:18:38.412] thr=1 paramiko.transport: Local version/idstring: SSH-2.0-paramiko_2.7.2
DEB [20201024-19:18:38.425] thr=1 paramiko.transport: Remote version/idstring: SSH-2.0-OpenSSH_7.4
INF [20201024-19:18:38.425] thr=1 paramiko.transport: Connected (version 2.0, client OpenSSH_7.4)
So there is one little issue would be about the version string of ssh-chat.
As configured my local server for public key cert to Auth. Then password script Auth demo_simple.py paramiko/paramiko can not work. But the public key script Auth demo.py in repo paramiko/paramiko works. I think that that is how life it is. If we configured the cert Auth, then we use the way of API related to cert key to login ssh client. If we did not configure the cert Auth., then we use the way of user name and password to login ssh client
I don't think it's the version string, but if you want to change it on your copy and try it and tell me if it works then I'll open a bug for that. Spaces in the id string are common, they often separate the distro and such. For example, debian's ssh client announces SSH-2.0-OpenSSH_7.4p1 Debian-10+deb9u7. I don't think this is different for servers?
I'm guessing it's an issue with webssh rather than paramiko or ssh-chat.
If there's something specific ssh-chat can do to make this workflow better, I'd be interested in hearing it but I'm not sure what it might be. Let me know if you find out what's causing it please. :)
@shazow Here I can not access google. Basically need VPN. So build can not continue.
go build -ldflags "-X main.Version=dev -extldflags "-static"" ./cmd/ssh-chat
go: golang.org/x/crypto@v0.0.0-20200420104511-884d27f42877: unrecognized import path "golang.org/x/crypto": https fetch: Get "https://golang.org/x/crypto?go-get=1": dial tcp 216.239.37.1:443: i/o timeout
make: *** [ssh-chat] Error 1
I think most likely it is just to change the hard-code in line 123 in the file cmd.go.
Change
config.ServerVersion = "SSH-2.0-Go ssh-chat"
to
config.ServerVersion = "SSH-2.0-ssh-chat_1.1"
Anyway, it is quite funny to have ssh-chat. Then I thought that if we have web version is more funny. That is basically my thought, but sound like we suck on the Authentication process. Your ssh-chat have Authentication, paramiko have its Authentication, webssh have its web interface to Authentication. I sucked on, too.:)
:) I don't think that's the problem but let me know if you manage to confirm it!
@shazow Yes, I know that. It is not a big problem. What I tried to say is that as the server is ssh-chat and the client is made by lib paramiko/paramiko. The idversion of the application are not aligned as well during Authentication process. At least that log information confused in this case. I will try to figure out what that standard name rule for idversion or more common way for Authentication process to parse it. Any hint?:)
Keep in mind that if it is indeed webssh breaking because of the server version, then that's a bug that should be fixed in webssh.
One more thing you could try: v1.7 and earlier didn't change the server version string, so you could try an older version of ssh-chat: https://github.com/shazow/ssh-chat/releases/tag/v1.7
@shazow Thanks. Without change the server version string, the default version string is SSH-2.0-Go, there is no your application name inside So I think that the point is that I have the service ssh-chat, which is developed by golang. it has its version string rule for its application. Then I have the client paramiko/paramiko, which is developed by python . It has its version string rule to its application including how the server site parse version string. There is no strange for them to not aligned.
I will try paramiko/paramiko client and paramiko/paramiko services. See how it would be.
One thing I found out is that seem like that is not recommended for package name with "-" . See that this linker on-go-package-names. So I was wondering why the default version string is to append -Go at the end. On the other side, why paramiko/paramiko accept this way to parse version string.
The advertised SSH server/client string has nothing to do with the Go package name.
If you're still trying to make ssh-chat work with webssh, I suggest opening an issue on webssh.
@shazow I no long tried to make ssh-chat work with webssh. What I tried to figure out is that what the version string is by debugging both ssh-chat and demo.py of paramiko/paramiko. The point is that once Auth failed, the debug information always have it. Seem like we have not make too much progress. I will close the issue.What do you think?
Sure. We can always re-open it later if we have more information in the future.