* * *

Author Topic: Cannot connect via Synapse and SSH to a linux box  (Read 7259 times)

Pascal

  • Sr. Member
  • ****
  • Posts: 388
Cannot connect via Synapse and SSH to a linux box
« on: October 06, 2016, 02:10:37 pm »
Hello,

i used the source samples on http://wiki.lazarus.freepascal.org/Synapse to build a test prog
for connecting via SSH to remote machine (using cryptlib 3.4.2 on windos 10).

Code: Pascal  [Select]
  1. program TestSSHClient;
  2.  
  3. {Test program for telnetsshclient
  4.  
  5. Written by Reinier Olislagers 2011.
  6. Modified for libssh2 by Alexey Suhinin 2012.
  7.  
  8. License of code:
  9. * MIT
  10. * LGPLv2 or later (with FreePascal static linking exception)
  11. * GPLv2 or later
  12. according to your choice.
  13. Free use allowed but please don't sue or blame me.
  14.  
  15. Uses other libraries/components; different licenses may apply that also can influence the combined/compiled work.
  16.  
  17. Run: sshtest <serverIPorhostname> [PrivateKeyFile]
  18. }
  19. {$mode objfpc}{$H+}
  20. {$APPTYPE CONSOLE}
  21.  
  22. uses
  23.   telnetsshclient;
  24. var
  25.   comm: TTelnetSSHClient;
  26.   Command: string;
  27. begin
  28.   writeln('Starting.');
  29.   comm:=TTelnetSSHClient.Create;
  30.   comm.HostName:= 'linuxmachine'; // ParamStr(1); //First argument on command line
  31.   if comm.HostName='' then
  32.   begin
  33.     writeln('Please specify hostname on command line.');
  34.     halt(1);
  35.   end;
  36.  
  37.   comm.PrivateKeyFile := '';
  38.  
  39.   comm.TargetPort:=''; //auto determine based on protocoltype
  40.   comm.UserName:='user'; //change to your situation
  41.   comm.Password:='password'; //change to your situation
  42.   comm.ProtocolType:=SSH; //Telnet or SSH
  43.   writeln(comm.Connect); //Show result of connection
  44.   if comm.Connected then
  45.   begin
  46.     writeln('Server: ' + comm.HostName + ':'+comm.TargetPort+', user: '+comm.UserName);
  47.     writeln('Welcome message:');
  48.     writeln(comm.WelcomeMessage);
  49.     Command:='ls -al';
  50.     writeln('*** Sending ' + Command);
  51.     writeln('*** Begin result****');
  52.     writeln(comm.CommandResult(Command));
  53.     writeln('*** End result****');
  54.     writeln('');
  55.     writeln('');
  56.     Command:='df -h';
  57.     writeln('*** Sending ' + Command);
  58.     writeln('*** Begin result****');
  59.     writeln(comm.CommandResult(Command));
  60.     writeln('*** End result****');
  61.     writeln('');
  62.     writeln('');
  63.     writeln('All output:');
  64.     writeln('*** Begin result****');
  65.     writeln(comm.AllOutput);
  66.     writeln('*** End result****');
  67.     comm.Disconnect;
  68.   end
  69.   else
  70.   begin
  71.     writeln('Connection to ' +
  72.       comm.HostName + ':' +
  73.       comm.TargetPort + ' failed.');
  74.   end;
  75.   comm.Free;
  76. end.

This works for AIX 7.1 but not for linux or ubuntu.

What am i making wrong or missing?
laz trunk - fpc trunk 32bit - Windows 10 Pro x64

rvk

  • Hero Member
  • *****
  • Posts: 2490
Re: Cannot connect via Synapse and SSH to a linux box
« Reply #1 on: October 06, 2016, 03:06:58 pm »
Did you remove the {$DEFINE LIBSSH2} in telnetsshclient.pas?

Otherwise you're not using the cryptlib 3.4.2  library and LIBSSH2.DLL will be used (which you didn't install but might be present on the AIX).

Code: Pascal  [Select]
  1. {$mode objfpc}{$H+}
  2. {$DEFINE HAS_SSH_SUPPORT} //comment out if only telnet support required
  3. {$DEFINE LIBSSH2}
  4.  
  5. interface
  6.  
  7. uses
  8.   Classes, SysUtils,
  9.   tlntsend
  10.   {$IFDEF HAS_SSH_SUPPORT}
  11.   {ssl - or actually ssh - libs required by tlntsend}
  12.     {$IFDEF LIBSSH2}
  13.       ssl_libssh2
  14.     {$ELSE}
  15.       ssl_cryptlib
  16.   {$ENDIF}
  17.   {$ENDIF HAS_SSH_SUPPORT}  ;
« Last Edit: October 06, 2016, 03:08:58 pm by rvk »

Pascal

  • Sr. Member
  • ****
  • Posts: 388
Re: Cannot connect via Synapse and SSH to a linux box
« Reply #2 on: October 06, 2016, 03:24:24 pm »
Yes, libssh2 is disabled.

I couldn't find any suitable dll to use LIBSSH2! Otherwise i could have tested libssh2 as well.
laz trunk - fpc trunk 32bit - Windows 10 Pro x64

rvk

  • Hero Member
  • *****
  • Posts: 2490
Re: Cannot connect via Synapse and SSH to a linux box
« Reply #3 on: October 06, 2016, 04:33:16 pm »
This works for AIX 7.1 but not for linux or ubuntu.
And what is the problem.

(not working isn't really a good description)

Pascal

  • Sr. Member
  • ****
  • Posts: 388
Re: Cannot connect via Synapse and SSH to a linux box
« Reply #4 on: October 06, 2016, 06:09:41 pm »
I cannot connet/login.
laz trunk - fpc trunk 32bit - Windows 10 Pro x64

rvk

  • Hero Member
  • *****
  • Posts: 2490
Re: Cannot connect via Synapse and SSH to a linux box
« Reply #5 on: October 06, 2016, 06:13:22 pm »
No errors?

Thaddy

  • Hero Member
  • *****
  • Posts: 3640
Re: Cannot connect via Synapse and SSH to a linux box
« Reply #6 on: October 06, 2016, 06:17:03 pm »
The most likely cause (I know for a fact the example code used to work ad verbatim on linux) is that the certificate or the connection encryption is not correct or refused because of unsafe algorithms.
E.g. if the server is running an updated version of openssl (1.0.0g or 1.1) you can't use most of the algorithms that are deemed unsafe.
The connection will never take place. Not even a refusal, but dropped. Hence no errors.

E.g. SSLv2 won't work anymore, not even in the protocol fallback chain. RC4 won't work anymore, more hash related things are refused. You really need e.g. tls 1.2 and the max fallback is tls 1.1. This has a huge impact on SSH and SSH2.
See release notes at openssl.org for openssl v1.1.
In synapse there is a setting to always use the highest encryption possible. (Forgot the name) if you set that, everything will be OK, at least with openssl.
« Last Edit: October 06, 2016, 06:27:29 pm by Thaddy »
Why do the Danish always try to fuck up any programming language?

Pascal

  • Sr. Member
  • ****
  • Posts: 388
Re: Cannot connect via Synapse and SSH to a linux box
« Reply #7 on: October 06, 2016, 07:09:10 pm »
at least with openssl.
Okay, but where can i get the matching libssh2.dll?
Or is there a working sample program with source and dlls?
laz trunk - fpc trunk 32bit - Windows 10 Pro x64

rvk

  • Hero Member
  • *****
  • Posts: 2490
Re: Cannot connect via Synapse and SSH to a linux box
« Reply #8 on: October 06, 2016, 07:19:46 pm »
at least with openssl.
Okay, but where can i get the matching libssh2.dll?
Or is there a working sample program with source and dlls?
The libssh2.dll shouldn't be a problem to find. But you need the corresponding libssh2.pas with the bindings.

(Can't look myself at the moment)

Thaddy

  • Hero Member
  • *****
  • Posts: 3640
Re: Cannot connect via Synapse and SSH to a linux box
« Reply #9 on: October 06, 2016, 07:49:51 pm »
Well, theoretically that should not be necessary because synapse will enumerate "unknowns" anyway and use them by priority.
There are some name clashes, though.
I'll see if I can come up with a quick fix and over the weekend something better.
The library is pretty easy to make yourself:
https://github.com/libssh2/libssh2

(I use cygwin on windows)

Note that this is not really an FPC or Lazarus or Synapse issue.
The issue is that openssl dropped support for unsafe code, so it can no longer be called.
« Last Edit: October 06, 2016, 08:18:01 pm by Thaddy »
Why do the Danish always try to fuck up any programming language?

Pascal

  • Sr. Member
  • ****
  • Posts: 388
Re: Cannot connect via Synapse and SSH to a linux box
« Reply #10 on: October 07, 2016, 06:00:27 am »
I'll see if I can come up with a quick fix and over the weekend something better.

This will be great. I would realy appreciate that.
laz trunk - fpc trunk 32bit - Windows 10 Pro x64

Thaddy

  • Hero Member
  • *****
  • Posts: 3640
Re: Cannot connect via Synapse and SSH to a linux box
« Reply #11 on: October 07, 2016, 09:49:50 am »
Can you give me the openssl version on the linux box?
Like typing this in a terminal:
Code: [Select]
openssl version
OpenSSL 1.0.1t  3 May 2016
Why do the Danish always try to fuck up any programming language?

Pascal

  • Sr. Member
  • ****
  • Posts: 388
Re: Cannot connect via Synapse and SSH to a linux box
« Reply #12 on: October 07, 2016, 10:36:20 am »
box 1: suselinux02
Code: Pascal  [Select]
  1. OpenSSL 0.9.8j-fips 07 Jan 2009
Error: Error connecting to SSH server suselinux02:22 as user d197. Technical details: No data was read because the remote system closed the connection (recv() == 0)

box2: d197test
Code: Pascal  [Select]
  1. OpenSSL 0.9.8h 28 May 2008
Error: Error connecting to SSH server d197test:22 as user sg32. Technical details: Invalid PAM authentication request packet

Edit: I used the program from post 1.
« Last Edit: October 07, 2016, 10:43:01 am by Pascal »
laz trunk - fpc trunk 32bit - Windows 10 Pro x64

Thaddy

  • Hero Member
  • *****
  • Posts: 3640
Re: Cannot connect via Synapse and SSH to a linux box
« Reply #13 on: October 07, 2016, 12:18:27 pm »
These are really old. Please update these openssl versions first.
The most likely cause is based on those error messages that the certificate is not accepted.
That can be because of multiple issues. I would generate new certificates after I updated the openssl versions.

You *must* update openssl. These versions are highly insecure and very easy to hack.
Why do the Danish always try to fuck up any programming language?

Pascal

  • Sr. Member
  • ****
  • Posts: 388
Re: Cannot connect via Synapse and SSH to a linux box
« Reply #14 on: October 07, 2016, 12:49:03 pm »
You *must* update openssl. These versions are highly insecure and very easy to hack.

Sorry, i can't. But never mind these machines are not publicly available.
laz trunk - fpc trunk 32bit - Windows 10 Pro x64

 

Recent

Get Lazarus at SourceForge.net. Fast, secure and Free Open Source software downloads Open Hub project report for Lazarus