Recent

Author Topic: Cannot connect via Synapse and SSH to a linux box  (Read 30083 times)

Pascal

  • Hero Member
  • *****
  • Posts: 932
Re: Cannot connect via Synapse and SSH to a linux box
« Reply #30 on: October 10, 2016, 12:54:11 pm »
Yes i did!
Maybe the problem is that you use ssl_libssh2 and i use ssl_cryptlib! Could this be the issue here?


Just did it again at work:

Connected to the aix machine as sg32, generated a key, put key to d197@suselinux02
Code: Pascal  [Select][+][-]
  1. login as: sg32
  2. sg32@suseaix's password:
  3. Letzte nicht erfolgreiche Anmeldung: Mo  5 Sep 13:13:19 2016 an ssh von w8-xxxxx.susdom.local
  4. Letzte Anmeldung: Mo 10 Okt 12:46:49 2016 an /dev/pts/2 von w8-xxxxxx.susdom.local
  5. *******************************************************************************
  6. *                                                                             *
  7. *                                                                             *
  8. *  Welcome to AIX Version 7.1!                                                *
  9. *                                                                             *
  10. *                                                                             *
  11. *  Please see the README file in /usr/lpp/bos for information pertinent to    *
  12. *  this release of the AIX Operating System.                                  *
  13. *                                                                             *
  14. *                                                                             *
  15. *******************************************************************************
  16. suseaix.[sg32]:/sourcen/sg32 ssh-keygen -t rsa
  17. Generating public/private rsa key pair.
  18. Enter file in which to save the key (/sourcen/sg32/.ssh/id_rsa):
  19. Enter passphrase (empty for no passphrase):
  20. Enter same passphrase again:
  21. Your identification has been saved in /sourcen/sg32/.ssh/id_rsa.
  22. Your public key has been saved in /sourcen/sg32/.ssh/id_rsa.pub.
  23. The key fingerprint is:
  24. 20:6c:dc:5d:2e:6e:7f:62:6c:0e:c2:65:d7:84:e2:15 sg32@suseaix
  25. The key's randomart image is:
  26. +--[ RSA 2048]----+
  27. |          E      |
  28. |   o . . o o     |
  29. |    = o + + .    |
  30. |   . . + + o     |
  31. |        S . .    |
  32. |     . + +       |
  33. |      o . * .    |
  34. |       . = o     |
  35. |          .      |
  36. +-----------------+
  37. suseaix.[sg32]:/sourcen/sg32 ssh-copy-id d197@suselinux02
  38. ssh-copy-id: Command not found.
  39. suseaix.[sg32]:/sourcen/sg32 cat ~/.ssh/id_rsa.pub | ssh d197@suselinux02 "mkdir -p ~/.ssh && cat >>  ~/.ssh/authorized_keys"
  40. The authenticity of host 'suselinux02 (192.168.205.50)' can't be established.
  41. ECDSA key fingerprint is 31:c2:61:d6:86:b1:33:5b:e2:03:b6:0a:45:3a:b5:6f.
  42. Are you sure you want to continue connecting (yes/no)? yes
  43. Warning: Permanently added 'suselinux02,192.168.205.50' (ECDSA) to the list of known hosts.
  44. pam_mount password:
  45. suseaix.[sg32]:/sourcen/sg32

copied the key to my project path and ran the code:
Code: Pascal  [Select][+][-]
  1. program TestSSHClient;
  2.  
  3. {Test program for telnetsshclient
  4.  
  5. Written by Reinier Olislagers 2011.
  6. Modified for libssh2 by Alexey Suhinin 2012.
  7.  
  8. License of code:
  9. * MIT
  10. * LGPLv2 or later (with FreePascal static linking exception)
  11. * GPLv2 or later
  12. according to your choice.
  13. Free use allowed but please don't sue or blame me.
  14.  
  15. Uses other libraries/components; different licenses may apply that also can influence the combined/compiled work.
  16.  
  17. Run: sshtest <serverIPorhostname> [PrivateKeyFile]
  18. }
  19. {$mode objfpc}{$H+}
  20. {$APPTYPE CONSOLE}
  21.  
  22. uses
  23.   telnetsshclient;
  24. var
  25.   comm: TTelnetSSHClient;
  26.   Command: string;
  27. begin
  28.   writeln('Starting.');
  29.   comm:=TTelnetSSHClient.Create;
  30.   comm.HostName:= 'suselinux02'; // ParamStr(1); //First argument on command line
  31.   if comm.HostName='' then
  32.   begin
  33.     writeln('Please specify hostname on command line.');
  34.     halt(1);
  35.   end;
  36.  
  37.   //comm.PrivateKeyFile := 'C:\freepascal\projects\SSH-Test2\id_rsa';
  38.   comm.PrivateKeyFile := 'id_rsa';
  39.  
  40.   comm.TargetPort:=''; //auto determine based on protocoltype
  41.   comm.UserName:='d197'; //change to your situation
  42.   comm.Password:=''; //change to your situation
  43.   comm.ProtocolType:=SSH; //Telnet or SSH
  44.   //comm.Sock.SSL.Ciphers := 'chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com';
  45.   writeln(comm.Connect); //Show result of connection
  46.   if comm.Connected then
  47.   begin
  48.     writeln('Server: ' + comm.HostName + ':'+comm.TargetPort+', user: '+comm.UserName);
  49.     writeln('Welcome message:');
  50.     writeln(comm.WelcomeMessage);
  51.     Command:='ls -al';
  52.     writeln('*** Sending ' + Command);
  53.     writeln('*** Begin result****');
  54.     writeln(comm.CommandResult(Command));
  55.     writeln('*** End result****');
  56.     writeln('');
  57.     writeln('');
  58.     Command:='df -h';
  59.     writeln('*** Sending ' + Command);
  60.     writeln('*** Begin result****');
  61.     writeln(comm.CommandResult(Command));
  62.     writeln('*** End result****');
  63.     writeln('');
  64.     writeln('');
  65.     writeln('All output:');
  66.     writeln('*** Begin result****');
  67.     writeln(comm.AllOutput);
  68.     writeln('*** End result****');
  69.     comm.Disconnect;
  70.   end
  71.   else
  72.   begin
  73.     writeln('Connection to ' +
  74.       comm.HostName + ':' +
  75.       comm.TargetPort + ' failed.');
  76.   end;
  77.   comm.Free;
  78. end.

Same result:
Code: Pascal  [Select][+][-]
  1. Starting.
  2. Error connecting to SSH server suselinux02:22 as user d197. Technical details:
  3. Connection to suselinux02:22 failed.
« Last Edit: June 14, 2017, 11:04:03 am by Pascal »
laz trunk x64 - fpc trunk i386 (cross x64) - Windows 10 Pro x64 (21H2)

Thaddy

  • Hero Member
  • *****
  • Posts: 14197
  • Probably until I exterminate Putin.
Re: Cannot connect via Synapse and SSH to a linux box
« Reply #31 on: October 10, 2016, 01:13:23 pm »
I never used cryptlib. In the wild. The standard is openssl. That is known to work.
Specialize a type, not a var.

Pascal

  • Hero Member
  • *****
  • Posts: 932
Re: Cannot connect via Synapse and SSH to a linux box
« Reply #32 on: October 10, 2016, 01:14:47 pm »
So maybe you can send me your dlls and bindings for ssh2 and openssl?
laz trunk x64 - fpc trunk i386 (cross x64) - Windows 10 Pro x64 (21H2)

rvk

  • Hero Member
  • *****
  • Posts: 6110
Re: Cannot connect via Synapse and SSH to a linux box
« Reply #33 on: October 10, 2016, 01:22:28 pm »
What's in your /var/log/auth.log on your linux-box.

I also couldn't get libssh2 to work.
got
Code: [Select]
Accepted publickey for root from 10.211.62.31 port 50699 ssh2: RSA xx:xx:xx:xx:xx:xx:xx:xx:xx:xx:xx:xx:xx:xx:xx:xx
sshd[24738]: pam_unix(sshd:session): session opened for user root by (uid=0)
sshd[24738]: pam_unix(sshd:session): session closed for user root
The connect works but somehow fails at FSock.SSLDoConnect.
Not sure if I got the correct libssh2.dll and libssh2.pas though.


Pascal

  • Hero Member
  • *****
  • Posts: 932
Re: Cannot connect via Synapse and SSH to a linux box
« Reply #34 on: October 10, 2016, 01:27:27 pm »
I do not have  /var/log/auth.log on this machine.
laz trunk x64 - fpc trunk i386 (cross x64) - Windows 10 Pro x64 (21H2)

rvk

  • Hero Member
  • *****
  • Posts: 6110
Re: Cannot connect via Synapse and SSH to a linux box
« Reply #35 on: October 10, 2016, 01:29:17 pm »
I do not have  /var/log/auth.log on this machine.
Where does your machine log the pam_unix/sshd messages?

Maybe in /var/log/secure or /var/log/messages?

Pascal

  • Hero Member
  • *****
  • Posts: 932
Re: Cannot connect via Synapse and SSH to a linux box
« Reply #36 on: October 10, 2016, 01:31:34 pm »
/var/log/messages i think but i have no access to this file  :(
laz trunk x64 - fpc trunk i386 (cross x64) - Windows 10 Pro x64 (21H2)

Pascal

  • Hero Member
  • *****
  • Posts: 932
Re: Cannot connect via Synapse and SSH to a linux box
« Reply #37 on: October 10, 2016, 01:42:30 pm »
I just did a test with some old ssh2 dlls i've found:
Error: Error connecting to SSH server suselinux02:22 as user d197. Technical details: Unable to open public key file

Where to place the public key file? Which one mine or of d197@suselinux02?
laz trunk x64 - fpc trunk i386 (cross x64) - Windows 10 Pro x64 (21H2)

Pascal

  • Hero Member
  • *****
  • Posts: 932
Re: Cannot connect via Synapse and SSH to a linux box
« Reply #38 on: October 10, 2016, 02:52:48 pm »
Just added PublicKeyFile to synapse ssl plugin and supplied my public keyfile and voila:
Code: Pascal  [Select][+][-]
  1. Starting.
  2. Connected to SSH server.
  3. Server: suselinux02:22, user: d197
  4. Welcome message:
  5. Last login: Mon Oct 10 13:24:47 2016 from w8-xxxxx
  6. suselinux02.[d197]:/sus/sg32/d197
  7. *** Sending ls -al
  8. *** Begin result****
  9. ls -al
  10. insgesamt 114484
  11. drwxr-xr-x 35 d197 suslibma     4096 10. Okt 14:31
  12. *** End result****
  13.  
  14.  
  15. *** Sending df -h
  16. *** Begin result****
  17.  .
  18. drwxr-xr-x 12 root suslibma     4096  2. Mai 14:02 ..
  19. drwxr-xr-x  6 d197 suslibma     4096  2. Jun
  20. *** End result****
  21.  
  22.  
  23. All output:
  24. *** Begin result****
  25. Last login: Mon Oct 10 13:24:47 2016 from w8-xxxxx
  26. suselinux02.[d197]:/sus/sg32/d197 ls -al
  27. insgesamt 114484
  28. drwxr-xr-x 35 d197 suslibma     4096 10. Okt 14:31 .
  29. drwxr-xr-x 12 root suslibma     4096  2. Mai 14:02 ..
  30. drwxr-xr-x  6 d197 suslibma     4096  2. Jun
  31. *** End result****

ReceiveData doesn't wait long enough to get full output.
« Last Edit: June 14, 2017, 11:04:53 am by Pascal »
laz trunk x64 - fpc trunk i386 (cross x64) - Windows 10 Pro x64 (21H2)

rvk

  • Hero Member
  • *****
  • Posts: 6110
Re: Cannot connect via Synapse and SSH to a linux box
« Reply #39 on: October 10, 2016, 02:54:52 pm »
Just added PublicKeyFile to synapse ssl plugin and supplied my public keyfile and voila:
How did you do that?

Where did you supply the public keyfile in synapse?

Thaddy

  • Hero Member
  • *****
  • Posts: 14197
  • Probably until I exterminate Putin.
Re: Cannot connect via Synapse and SSH to a linux box
« Reply #40 on: October 10, 2016, 02:56:43 pm »
Just added PublicKeyFile to synapse ssl plugin and supplied my public keyfile and voila:
How did you do that?

Where did you supply the public keyfile in synapse?

Yup.I wonder. It should be the private key and the public key should reside on the server....
Citing from the digitalocean link I gave you:
"Step Three—Copy the Public Key

Once the key pair is generated, it's time to place the public key on the virtual server that we want to use."

Did you do it the other way around?
« Last Edit: October 10, 2016, 02:59:26 pm by Thaddy »
Specialize a type, not a var.

Pascal

  • Hero Member
  • *****
  • Posts: 932
Re: Cannot connect via Synapse and SSH to a linux box
« Reply #41 on: October 10, 2016, 03:43:17 pm »
Just added PublicKeyFile to synapse ssl plugin and supplied my public keyfile and voila:
How did you do that?

Where did you supply the public keyfile in synapse?

Yup.I wonder. It should be the private key and the public key should reside on the server....
Citing from the digitalocean link I gave you:
"Step Three—Copy the Public Key

Once the key pair is generated, it's time to place the public key on the virtual server that we want to use."

Did you do it the other way around?

See this post: https://curl.haxx.se/mail/archive-2012-04/0059.html
Code: Pascal  [Select][+][-]
  1. Nowadays libssh2 only requires both if built against gcrypt instead of
  2. OpenSSL.

My version of ssh2 is build againt gcrypt. So i had to add the publickeyfile to the call to libssh2_userauth_publickey_fromfile
Code: Pascal  [Select][+][-]
  1. function IfThen(cond: Boolean; val1, val2: PChar): PChar;
  2. begin
  3.   if cond then
  4.     Result := val1
  5.   else
  6.     Result := val2;
  7. end;
  8.  
  9. ...
  10.  
  11. function TSSLLibSSH2.Connect: boolean;
  12. begin
  13.       ...
  14.       if (FSocket.SSL.PublicKeyFile<>'') then
  15.         if (not SSHCheck(libssh2_userauth_publickey_fromfile(FSession, PChar(FSocket.SSL.Username), IfThen(FSocket.SSL.PrivateKeyFile='', nil, PChar(FSocket.SSL.PublicKeyFile)), PChar(FSocket.SSL.PrivateKeyFile), PChar(FSocket.SSL.KeyPassword))))
  16.         ...                                                                                         ^^^^^^^^^^^^
  17. end;

I also added prperty PublicKeyFile to the ssl plugin and to TTelnetSSHClient.
« Last Edit: October 10, 2016, 03:55:10 pm by Pascal »
laz trunk x64 - fpc trunk i386 (cross x64) - Windows 10 Pro x64 (21H2)

Pascal

  • Hero Member
  • *****
  • Posts: 932
Re: Cannot connect via Synapse and SSH to a linux box
« Reply #42 on: October 10, 2016, 03:57:43 pm »
Anyway, is there a place where to find current ssh2 and openssl dlls and maybe also pascal bindings?
Thaddy can you provide yours?
laz trunk x64 - fpc trunk i386 (cross x64) - Windows 10 Pro x64 (21H2)

Thaddy

  • Hero Member
  • *****
  • Posts: 14197
  • Probably until I exterminate Putin.
Re: Cannot connect via Synapse and SSH to a linux box
« Reply #43 on: October 10, 2016, 05:22:48 pm »
At the source:

https://wiki.openssl.org/index.php/Binaries

I use the ones from fulgan.com
pascal headers come standard with fpc.
libssh2 headers should be from https://github.com/libssh2/libssh2

This whole story makes me very cautious regarding using gcrypt.
Do they really claim server and client cert should be on the same place?
Or one can be omitted?

That is ridiculous. That is not crypto-safe by definition.
As think libressl and openssl.
« Last Edit: October 10, 2016, 05:39:39 pm by Thaddy »
Specialize a type, not a var.

rvk

  • Hero Member
  • *****
  • Posts: 6110
Re: Cannot connect via Synapse and SSH to a linux box
« Reply #44 on: October 10, 2016, 05:39:23 pm »
At the source:
https://wiki.openssl.org/index.php/Binaries
I use the ones from fulgan.com
pascal headers come standard with fpc.
Thaddy, in that case you didn't use libssh2.dll, did you?

The question was, could you provide your libssh2.dll and corresponging libssh2.pas which are missing from Synapse. Synapse doesn't support direct SSH2 via ssl_openssl.pas. If you did it without libssh2.pas or cryptlib.pas, we love to know how you did it.

 

TinyPortal © 2005-2018