On 04.05.2015 11:58 PM, Stefan Baur wrote:

...

This is the error I get on the client: x2go-ERROR-2> "Connection Error(Can not connect to 128.149.23.102:22): Protocol mismatch: "

"Protocol mismatch" doesn't sound like something X2Go-specific.

It might be half-X2Go-specific.

Please make sure that at least an RSA host server key is enabled in OpenSSHd on the RHEL server. The technology X2Go Client uses (libssh) does currently not support EC or ED keys.

Please do the following:

• Tell us which Client and Server versions of X2Go you installed.
• Make sure you can connect from the client to the server using regular ssh, using the same username and password/authentication method you set up in your X2GoClient.

Regular ssh is OpenSSH's client. That's not helping much in X2Go-context, unfortunately.

Mihai

I keep getting the same error: protocol mismatch, this http://wiki.x2go.org/doku.php/wiki:advanced:authentication:passwordless-ssh is not working. Can you send me other documentation you may have?

Thank you!

On 5/4/15, 3:05 PM, "Mihai Moldovan" <ionic@ionic.de> wrote:

On 04.05.2015 11:58 PM, Stefan Baur wrote:

...

...

This is the error I get on the client: x2go-ERROR-2> "Connection Error(Can not connect to 128.149.23.102:22): Protocol mismatch: "

"Protocol mismatch" doesn't sound like something X2Go-specific.

It might be half-X2Go-specific.

Please make sure that at least an RSA host server key is enabled in OpenSSHd on the RHEL server. The technology X2Go Client uses (libssh) does currently not support EC or ED keys.

...

Please do the following:

• Tell us which Client and Server versions of X2Go you installed.
• Make sure you can connect from the client to the server using regular ssh, using the same username and password/authentication method you set up in your X2GoClient.

Regular ssh is OpenSSH's client. That's not helping much in X2Go-context, unfortunately.

Mihai

Prior to reaching out to the x2godev group, I checked the sshd_config file on the server to ensure the rsa host key was enabled. I restarted sshd anyway, tried connecting from the client to the server but got the same error on the client:

x2go-INFO-8> "Starting connection to server: 128.149.23.102:22" x2go-ERROR-2> "Connection Error(Can not connect to 128.149.23.102:22): Protocol mismatch: " 2015-05-05 07:53:29.214 x2goclient[4409:319022] modalSession has been exited prematurely - check for a reentrant call to endModalSession:

Any other ideas?

Thank you, Liz

On 5/4/15, 5:41 PM, "Mihai Moldovan" <ionic@ionic.de> wrote:

On 05.05.2015 02:25 AM, Real, Elizabeth (392K) wrote:

...

I keep getting the same error: protocol mismatch, this

http://wiki.x2go.org/doku.php/wiki:advanced:authentication:passwordless-s sh is not working. Can you send me other documentation you may have?

Uhm, no, I don't mean client SSH keys.

If you check /etc/ssh/sshd_config on the RHEL server, you should see a line like "HostKey /etc/ssh/ssh_host_rsa_key"

It may be commented, in the form "#HostKey /etc/ssh/ssh_host_rsa_key"

If it is, please uncomment it (remove the hash) and restart the the SSH daemon:

sudo systemctl restart sshd

After that, try connecting again.

Mihai

Am 05.05.2015 um 17:00 schrieb Stefan Baur:

...

Any other ideas?

You could try (all in one line, no blanks at the mail-client-induced line wraps):

ssh -o HostKeyAlgorithms=ssh-rsa-cert-v01@openssh.com,ssh-dss-cert-v01@openssh.com,ssh-rsa-cert-v00@openssh.com,ssh-dss-cert-v00@openssh.com,ssh-rsa,ssh-dss

yourusername@yourhost

Oh, darn it. The line wrap looks different in the sent mail than in the compose mail window. Of course, one blank goes behind the "-o", and one before the "yourusername".

-Stefan

-- BAUR-ITCS UG (haftungsbeschränkt) Geschäftsführer: Stefan Baur Eichenäckerweg 10, 89081 Ulm | Registergericht Ulm, HRB 724364 Fon/Fax 0731 40 34 66-36/-35 | USt-IdNr.: DE268653243

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256

Am 06.05.2015 um 21:00 schrieb Real, Elizabeth (392K):

I did not get notified when you posted your suggestions, either way, which config file on the client does the HostKeyAlgorithms go into?

Ad 1: I'm replying to the X2Go-Dev mailing list, to which you should be subscribed. If you aren't, and one of my fellow list admins just whitelisted your address without notifying you that you should subscribe - please do subscribe. :-) Subscription works using this link: http://lists.x2go.org/listinfo/x2go-dev

Ad 2: As this is solely for testing, you do not want to make that change permanent. Call ssh as described on the commandline.

To avoid the line break issue, I've copied the entire string to here: http://pastie.org/10174410

By the way, I noticed HostKey /etc/ssh/ssh_host_rsa_key is commented out in the sshd_config on the client, should this uncommented?

Hmm. Before you change that, try turning file and print sharing off in your X2GoClient session configuration. We're using a reverse connection for that, so who knows, it might be the reverse connection failing that generates the error message.

Out of curiosity, what do you intend to use X2Go for? :-) JPL would be a nice addition to our "Success Stories" web page. ;-)

• -Stefan

BAUR-ITCS UG (haftungsbeschränkt) Geschäftsführer: Stefan Baur Eichenäckerweg 10, 89081 Ulm | Registergericht Ulm, HRB 724364 Fon/Fax 0731 40 34 66-36/-35 | USt-IdNr.: DE268653243 -----BEGIN PGP SIGNATURE----- Version: GnuPG v2

iQEcBAEBCAAGBQJVSmgOAAoJEG7d9BjNvlEZC+YH/2WYhVzTn3E6lWNPosJ3iIuM zWd/WPqvYr3Aefj5lVotAMd1bknANwEZ9Ln7E0g7/sPdjNHPR1znK0uTzN1UIKnR LqIV0RjfVZ3poufNMYlKME+yhSa8khEfO5y3eE9x0Tpx0bDA/vuoTCPD+mBgtWII 3wr2ddPCBM8O8+3VD22UGwwkvkzIzPnZ/7UdhQLTz06JjpMXzgROveqOtxruDNy4 J64xzkFtqK1FeaI8jyvLGnI//QE5Tta0sZZ+gQ6Cy6cheQUXj/fbFVYuM2Y97oUM JZB1I09LEksM2+7psje2YqCFnH4u4yMuswx6baawZHMnyNjoE+/RDtrbsff18qc= =or6t -----END PGP SIGNATURE-----

Am 06.05.2015 um 21:40 schrieb Real, Elizabeth (392K):

1. Weird, I am subscribed but again did not get the notification. Maybe we are blocking your domain.

:-(

2. Called ssh on the command line using the string provided and I logged into my host, no problems. What does this step prove? Other than I¹m using openssh keys to connect?

It verifies that the RSA key on your host is working, because it forces your SSH client to connect to the host using the RSA host key, like X2GoClient does.

So the error seems to be on the client side, unless I made a mistake composing the test command.

3. Did not change the client sshd_config file

Okay. And when you disable file and printer sharing in your X2GoClient's session configuration, the error remains?

If yes, you could try a preview release of X2GoClient for OS X:

http://code.x2go.org/releases/binary-macosx/x2goclient/previews/4.0.4.0/x2go...

http://code.x2go.org/releases/binary-macosx/x2goclient/previews/4.0.4.0/x2go...

Note that this preview includes two versions of X2Go Client. One was built on OS X 10.6 and is best-suited for OS X 10.6 and 10.7, while the other was built on OS X 10.9 and is best suited for OS X 10.9 and 10.10.

4. We are testing X2go for our Red Hat 7 deployment. We are looking for a low bandwidth remote desktop solution for some of our users.

Cool. :-) If we get it to work for you, do you think we could publish your use case on our web page?

-Stefan

-- BAUR-ITCS UG (haftungsbeschränkt) Geschäftsführer: Stefan Baur Eichenäckerweg 10, 89081 Ulm | Registergericht Ulm, HRB 724364 Fon/Fax 0731 40 34 66-36/-35 | USt-IdNr.: DE268653243

On 06.05.2015 11:55 PM, Real, Elizabeth (392K) wrote:

Any other ideas?

No new information and you have done nothing wrong.

Looks like you will need to get your hands dirty.

Please start sshd manually as root on the RH 7 machine:

sudo sshd -ddd -p 18935

It should be running in the foreground, outputting debug information and listening on port 18935 (feel free to change this to whatever you feel suitable, it doesn't matter as long it as the port is unused and not colling with anything else you might use.

Then, configure x2goclient to connect to that port and start a session.

You should see additional debug information printed by sshd... hopefully hinting at what might have gone awry.

Mihai

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256

Am 08.05.2015 um 00:23 schrieb Real, Elizabeth (392K):

RH7 server: setup debug and set sshd port 18935

Client: configured x2goclient to connect to port 18935 but got connection refused x2go-INFO-8> "Starting connection to server: 128.149.23.102:18935" x2go-ERROR-2> "Connection Error(Cannot connect to 128.149.23.102:18935): Connection refused"

This is frustrating on all sides, I'd say. :-/

Did you test a regular SSH connection from your client to port 18935? ssh -p 18935 user@server

Maybe there's a firewall involved that is blocking traffic?

• -Stefan

BAUR-ITCS UG (haftungsbeschränkt) Geschäftsführer: Stefan Baur Eichenäckerweg 10, 89081 Ulm | Registergericht Ulm, HRB 724364 Fon/Fax 0731 40 34 66-36/-35 | USt-IdNr.: DE268653243 -----BEGIN PGP SIGNATURE----- Version: GnuPG v2

iQEcBAEBCAAGBQJVTF5JAAoJEG7d9BjNvlEZZbwH+wc8kSzSQ5OX80mjwr3cA9eI W9FpSylpX5YOq1G3/Sd0FOBaJvAZeYTGERnO99MuGea7mIyBIP90HlRd9jZSr3S9 bwq2XXf3W+ly8lhEMmYrWk+/JeUa0hFOrQieIFJZcOtUNav5iVlf2ryvTXg8bXI6 nLfxmjEkr8u0BX+S01lA0wKV1wSQX81RKcqNmKb2PCw2ZEfzIOFNAPXiRT1lGZ7+ 3wcm9P8+aLIBVjDlq6FI1JWAXfcCjl3eTA1ibgt2RCGb7z8KaO7gh76wybWKpX0h dgPpQAesUlvFaqcWAICq+Xh9rE4pWlMFq7/Lo8ufumkPvlWP/jItlH4+IoLlgqs= =x4us -----END PGP SIGNATURE-----

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256

Hi Liz,

if my previous message with the $(which sshd) line didn't produce any useful debug output, here's something else you could try. However, if you *did* get debug output from that previous step, there's no need to try the following as well. These are mainly connectivity tests.

On the client's commandline, execute:

ssh -L18935:128.149.23.102:22 128.149.23.102

If that connects, leave the ssh session running.

Then, change your X2GoClient session to point to 127.0.0.1:18935 instead of 128.149.23.102:22

Try and see if it connects. (Expected result: Protocol mismatch error message)

Close X2GoClient, close the SSH session, then repeat it like this:

ssh -L18935:127.0.0.1:22 128.149.23.102 # ^^^^^^^^^ note the different IP here

Try and see if it connects. (Expected result: Protocol mismatch error message)

Again, close X2GoClient, close the SSH session.

Repeat with

ssh -L18935:127.0.0.1:18935 128.149.23.102 # ^^^^^ note the different port number here

verify that an SSHD is listening on the server by using the command

netstat -ant | grep ':18935' | wc -l

on the *server*. It should return a number greater than 0.

Now, try to connect X2GoClient using 127.0.0.1:18935 again.

• -Stefan

Am 08.05.2015 um 00:23 schrieb Real, Elizabeth (392K):

RH7 server: setup debug and set sshd port 18935

Client: configured x2goclient to connect to port 18935 but got connection refused x2go-INFO-8> "Starting connection to server: 128.149.23.102:18935" x2go-ERROR-2> "Connection Error(Cannot connect to 128.149.23.102:18935): Connection refused"

On 5/7/15, 12:41 PM, "Mihai Moldovan" <ionic@ionic.de> wrote:

...

On 06.05.2015 11:55 PM, Real, Elizabeth (392K) wrote:

...

Any other ideas?

No new information and you have done nothing wrong.

Looks like you will need to get your hands dirty.

Please start sshd manually as root on the RH 7 machine:

sudo sshd -ddd -p 18935

It should be running in the foreground, outputting debug information and listening on port 18935 (feel free to change this to whatever you feel suitable, it doesn't matter as long it as the port is unused and not colling with anything else you might use.

Then, configure x2goclient to connect to that port and start a session.

You should see additional debug information printed by sshd... hopefully hinting at what might have gone awry.

Mihai

_______________________________________________ x2go-dev mailing list x2go-dev@lists.x2go.org http://lists.x2go.org/listinfo/x2go-dev

BAUR-ITCS UG (haftungsbeschränkt) Geschäftsführer: Stefan Baur Eichenäckerweg 10, 89081 Ulm | Registergericht Ulm, HRB 724364 Fon/Fax 0731 40 34 66-36/-35 | USt-IdNr.: DE268653243 -----BEGIN PGP SIGNATURE----- Version: GnuPG v2

iQEcBAEBCAAGBQJVTGXuAAoJEG7d9BjNvlEZPDAH/AsmNapduSl+qy5xEzc/r6Yg 72JylW7RGfWh0G6jf5OSGmgw2ciccvZSPWNdzHRjBuNlvOqF3ChxJ9FCKvkClU+x lgtuFsb0GHF09FtWUFw1pqyBxng8NII4J/eH69+ioifP+mQwpHpHB0lCuo2z/ezX CTHfVGIFYmT1aCcvqWLjU0T1S8GBp2+ZmAgoQ1FIqaSvon3ySYA2yALC1aHA9Ofe eP9qbIGrMUotY/AR709i6VRCVx4EajQeJgUNUDg04RxBmRvhgblEsxkPIKAJfDIk N4s4ItBmXqzwmwlShUV3gPWGPcvOWpFE74Cq4znIY+F+plgMUsVFw1cgd2EPr1c= =DB8x -----END PGP SIGNATURE-----

See my replies below:

When using "sudo sshd -ddd -p 18935" like suggested by Mihai, I'm getting "sshd re-exec requires execution with an absolute path" and the shell prompt returns.

I got this last Friday and figured the absolute path

Which means there is no SSHD running on port 18935. (Verifiable with "netstat -ant | grep ':18935' | wc -l" - that should return a number greater than 0 if SSHD is running on Port 18935.)

Returned the number 2

sudo $(which sshd) -ddd -p 18935 Leave that commandline window open, important debug information will appear there.

# $(which sshd) -ddd -p 18935 debug2: load_server_config: filename /etc/ssh/sshd_config debug2: load_server_config: done config len = 848 debug2: parse_server_config: config /etc/ssh/sshd_config len 848 debug3: /etc/ssh/sshd_config:28 setting HostKey /etc/ssh/ssh_host_rsa_key debug3: /etc/ssh/sshd_config:30 setting HostKey /etc/ssh/ssh_host_ecdsa_key debug3: /etc/ssh/sshd_config:42 setting SyslogFacility AUTHPRIV debug3: /etc/ssh/sshd_config:44 setting LogLevel VERBOSE debug3: /etc/ssh/sshd_config:56 setting MaxAuthTries 5 debug3: /etc/ssh/sshd_config:64 setting AuthorizedKeysFile .ssh/authorized_keys debug3: /etc/ssh/sshd_config:73 setting RhostsRSAAuthentication yes debug3: /etc/ssh/sshd_config:76 setting HostbasedAuthentication yes debug3: /etc/ssh/sshd_config:82 setting IgnoreRhosts no debug3: /etc/ssh/sshd_config:87 setting PasswordAuthentication yes debug3: /etc/ssh/sshd_config:91 setting ChallengeResponseAuthentication yes debug3: /etc/ssh/sshd_config:102 setting GSSAPIAuthentication yes debug3: /etc/ssh/sshd_config:104 setting GSSAPICleanupCredentials yes debug3: /etc/ssh/sshd_config:120 setting UsePAM yes debug3: /etc/ssh/sshd_config:126 setting X11Forwarding yes debug3: /etc/ssh/sshd_config:133 setting UsePrivilegeSeparation sandbox

debug3: /etc/ssh/sshd_config:149 setting Banner /etc/banners/sshd debug3: /etc/ssh/sshd_config:152 setting AcceptEnv LANG LC_CTYPE LC_NUMERIC LC_TIME LC_COLLATE LC_MONETARY LC_MESSAGES debug3: /etc/ssh/sshd_config:153 setting AcceptEnv LC_PAPER LC_NAME LC_ADDRESS LC_TELEPHONE LC_MEASUREMENT debug3: /etc/ssh/sshd_config:154 setting AcceptEnv LC_IDENTIFICATION LC_ALL LANGUAGE debug3: /etc/ssh/sshd_config:155 setting AcceptEnv XMODIFIERS debug3: /etc/ssh/sshd_config:158 setting Subsystem sftp /usr/libexec/openssh/sftp-server debug1: sshd version OpenSSH_6.4, OpenSSL 1.0.1e-fips 11 Feb 2013 debug3: Incorrect RSA1 identifier debug1: read PEM private key done: type RSA debug3: Incorrect RSA1 identifier debug3: Could not load "/etc/ssh/ssh_host_rsa_key" as a RSA1 public key debug1: private host key: #0 type 1 RSA debug3: Incorrect RSA1 identifier debug1: read PEM private key done: type ECDSA debug3: Incorrect RSA1 identifier debug3: Could not load "/etc/ssh/ssh_host_ecdsa_key" as a RSA1 public key debug1: private host key: #1 type 3 ECDSA debug1: rexec_argv[0]='/sbin/sshd' debug1: rexec_argv[1]='-ddd' debug1: rexec_argv[2]='-p' debug1: rexec_argv[3]='18935' debug3: oom_adjust_setup Set /proc/self/oom_score_adj from 0 to -1000 debug2: fd 3 setting O_NONBLOCK debug1: Bind to port 18935 on 0.0.0.0. Server listening on 0.0.0.0 port 18935. debug2: fd 4 setting O_NONBLOCK debug3: sock_set_v6only: set socket 4 IPV6_V6ONLY debug1: Bind to port 18935 on ::. Server listening on :: port 18935.

With that window open, try connecting with X2GoClient to 128.149.23.102:18935. % /Applications/x2goclient.app/Contents/MacOS/x2goclient ; exit; x2go-INFO-1> "Starting x2goclient..." x2go-WARNING-1> "Can't load translator: :/i18n/x2goclient_en_us" x2go-WARNING-2> "Can't load translator: :/i18n/qt_en_US" x2go-INFO-3> "Started x2goclient." Object::connect: No such slot SessionWidget::slot_emitSettings() Object::connect: No such slot SessionWidget::slot_emitSettings() Object::connect: No such signal SessionWidget::directRDP(bool) Object::connect: No such signal SessionWidget::settingsChanged(QString,QString,QString) 2015-05-11 09:15:19.797 x2goclient[21241:1652401] modalSession has been exited prematurely - check for a reentrant call to endModalSession: x2go-INFO-8> "Starting connection to server: 128.149.23.102:18935" x2go-ERROR-2> "Connection Error(Cannot connect to 128.149.23.102:18935): Connection refused"

On 5/11/15, 9:05 AM, "Real, Elizabeth (392K)" <Elizabeth.Real@jpl.nasa.gov> wrote:

Here are the outputs from RH7 server and Mac client:

RH7 server: # /usr/sbin/sshd -ddd -p 18935 debug2: load_server_config: filename /etc/ssh/sshd_config debug2: load_server_config: done config len = 848 debug2: parse_server_config: config /etc/ssh/sshd_config len 848 debug3: /etc/ssh/sshd_config:28 setting HostKey /etc/ssh/ssh_host_rsa_key debug3: /etc/ssh/sshd_config:30 setting HostKey /etc/ssh/ssh_host_ecdsa_key debug3: /etc/ssh/sshd_config:42 setting SyslogFacility AUTHPRIV debug3: /etc/ssh/sshd_config:44 setting LogLevel VERBOSE debug3: /etc/ssh/sshd_config:56 setting MaxAuthTries 5 debug3: /etc/ssh/sshd_config:64 setting AuthorizedKeysFile .ssh/authorized_keys debug3: /etc/ssh/sshd_config:73 setting RhostsRSAAuthentication yes debug3: /etc/ssh/sshd_config:76 setting HostbasedAuthentication yes debug3: /etc/ssh/sshd_config:82 setting IgnoreRhosts no debug3: /etc/ssh/sshd_config:87 setting PasswordAuthentication yes debug3: /etc/ssh/sshd_config:91 setting ChallengeResponseAuthentication yes debug3: /etc/ssh/sshd_config:102 setting GSSAPIAuthentication yes debug3: /etc/ssh/sshd_config:104 setting GSSAPICleanupCredentials yes debug3: /etc/ssh/sshd_config:120 setting UsePAM yes debug3: /etc/ssh/sshd_config:126 setting X11Forwarding yes debug3: /etc/ssh/sshd_config:133 setting UsePrivilegeSeparation sandbox debug3: /etc/ssh/sshd_config:149 setting Banner /etc/banners/sshd debug3: /etc/ssh/sshd_config:152 setting AcceptEnv LANG LC_CTYPE LC_NUMERIC LC_TIME LC_COLLATE LC_MONETARY LC_MESSAGES debug3: /etc/ssh/sshd_config:153 setting AcceptEnv LC_PAPER LC_NAME LC_ADDRESS LC_TELEPHONE LC_MEASUREMENT debug3: /etc/ssh/sshd_config:154 setting AcceptEnv LC_IDENTIFICATION LC_ALL LANGUAGE debug3: /etc/ssh/sshd_config:155 setting AcceptEnv XMODIFIERS debug3: /etc/ssh/sshd_config:158 setting Subsystem sftp /usr/libexec/openssh/sftp-server debug1: sshd version OpenSSH_6.4, OpenSSL 1.0.1e-fips 11 Feb 2013 debug3: Incorrect RSA1 identifier debug1: read PEM private key done: type RSA debug3: Incorrect RSA1 identifier debug3: Could not load "/etc/ssh/ssh_host_rsa_key" as a RSA1 public key debug1: private host key: #0 type 1 RSA debug3: Incorrect RSA1 identifier debug1: read PEM private key done: type ECDSA debug3: Incorrect RSA1 identifier debug3: Could not load "/etc/ssh/ssh_host_ecdsa_key" as a RSA1 public key debug1: private host key: #1 type 3 ECDSA debug1: rexec_argv[0]='/usr/sbin/sshd' debug1: rexec_argv[1]='-ddd' debug1: rexec_argv[2]='-p' debug1: rexec_argv[3]='18935' debug3: oom_adjust_setup Set /proc/self/oom_score_adj from 0 to -1000 debug2: fd 3 setting O_NONBLOCK debug1: Bind to port 18935 on 0.0.0.0. Server listening on 0.0.0.0 port 18935. debug2: fd 4 setting O_NONBLOCK debug3: sock_set_v6only: set socket 4 IPV6_V6ONLY debug1: Bind to port 18935 on ::. Server listening on :: port 18935.

Mac client: % ssh -p 18935 root@joey ssh: connect to host joey port 18935: Connection refused

---

From: Real, Elizabeth (392K) Sent: Thursday, May 07, 2015 3:23 PM To: Mihai Moldovan; x2go-dev@lists.x2go.org Subject: Re: [X2Go-Dev] X2go Mac client and Red Hat 7 server

RH7 server: setup debug and set sshd port 18935

Client: configured x2goclient to connect to port 18935 but got connection refused x2go-INFO-8> "Starting connection to server: 128.149.23.102:18935" x2go-ERROR-2> "Connection Error(Cannot connect to 128.149.23.102:18935): Connection refused"

On 5/7/15, 12:41 PM, "Mihai Moldovan" <ionic@ionic.de> wrote:

...

On 06.05.2015 11:55 PM, Real, Elizabeth (392K) wrote:

...

Any other ideas?

No new information and you have done nothing wrong.

Looks like you will need to get your hands dirty.

Please start sshd manually as root on the RH 7 machine:

sudo sshd -ddd -p 18935

It should be running in the foreground, outputting debug information and listening on port 18935 (feel free to change this to whatever you feel suitable, it doesn't matter as long it as the port is unused and not colling with anything else you might use.

Then, configure x2goclient to connect to that port and start a session.

You should see additional debug information printed by sshd... hopefully hinting at what might have gone awry.

Mihai

Tried this again and when I got to executing netstat -ant | grep ':18935' | wc -l the server returned the number 2, however the client still gave protocol mismatch:

x2go-INFO-8> "Starting connection to server: 127.0.0.1:18935" x2go-ERROR-2> "Connection Error(Cannot connect to 127.0.0.1:18935): Protocol mismatch: "

On 5/11/15, 9:44 AM, "Real, Elizabeth (392K)" <Elizabeth.Real@jpl.nasa.gov> wrote:

...

if my previous message with the $(which sshd) line didn't produce any useful debug output, here's something else you could try. However, if you *did* get debug output from that previous step, there's no need to try the following as well. These are mainly connectivity tests. On the client's commandline, execute: ssh -L18935:128.149.23.102:22 128.149.23.102 If that connects, leave the ssh session running.

Client connects and I¹m able to authenticate.

...

Then, change your X2GoClient session to point to 127.0.0.1:18935 instead of 128.149.23.102:22 Try and see if it connects. (Expected result: Protocol mismatch error message)

2015-05-11 09:28:59.009 x2goclient[21467:1656748] modalSession has been exited prematurely - check for a reentrant call to endModalSession: x2go-INFO-8> "Starting connection to server: 127.0.0.1:18935" x2go-ERROR-2> "Connection Error(Cannot connect to 127.0.0.1:18935): Protocol mismatch: "

...

Close X2GoClient, close the SSH session, then repeat it like this: ssh -L18935:127.0.0.1:22 128.149.23.102 # ^^^^^^^^^ note the different IP here Try and see if it connects. (Expected result: Protocol mismatch error message)

x2go-INFO-8> "Starting connection to server: 127.0.0.1:18935" x2go-ERROR-2> "Connection Error(Cannot connect to 127.0.0.1:18935): Protocol mismatch: "

...

Again, close X2GoClient, close the SSH session. Repeat with ssh -L18935:127.0.0.1:18935 128.149.23.102 # ^^^^^ note the different port number here

Able to connect and authenticate

...

verify that an SSHD is listening on the server by using the command netstat -ant | grep ':18935' | wc -l on the *server*. It should return a number greater than 0.

Returned 0

...

Now, try to connect X2GoClient using 127.0.0.1:18935 again.

2015-05-11 09:36:04.970 x2goclient[21660:1659334] modalSession has been exited prematurely - check for a reentrant call to endModalSession: x2go-INFO-8> "Starting connection to server: 127.0.0.1:18935" x2go-ERROR-2> "Connection Error(Cannot connect to 127.0.0.1:18935): Connection refused"

On 5/11/15, 9:16 AM, "Real, Elizabeth (392K)" <Elizabeth.Real@jpl.nasa.gov> wrote:

...

See my replies below:

...

When using "sudo sshd -ddd -p 18935" like suggested by Mihai, I'm getting "sshd re-exec requires execution with an absolute path" and the shell prompt returns.

I got this last Friday and figured the absolute path

...

Which means there is no SSHD running on port 18935. (Verifiable with "netstat -ant | grep ':18935' | wc -l" - that should return a number greater than 0 if SSHD is running on Port 18935.)

Returned the number 2

...

sudo $(which sshd) -ddd -p 18935 Leave that commandline window open, important debug information will appear there.

# $(which sshd) -ddd -p 18935 debug2: load_server_config: filename /etc/ssh/sshd_config debug2: load_server_config: done config len = 848 debug2: parse_server_config: config /etc/ssh/sshd_config len 848 debug3: /etc/ssh/sshd_config:28 setting HostKey /etc/ssh/ssh_host_rsa_key debug3: /etc/ssh/sshd_config:30 setting HostKey /etc/ssh/ssh_host_ecdsa_key debug3: /etc/ssh/sshd_config:42 setting SyslogFacility AUTHPRIV debug3: /etc/ssh/sshd_config:44 setting LogLevel VERBOSE debug3: /etc/ssh/sshd_config:56 setting MaxAuthTries 5 debug3: /etc/ssh/sshd_config:64 setting AuthorizedKeysFile .ssh/authorized_keys debug3: /etc/ssh/sshd_config:73 setting RhostsRSAAuthentication yes debug3: /etc/ssh/sshd_config:76 setting HostbasedAuthentication yes debug3: /etc/ssh/sshd_config:82 setting IgnoreRhosts no debug3: /etc/ssh/sshd_config:87 setting PasswordAuthentication yes debug3: /etc/ssh/sshd_config:91 setting ChallengeResponseAuthentication yes debug3: /etc/ssh/sshd_config:102 setting GSSAPIAuthentication yes debug3: /etc/ssh/sshd_config:104 setting GSSAPICleanupCredentials yes debug3: /etc/ssh/sshd_config:120 setting UsePAM yes debug3: /etc/ssh/sshd_config:126 setting X11Forwarding yes debug3: /etc/ssh/sshd_config:133 setting UsePrivilegeSeparation sandbox

debug3: /etc/ssh/sshd_config:149 setting Banner /etc/banners/sshd debug3: /etc/ssh/sshd_config:152 setting AcceptEnv LANG LC_CTYPE LC_NUMERIC LC_TIME LC_COLLATE LC_MONETARY LC_MESSAGES debug3: /etc/ssh/sshd_config:153 setting AcceptEnv LC_PAPER LC_NAME LC_ADDRESS LC_TELEPHONE LC_MEASUREMENT debug3: /etc/ssh/sshd_config:154 setting AcceptEnv LC_IDENTIFICATION LC_ALL LANGUAGE debug3: /etc/ssh/sshd_config:155 setting AcceptEnv XMODIFIERS debug3: /etc/ssh/sshd_config:158 setting Subsystem sftp /usr/libexec/openssh/sftp-server debug1: sshd version OpenSSH_6.4, OpenSSL 1.0.1e-fips 11 Feb 2013 debug3: Incorrect RSA1 identifier debug1: read PEM private key done: type RSA debug3: Incorrect RSA1 identifier debug3: Could not load "/etc/ssh/ssh_host_rsa_key" as a RSA1 public key debug1: private host key: #0 type 1 RSA debug3: Incorrect RSA1 identifier debug1: read PEM private key done: type ECDSA debug3: Incorrect RSA1 identifier debug3: Could not load "/etc/ssh/ssh_host_ecdsa_key" as a RSA1 public key debug1: private host key: #1 type 3 ECDSA debug1: rexec_argv[0]='/sbin/sshd' debug1: rexec_argv[1]='-ddd' debug1: rexec_argv[2]='-p' debug1: rexec_argv[3]='18935' debug3: oom_adjust_setup Set /proc/self/oom_score_adj from 0 to -1000 debug2: fd 3 setting O_NONBLOCK debug1: Bind to port 18935 on 0.0.0.0. Server listening on 0.0.0.0 port 18935. debug2: fd 4 setting O_NONBLOCK debug3: sock_set_v6only: set socket 4 IPV6_V6ONLY debug1: Bind to port 18935 on ::. Server listening on :: port 18935.

...

With that window open, try connecting with X2GoClient to 128.149.23.102:18935. % /Applications/x2goclient.app/Contents/MacOS/x2goclient ; exit; x2go-INFO-1> "Starting x2goclient..." x2go-WARNING-1> "Can't load translator: :/i18n/x2goclient_en_us" x2go-WARNING-2> "Can't load translator: :/i18n/qt_en_US" x2go-INFO-3> "Started x2goclient." Object::connect: No such slot SessionWidget::slot_emitSettings() Object::connect: No such slot SessionWidget::slot_emitSettings() Object::connect: No such signal SessionWidget::directRDP(bool) Object::connect: No such signal SessionWidget::settingsChanged(QString,QString,QString) 2015-05-11 09:15:19.797 x2goclient[21241:1652401] modalSession has been exited prematurely - check for a reentrant call to endModalSession: x2go-INFO-8> "Starting connection to server: 128.149.23.102:18935" x2go-ERROR-2> "Connection Error(Cannot connect to 128.149.23.102:18935): Connection refused"

On 5/11/15, 9:05 AM, "Real, Elizabeth (392K)" <Elizabeth.Real@jpl.nasa.gov> wrote:

...

Here are the outputs from RH7 server and Mac client:

RH7 server: # /usr/sbin/sshd -ddd -p 18935 debug2: load_server_config: filename /etc/ssh/sshd_config debug2: load_server_config: done config len = 848 debug2: parse_server_config: config /etc/ssh/sshd_config len 848 debug3: /etc/ssh/sshd_config:28 setting HostKey /etc/ssh/ssh_host_rsa_key debug3: /etc/ssh/sshd_config:30 setting HostKey /etc/ssh/ssh_host_ecdsa_key debug3: /etc/ssh/sshd_config:42 setting SyslogFacility AUTHPRIV debug3: /etc/ssh/sshd_config:44 setting LogLevel VERBOSE debug3: /etc/ssh/sshd_config:56 setting MaxAuthTries 5 debug3: /etc/ssh/sshd_config:64 setting AuthorizedKeysFile .ssh/authorized_keys debug3: /etc/ssh/sshd_config:73 setting RhostsRSAAuthentication yes debug3: /etc/ssh/sshd_config:76 setting HostbasedAuthentication yes debug3: /etc/ssh/sshd_config:82 setting IgnoreRhosts no debug3: /etc/ssh/sshd_config:87 setting PasswordAuthentication yes debug3: /etc/ssh/sshd_config:91 setting ChallengeResponseAuthentication yes debug3: /etc/ssh/sshd_config:102 setting GSSAPIAuthentication yes debug3: /etc/ssh/sshd_config:104 setting GSSAPICleanupCredentials yes debug3: /etc/ssh/sshd_config:120 setting UsePAM yes debug3: /etc/ssh/sshd_config:126 setting X11Forwarding yes debug3: /etc/ssh/sshd_config:133 setting UsePrivilegeSeparation sandbox debug3: /etc/ssh/sshd_config:149 setting Banner /etc/banners/sshd debug3: /etc/ssh/sshd_config:152 setting AcceptEnv LANG LC_CTYPE LC_NUMERIC LC_TIME LC_COLLATE LC_MONETARY LC_MESSAGES debug3: /etc/ssh/sshd_config:153 setting AcceptEnv LC_PAPER LC_NAME LC_ADDRESS LC_TELEPHONE LC_MEASUREMENT debug3: /etc/ssh/sshd_config:154 setting AcceptEnv LC_IDENTIFICATION LC_ALL LANGUAGE debug3: /etc/ssh/sshd_config:155 setting AcceptEnv XMODIFIERS debug3: /etc/ssh/sshd_config:158 setting Subsystem sftp /usr/libexec/openssh/sftp-server debug1: sshd version OpenSSH_6.4, OpenSSL 1.0.1e-fips 11 Feb 2013 debug3: Incorrect RSA1 identifier debug1: read PEM private key done: type RSA debug3: Incorrect RSA1 identifier debug3: Could not load "/etc/ssh/ssh_host_rsa_key" as a RSA1 public key debug1: private host key: #0 type 1 RSA debug3: Incorrect RSA1 identifier debug1: read PEM private key done: type ECDSA debug3: Incorrect RSA1 identifier debug3: Could not load "/etc/ssh/ssh_host_ecdsa_key" as a RSA1 public key debug1: private host key: #1 type 3 ECDSA debug1: rexec_argv[0]='/usr/sbin/sshd' debug1: rexec_argv[1]='-ddd' debug1: rexec_argv[2]='-p' debug1: rexec_argv[3]='18935' debug3: oom_adjust_setup Set /proc/self/oom_score_adj from 0 to -1000 debug2: fd 3 setting O_NONBLOCK debug1: Bind to port 18935 on 0.0.0.0. Server listening on 0.0.0.0 port 18935. debug2: fd 4 setting O_NONBLOCK debug3: sock_set_v6only: set socket 4 IPV6_V6ONLY debug1: Bind to port 18935 on ::. Server listening on :: port 18935.

Mac client: % ssh -p 18935 root@joey ssh: connect to host joey port 18935: Connection refused

---

From: Real, Elizabeth (392K) Sent: Thursday, May 07, 2015 3:23 PM To: Mihai Moldovan; x2go-dev@lists.x2go.org Subject: Re: [X2Go-Dev] X2go Mac client and Red Hat 7 server

RH7 server: setup debug and set sshd port 18935

Client: configured x2goclient to connect to port 18935 but got connection refused x2go-INFO-8> "Starting connection to server: 128.149.23.102:18935" x2go-ERROR-2> "Connection Error(Cannot connect to 128.149.23.102:18935): Connection refused"

On 5/7/15, 12:41 PM, "Mihai Moldovan" <ionic@ionic.de> wrote:

...

On 06.05.2015 11:55 PM, Real, Elizabeth (392K) wrote:

...

Any other ideas?

No new information and you have done nothing wrong.

Looks like you will need to get your hands dirty.

Please start sshd manually as root on the RH 7 machine:

sudo sshd -ddd -p 18935

It should be running in the foreground, outputting debug information and listening on port 18935 (feel free to change this to whatever you feel suitable, it doesn't matter as long it as the port is unused and not colling with anything else you might use.

Then, configure x2goclient to connect to that port and start a session.

You should see additional debug information printed by sshd... hopefully hinting at what might have gone awry.

Mihai

Permissions seem ok:

Run the following command on the server: ls -lah /etc/ssh/*host* Please post that output to the list.

-rw-r-----. 1 root ssh_keys 227 Aug 21 2014 ssh_host_ecdsa_key -rw-r--r--. 1 root root 162 Aug 21 2014 ssh_host_ecdsa_key.pub -rw-r-----. 1 root ssh_keys 1.7K Aug 21 2014 ssh_host_rsa_key -rw-r--r--. 1 root root 382 Aug 21 2014 ssh_host_rsa_key.pub

Once you verified/fixed that, try running $(which sshd) -ddd -p 18935 again and check if at least the error message regarding the RSA key from above are gone.

THE RSA key error came up again: debug1: sshd version OpenSSH_6.4, OpenSSL 1.0.1e-fips 11 Feb 2013 debug3: Incorrect RSA1 identifier debug1: read PEM private key done: type RSA debug3: Incorrect RSA1 identifier debug3: Could not load "/etc/ssh/ssh_host_rsa_key" as a RSA1 public key debug1: private host key: #0 type 1 RSA debug3: Incorrect RSA1 identifier debug1: read PEM private key done: type ECDSA debug3: Incorrect RSA1 identifier debug3: Could not load "/etc/ssh/ssh_host_ecdsa_key" as a RSA1 public key debug1: private host key: #1 type 3 ECDSA debug1: rexec_argv[0]='/sbin/sshd' debug1: rexec_argv[1]='-ddd' debug1: rexec_argv[2]='-p' debug1: rexec_argv[3]='18935' debug3: oom_adjust_setup Set /proc/self/oom_score_adj from 0 to -1000 debug2: fd 3 setting O_NONBLOCK debug1: Bind to port 18935 on 0.0.0.0. Server listening on 0.0.0.0 port 18935. debug2: fd 4 setting O_NONBLOCK debug3: sock_set_v6only: set socket 4 IPV6_V6ONLY debug1: Bind to port 18935 on ::. Server listening on :: port 18935.

move and regenere rsa keys using the following command, as root: ssh-keygen -t rsa -f /etc/ssh/ssh_host_rsa_key

-rw-r-----. 1 root ssh_keys 227 Aug 21 2014 ssh_host_ecdsa_key -rw-r--r--. 1 root root 162 Aug 21 2014 ssh_host_ecdsa_key.pub -rw-------. 1 root root 1.7K May 11 13:46 ssh_host_rsa_key -rw-r--r--. 1 root root 404 May 11 13:46 ssh_host_rsa_key.pub

Then perform the above checks again (presence of files, ownership, permissions) and verify that $(which sshd) -ddd -p 18935 no longer spits out the error message regarding the RSA key from above.

SAME RSA key error :/

debug1: sshd version OpenSSH_6.4, OpenSSL 1.0.1e-fips 11 Feb 2013 debug3: Incorrect RSA1 identifier debug1: read PEM private key done: type RSA debug3: Incorrect RSA1 identifier debug3: Could not load "/etc/ssh/ssh_host_rsa_key" as a RSA1 public key debug1: private host key: #0 type 1 RSA debug3: Incorrect RSA1 identifier debug1: read PEM private key done: type ECDSA debug3: Incorrect RSA1 identifier debug3: Could not load "/etc/ssh/ssh_host_ecdsa_key" as a RSA1 public key debug1: private host key: #1 type 3 ECDSA debug1: rexec_argv[0]='/sbin/sshd' debug1: rexec_argv[1]='-ddd' debug1: rexec_argv[2]='-p' debug1: rexec_argv[3]='18935' debug3: oom_adjust_setup Set /proc/self/oom_score_adj from 0 to -1000 debug2: fd 3 setting O_NONBLOCK debug1: Bind to port 18935 on 0.0.0.0. Server listening on 0.0.0.0 port 18935. debug2: fd 4 setting O_NONBLOCK debug3: sock_set_v6only: set socket 4 IPV6_V6ONLY debug1: Bind to port 18935 on ::. Server listening on :: port 18935.

On 5/11/15, 10:28 AM, "Real, Elizabeth (392K)" <Elizabeth.Real@jpl.nasa.gov> wrote:

Tried this again and when I got to executing netstat -ant | grep ':18935' | wc -l the server returned the number 2, however the client still gave protocol mismatch:

x2go-INFO-8> "Starting connection to server: 127.0.0.1:18935" x2go-ERROR-2> "Connection Error(Cannot connect to 127.0.0.1:18935): Protocol mismatch: "

On 5/11/15, 9:44 AM, "Real, Elizabeth (392K)" <Elizabeth.Real@jpl.nasa.gov> wrote:

...

...

if my previous message with the $(which sshd) line didn't produce any useful debug output, here's something else you could try. However, if you *did* get debug output from that previous step, there's no need to try the following as well. These are mainly connectivity tests. On the client's commandline, execute: ssh -L18935:128.149.23.102:22 128.149.23.102 If that connects, leave the ssh session running.

Client connects and I¹m able to authenticate.

...

Then, change your X2GoClient session to point to 127.0.0.1:18935 instead of 128.149.23.102:22 Try and see if it connects. (Expected result: Protocol mismatch error message)

2015-05-11 09:28:59.009 x2goclient[21467:1656748] modalSession has been exited prematurely - check for a reentrant call to endModalSession: x2go-INFO-8> "Starting connection to server: 127.0.0.1:18935" x2go-ERROR-2> "Connection Error(Cannot connect to 127.0.0.1:18935): Protocol mismatch: "

...

Close X2GoClient, close the SSH session, then repeat it like this: ssh -L18935:127.0.0.1:22 128.149.23.102 # ^^^^^^^^^ note the different IP here Try and see if it connects. (Expected result: Protocol mismatch error message)

x2go-INFO-8> "Starting connection to server: 127.0.0.1:18935" x2go-ERROR-2> "Connection Error(Cannot connect to 127.0.0.1:18935): Protocol mismatch: "

...

Again, close X2GoClient, close the SSH session. Repeat with ssh -L18935:127.0.0.1:18935 128.149.23.102 # ^^^^^ note the different port number here

Able to connect and authenticate

...

verify that an SSHD is listening on the server by using the command netstat -ant | grep ':18935' | wc -l on the *server*. It should return a number greater than 0.

Returned 0

...

Now, try to connect X2GoClient using 127.0.0.1:18935 again.

2015-05-11 09:36:04.970 x2goclient[21660:1659334] modalSession has been exited prematurely - check for a reentrant call to endModalSession: x2go-INFO-8> "Starting connection to server: 127.0.0.1:18935" x2go-ERROR-2> "Connection Error(Cannot connect to 127.0.0.1:18935): Connection refused"

On 5/11/15, 9:16 AM, "Real, Elizabeth (392K)" <Elizabeth.Real@jpl.nasa.gov> wrote:

...

See my replies below:

...

When using "sudo sshd -ddd -p 18935" like suggested by Mihai, I'm getting "sshd re-exec requires execution with an absolute path" and the shell prompt returns.

I got this last Friday and figured the absolute path

...

Which means there is no SSHD running on port 18935. (Verifiable with "netstat -ant | grep ':18935' | wc -l" - that should return a number greater than 0 if SSHD is running on Port 18935.)

Returned the number 2

...

sudo $(which sshd) -ddd -p 18935 Leave that commandline window open, important debug information will appear there.

# $(which sshd) -ddd -p 18935 debug2: load_server_config: filename /etc/ssh/sshd_config debug2: load_server_config: done config len = 848 debug2: parse_server_config: config /etc/ssh/sshd_config len 848 debug3: /etc/ssh/sshd_config:28 setting HostKey /etc/ssh/ssh_host_rsa_key debug3: /etc/ssh/sshd_config:30 setting HostKey /etc/ssh/ssh_host_ecdsa_key debug3: /etc/ssh/sshd_config:42 setting SyslogFacility AUTHPRIV debug3: /etc/ssh/sshd_config:44 setting LogLevel VERBOSE debug3: /etc/ssh/sshd_config:56 setting MaxAuthTries 5 debug3: /etc/ssh/sshd_config:64 setting AuthorizedKeysFile .ssh/authorized_keys debug3: /etc/ssh/sshd_config:73 setting RhostsRSAAuthentication yes debug3: /etc/ssh/sshd_config:76 setting HostbasedAuthentication yes debug3: /etc/ssh/sshd_config:82 setting IgnoreRhosts no debug3: /etc/ssh/sshd_config:87 setting PasswordAuthentication yes debug3: /etc/ssh/sshd_config:91 setting ChallengeResponseAuthentication yes debug3: /etc/ssh/sshd_config:102 setting GSSAPIAuthentication yes debug3: /etc/ssh/sshd_config:104 setting GSSAPICleanupCredentials yes debug3: /etc/ssh/sshd_config:120 setting UsePAM yes debug3: /etc/ssh/sshd_config:126 setting X11Forwarding yes debug3: /etc/ssh/sshd_config:133 setting UsePrivilegeSeparation sandbox

debug3: /etc/ssh/sshd_config:149 setting Banner /etc/banners/sshd debug3: /etc/ssh/sshd_config:152 setting AcceptEnv LANG LC_CTYPE LC_NUMERIC LC_TIME LC_COLLATE LC_MONETARY LC_MESSAGES debug3: /etc/ssh/sshd_config:153 setting AcceptEnv LC_PAPER LC_NAME LC_ADDRESS LC_TELEPHONE LC_MEASUREMENT debug3: /etc/ssh/sshd_config:154 setting AcceptEnv LC_IDENTIFICATION LC_ALL LANGUAGE debug3: /etc/ssh/sshd_config:155 setting AcceptEnv XMODIFIERS debug3: /etc/ssh/sshd_config:158 setting Subsystem sftp /usr/libexec/openssh/sftp-server debug1: sshd version OpenSSH_6.4, OpenSSL 1.0.1e-fips 11 Feb 2013 debug3: Incorrect RSA1 identifier debug1: read PEM private key done: type RSA debug3: Incorrect RSA1 identifier debug3: Could not load "/etc/ssh/ssh_host_rsa_key" as a RSA1 public key debug1: private host key: #0 type 1 RSA debug3: Incorrect RSA1 identifier debug1: read PEM private key done: type ECDSA debug3: Incorrect RSA1 identifier debug3: Could not load "/etc/ssh/ssh_host_ecdsa_key" as a RSA1 public key debug1: private host key: #1 type 3 ECDSA debug1: rexec_argv[0]='/sbin/sshd' debug1: rexec_argv[1]='-ddd' debug1: rexec_argv[2]='-p' debug1: rexec_argv[3]='18935' debug3: oom_adjust_setup Set /proc/self/oom_score_adj from 0 to -1000 debug2: fd 3 setting O_NONBLOCK debug1: Bind to port 18935 on 0.0.0.0. Server listening on 0.0.0.0 port 18935. debug2: fd 4 setting O_NONBLOCK debug3: sock_set_v6only: set socket 4 IPV6_V6ONLY debug1: Bind to port 18935 on ::. Server listening on :: port 18935.

...

With that window open, try connecting with X2GoClient to 128.149.23.102:18935. % /Applications/x2goclient.app/Contents/MacOS/x2goclient ; exit; x2go-INFO-1> "Starting x2goclient..." x2go-WARNING-1> "Can't load translator: :/i18n/x2goclient_en_us" x2go-WARNING-2> "Can't load translator: :/i18n/qt_en_US" x2go-INFO-3> "Started x2goclient." Object::connect: No such slot SessionWidget::slot_emitSettings() Object::connect: No such slot SessionWidget::slot_emitSettings() Object::connect: No such signal SessionWidget::directRDP(bool) Object::connect: No such signal SessionWidget::settingsChanged(QString,QString,QString) 2015-05-11 09:15:19.797 x2goclient[21241:1652401] modalSession has been exited prematurely - check for a reentrant call to endModalSession: x2go-INFO-8> "Starting connection to server: 128.149.23.102:18935" x2go-ERROR-2> "Connection Error(Cannot connect to 128.149.23.102:18935): Connection refused"

On 5/11/15, 9:05 AM, "Real, Elizabeth (392K)" <Elizabeth.Real@jpl.nasa.gov> wrote:

...

Here are the outputs from RH7 server and Mac client:

RH7 server: # /usr/sbin/sshd -ddd -p 18935 debug2: load_server_config: filename /etc/ssh/sshd_config debug2: load_server_config: done config len = 848 debug2: parse_server_config: config /etc/ssh/sshd_config len 848 debug3: /etc/ssh/sshd_config:28 setting HostKey /etc/ssh/ssh_host_rsa_key debug3: /etc/ssh/sshd_config:30 setting HostKey /etc/ssh/ssh_host_ecdsa_key debug3: /etc/ssh/sshd_config:42 setting SyslogFacility AUTHPRIV debug3: /etc/ssh/sshd_config:44 setting LogLevel VERBOSE debug3: /etc/ssh/sshd_config:56 setting MaxAuthTries 5 debug3: /etc/ssh/sshd_config:64 setting AuthorizedKeysFile .ssh/authorized_keys debug3: /etc/ssh/sshd_config:73 setting RhostsRSAAuthentication yes debug3: /etc/ssh/sshd_config:76 setting HostbasedAuthentication yes debug3: /etc/ssh/sshd_config:82 setting IgnoreRhosts no debug3: /etc/ssh/sshd_config:87 setting PasswordAuthentication yes debug3: /etc/ssh/sshd_config:91 setting ChallengeResponseAuthentication yes debug3: /etc/ssh/sshd_config:102 setting GSSAPIAuthentication yes debug3: /etc/ssh/sshd_config:104 setting GSSAPICleanupCredentials yes debug3: /etc/ssh/sshd_config:120 setting UsePAM yes debug3: /etc/ssh/sshd_config:126 setting X11Forwarding yes debug3: /etc/ssh/sshd_config:133 setting UsePrivilegeSeparation sandbox debug3: /etc/ssh/sshd_config:149 setting Banner /etc/banners/sshd debug3: /etc/ssh/sshd_config:152 setting AcceptEnv LANG LC_CTYPE LC_NUMERIC LC_TIME LC_COLLATE LC_MONETARY LC_MESSAGES debug3: /etc/ssh/sshd_config:153 setting AcceptEnv LC_PAPER LC_NAME LC_ADDRESS LC_TELEPHONE LC_MEASUREMENT debug3: /etc/ssh/sshd_config:154 setting AcceptEnv LC_IDENTIFICATION LC_ALL LANGUAGE debug3: /etc/ssh/sshd_config:155 setting AcceptEnv XMODIFIERS debug3: /etc/ssh/sshd_config:158 setting Subsystem sftp /usr/libexec/openssh/sftp-server debug1: sshd version OpenSSH_6.4, OpenSSL 1.0.1e-fips 11 Feb 2013 debug3: Incorrect RSA1 identifier debug1: read PEM private key done: type RSA debug3: Incorrect RSA1 identifier debug3: Could not load "/etc/ssh/ssh_host_rsa_key" as a RSA1 public key debug1: private host key: #0 type 1 RSA debug3: Incorrect RSA1 identifier debug1: read PEM private key done: type ECDSA debug3: Incorrect RSA1 identifier debug3: Could not load "/etc/ssh/ssh_host_ecdsa_key" as a RSA1 public key debug1: private host key: #1 type 3 ECDSA debug1: rexec_argv[0]='/usr/sbin/sshd' debug1: rexec_argv[1]='-ddd' debug1: rexec_argv[2]='-p' debug1: rexec_argv[3]='18935' debug3: oom_adjust_setup Set /proc/self/oom_score_adj from 0 to -1000 debug2: fd 3 setting O_NONBLOCK debug1: Bind to port 18935 on 0.0.0.0. Server listening on 0.0.0.0 port 18935. debug2: fd 4 setting O_NONBLOCK debug3: sock_set_v6only: set socket 4 IPV6_V6ONLY debug1: Bind to port 18935 on ::. Server listening on :: port 18935.

Mac client: % ssh -p 18935 root@joey ssh: connect to host joey port 18935: Connection refused

---

From: Real, Elizabeth (392K) Sent: Thursday, May 07, 2015 3:23 PM To: Mihai Moldovan; x2go-dev@lists.x2go.org Subject: Re: [X2Go-Dev] X2go Mac client and Red Hat 7 server

RH7 server: setup debug and set sshd port 18935

Client: configured x2goclient to connect to port 18935 but got connection refused x2go-INFO-8> "Starting connection to server: 128.149.23.102:18935" x2go-ERROR-2> "Connection Error(Cannot connect to 128.149.23.102:18935): Connection refused"

On 5/7/15, 12:41 PM, "Mihai Moldovan" <ionic@ionic.de> wrote:

...

On 06.05.2015 11:55 PM, Real, Elizabeth (392K) wrote:

...

Any other ideas?

No new information and you have done nothing wrong.

Looks like you will need to get your hands dirty.

Please start sshd manually as root on the RH 7 machine:

sudo sshd -ddd -p 18935

It should be running in the foreground, outputting debug information and listening on port 18935 (feel free to change this to whatever you feel suitable, it doesn't matter as long it as the port is unused and not colling with anything else you might use.

Then, configure x2goclient to connect to that port and start a session.

You should see additional debug information printed by sshd... hopefully hinting at what might have gone awry.

Mihai

Here¹s the client output:

SSH PORT 18935:

2015-05-11 16:28:58.651 x2goclient[23725:1861306] modalSession has been exited prematurely - check for a reentrant call to endModalSession: x2go-INFO-8> "Starting connection to server: 128.149.23.102:18935" x2go-ERROR-2> "Connection Error(Cannot connect to 128.149.23.102:18935): Connection refused" 2015-05-11 16:29:12.653 x2goclient[23725:1861306] modalSession has been exited prematurely - check for a reentrant call to endModalSession:

SSH PORT 22:

2015-05-11 16:30:38.126 x2goclient[23739:1862063] modalSession has been exited prematurely - check for a reentrant call to endModalSession: x2go-INFO-8> "Starting connection to server: 128.149.23.102:22" x2go-ERROR-2> "Connection Error(Cannot connect to 128.149.23.102:22): Protocol mismatch: " 2015-05-11 16:30:53.555 x2goclient[23739:1862063] modalSession has been exited prematurely - check for a reentrant call to endModalSession:

On 5/11/15, 4:06 PM, "Mihai Moldovan" <ionic@ionic.de> wrote:

On 11.05.2015 11:41 PM, Real, Elizabeth (392K) wrote:

...

Permissions seem ok: -rw-r-----. 1 root ssh_keys 227 Aug 21 2014 ssh_host_ecdsa_key -rw-r--r--. 1 root root 162 Aug 21 2014 ssh_host_ecdsa_key.pub -rw-r-----. 1 root ssh_keys 1.7K Aug 21 2014 ssh_host_rsa_key -rw-r--r--. 1 root root 382 Aug 21 2014 ssh_host_rsa_key.pub

Also looked like that on my RH 7 machine. It's weird that the private keys have group-readable permissions, especially given that the sshd_config man page states "Note that sshd(8) will refuse to use a file if it is group/world-accessible."

It doesn't seem like sshd cares too much, though. It still loads up the private key and seems to ignore the "faulty" permissions. I assume the daemon has been patched by Red Hat to support this.

...

THE RSA key error came up again: debug1: sshd version OpenSSH_6.4, OpenSSL 1.0.1e-fips 11 Feb 2013 debug3: Incorrect RSA1 identifier debug1: read PEM private key done: type RSA debug3: Incorrect RSA1 identifier debug3: Could not load "/etc/ssh/ssh_host_rsa_key" as a RSA1 public key debug1: private host key: #0 type 1 RSA debug3: Incorrect RSA1 identifier debug1: read PEM private key done: type ECDSA debug3: Incorrect RSA1 identifier debug3: Could not load "/etc/ssh/ssh_host_ecdsa_key" as a RSA1 public key

I think we are all misinterpreting the error. Naturally, /etc/ssh/ssh_host_rsa_key is NOT a public key, but a private key, so the error message is accurate.

It loaded up the private key correctly:

...

debug1: private host key: #0 type 1 RSA

FWIW, the same error message(s) show up on Ubuntu machines, so I guess that's not the problem.

What is currently still missing (or have I just overlooked it?) is the sshd output for a connection attempt via X2Go Client.

Can you please provide that?

Mihai

Here is the SSH server debut output:

debug2: load_server_config: filename /etc/ssh/sshd_config debug2: load_server_config: done config len = 848 debug2: parse_server_config: config /etc/ssh/sshd_config len 848 debug3: /etc/ssh/sshd_config:28 setting HostKey /etc/ssh/ssh_host_rsa_key debug3: /etc/ssh/sshd_config:30 setting HostKey /etc/ssh/ssh_host_ecdsa_key debug3: /etc/ssh/sshd_config:42 setting SyslogFacility AUTHPRIV debug3: /etc/ssh/sshd_config:44 setting LogLevel VERBOSE debug3: /etc/ssh/sshd_config:56 setting MaxAuthTries 5 debug3: /etc/ssh/sshd_config:64 setting AuthorizedKeysFile .ssh/authorized_keys debug3: /etc/ssh/sshd_config:73 setting RhostsRSAAuthentication yes debug3: /etc/ssh/sshd_config:76 setting HostbasedAuthentication yes debug3: /etc/ssh/sshd_config:82 setting IgnoreRhosts no debug3: /etc/ssh/sshd_config:87 setting PasswordAuthentication yes debug3: /etc/ssh/sshd_config:91 setting ChallengeResponseAuthentication yes debug3: /etc/ssh/sshd_config:102 setting GSSAPIAuthentication yes debug3: /etc/ssh/sshd_config:104 setting GSSAPICleanupCredentials yes debug3: /etc/ssh/sshd_config:120 setting UsePAM yes debug3: /etc/ssh/sshd_config:126 setting X11Forwarding yes debug3: /etc/ssh/sshd_config:133 setting UsePrivilegeSeparation sandbox debug3: /etc/ssh/sshd_config:149 setting Banner /etc/banners/sshd debug3: /etc/ssh/sshd_config:152 setting AcceptEnv LANG LC_CTYPE LC_NUMERIC LC_TIME LC_COLLATE LC_MONETARY LC_MESSAGES debug3: /etc/ssh/sshd_config:153 setting AcceptEnv LC_PAPER LC_NAME LC_ADDRESS LC_TELEPHONE LC_MEASUREMENT debug3: /etc/ssh/sshd_config:154 setting AcceptEnv LC_IDENTIFICATION LC_ALL LANGUAGE debug3: /etc/ssh/sshd_config:155 setting AcceptEnv XMODIFIERS debug3: /etc/ssh/sshd_config:158 setting Subsystem sftp /usr/libexec/openssh/sftp-server debug1: sshd version OpenSSH_6.4, OpenSSL 1.0.1e-fips 11 Feb 2013 debug3: Incorrect RSA1 identifier debug1: read PEM private key done: type RSA debug3: Incorrect RSA1 identifier debug3: Could not load "/etc/ssh/ssh_host_rsa_key" as a RSA1 public key debug1: private host key: #0 type 1 RSA debug3: Incorrect RSA1 identifier debug1: read PEM private key done: type ECDSA debug3: Incorrect RSA1 identifier debug3: Could not load "/etc/ssh/ssh_host_ecdsa_key" as a RSA1 public key debug1: private host key: #1 type 3 ECDSA debug1: rexec_argv[0]='/usr/sbin/sshd' debug1: rexec_argv[1]='-ddd' debug1: rexec_argv[2]='-p' debug1: rexec_argv[3]='18935' debug3: oom_adjust_setup Set /proc/self/oom_score_adj from 0 to -1000 debug2: fd 3 setting O_NONBLOCK debug1: Bind to port 18935 on 0.0.0.0. Server listening on 0.0.0.0 port 18935. debug2: fd 4 setting O_NONBLOCK debug3: sock_set_v6only: set socket 4 IPV6_V6ONLY debug1: Bind to port 18935 on ::. Server listening on :: port 18935. debug3: fd 5 is not O_NONBLOCK debug1: Server will not fork when running in debugging mode. debug3: send_rexec_state: entering fd = 8 config len 848 debug3: ssh_msg_send: type 0 debug3: send_rexec_state: done debug1: rexec start in 5 out 5 newsock 5 pipe -1 sock 8 debug1: inetd sockets after dupping: 3, 3 Connection from 128.149.23.102 port 60041 Did not receive identification string from 128.149.23.102

Client debug output: x2go-INFO-8> "Starting connection to server: 127.0.0.1:18935" x2go-ERROR-2> "Connection Error(Cannot connect to 127.0.0.1:18935): Protocol mismatch: "

On 5/11/15, 8:01 PM, "Mihai Moldovan" <ionic@ionic.de> wrote:

On 12.05.2015 01:31 AM, Real, Elizabeth (392K) wrote:

...

Here¹s the client output:

SSH PORT 18935:

2015-05-11 16:28:58.651 x2goclient[23725:1861306] modalSession has been exited prematurely - check for a reentrant call to endModalSession: x2go-INFO-8> "Starting connection to server: 128.149.23.102:18935" x2go-ERROR-2> "Connection Error(Cannot connect to 128.149.23.102:18935): Connection refused" 2015-05-11 16:29:12.653 x2goclient[23725:1861306] modalSession has been exited prematurely - check for a reentrant call to endModalSession:

No, that won't help.

Please start sshd manually on the server, I assume it's 128.149.23.102:

ssh 128.149.23.102 /usr/sbin/sshd -ddd -p 18935

The client must be able to connect to the server/port, so please make sure that's possible. For instance by avoiding the firewall via an SSH tunnel as proposed by Stefan in an earlier mail (though his command was wrong):

In another shell, run this command: ssh -L18935:128.149.23.102:18935 128.149.23.102

Then point the client to connect to

127.0.0.1:18935

Try to connect and post the *SSH server* debug output you should now have gathered in the first shell.

Mihai

P.S.: sorry for the intermingled stuff you have to do, but I hope the SSH server debug output will be helpful...

OSX client output:

printf "\n\n\n\n\n\n\n\n" | nc -w3 127.0.0.1 18935

SSH-2.0-OpenSSH_6.4 Protocol mismatch.

Please check if you have enabled any proxy setting in the Session Settings. Especially an HTTP-type proxy.

No proxy settings enabled.

Also, is Kerberos5/GSSAPI authentication turned on or off?

Kerberos5/GSSAPI is turned off

On 5/12/15, 11:05 AM, "Mihai Moldovan" <ionic@ionic.de> wrote:

On 12.05.2015 07:05 PM, Real, Elizabeth (392K) wrote:

...

Here is the SSH server debut output: Connection from 128.149.23.102 port 60041 Did not receive identification string from 128.149.23.102

Client debug output: x2go-INFO-8> "Starting connection to server: 127.0.0.1:18935" x2go-ERROR-2> "Connection Error(Cannot connect to 127.0.0.1:18935): Protocol mismatch: "

This is so weird.

For what I can tell, the server does send an empty identification string to the libssh client and the client bails out due to that.

With the debug sshd and the SSH tunnel as established via the -L... command line last time running, what's the output of running (on the OS X client):

printf "\n\n\n\n\n\n\n\n" | nc -w3 127.0.0.1 18935

That should return something like "SSH-2.0-OpenSSH_6.7p1 Debian-3". Sorry, I cannot connect to the VPN to access my RH 7 test machine for some reason, so I couldn't run it against that box.

If that works fine, it's likely not an connection issue per se.

Please check if you have enabled any proxy setting in the Session Settings. Especially an HTTP-type proxy.

Also, is Kerberos5/GSSAPI authentication turned on or off?

Mihai

I suppose rpm -qa | grep libssh is returning a version greater or equal 0.6.4?

RHEL7.0 server output: # rpm -qa | grep libssh libssh-0.6.4-1.el7.x86_64 libssh2-1.4.3-8.el7.x86_64

Really weird issue. Unfortunately I have no subscribed RH 7 machine to actually test this stuff.

I¹m upgrading the RHEL7.0 server to 7.1 today. I¹ll test the client-server connections and let you know of the outcome.

On 5/12/15, 10:21 PM, "Mihai Moldovan" <ionic@ionic.de> wrote:

On 12.05.2015 11:02 PM, Real, Elizabeth (392K) wrote:

...

OSX client output:

...

printf "\n\n\n\n\n\n\n\n" | nc -w3 127.0.0.1 18935

SSH-2.0-OpenSSH_6.4 Protocol mismatch.

That means that the server is transferring its capabilities just fine.

...

...

Please check if you have enabled any proxy setting in the Session Settings. Especially an HTTP-type proxy.

No proxy settings enabled

...

Also, is Kerberos5/GSSAPI authentication turned on or off?

Kerberos5/GSSAPI is turned off

Okay, so we can probably rule that out, too...

That's awkward. Looks like libssh is doing something wrong in that case.

I suppose rpm -qa | grep libssh is returning a version greater or equal 0.6.4?

Really weird issue. Unfortunately I have no subscribed RH 7 machine to actually test this stuff.

Mihai

On 16.05.2015 01:35 AM, Real, Elizabeth (392K) wrote:

Update:

I upgraded the server to RHEL7.1, tested the client-server connection but the client failed to connect.

Client: 2015-05-15 16:34:25.958 x2goclient[10729:480910] modalSession has been exited prematurely - check for a reentrant call to endModalSession: x2go-INFO-8> "Starting connection to server: 127.0.0.1:18935" x2go-ERROR-2> "Connection Error(Cannot connect to 127.0.0.1:18935): Socket error: disconnected" 2015-05-15 16:34:30.677 x2goclient[10729:480910] modalSession has been exited prematurely - check for a reentrant call to endModalSession:

Server: channel 3: open failed: connect failed: No route to host

That's a generic network issue. The client cannot talk to the server. Maybe you forgot to create the ssh tunnel? Note that it tries to connect to 127.0.0.1:18935.

Mihai

On 20.05.2015 11:34 PM, Real, Elizabeth (392K) wrote:

What version of SSH does x2go use?

X2Go uses SSH version 2. Protocol version 1 should not be in use anymore.

And if the issue is with the server¹s RSA ssh keys, can you provide documentation as to how the RSA keys should be setup on the server?

The RSA "problem" might have been misleading and not a problem at all - at least at this stage. Generally, it's true that RSA keys must be available, but the default setup as you had it should be providing that alright.

That is, if the problem is still the old "Protocol mismatch".

As far as I could see, libssh receives an empty banner from the remote OpenSSH daemon for some reason and thus can't connect at all. It never even reaches a state where client and server could exchange keys.

I have never, ever seen this issue before and I know at least one other person with an RHEL 7 server that has a working setup, so this must be something very specific to your setup.

It *looks* like a networking issue, but given that our previous tests with netcat "succeeded" in the sense of getting a legit banner out of the remote OpenSSH server, I'm stumped.

Other possible things to look out for include the proxy settings in the session settings, but I think we have ruled that out, too, because you're not using any proxy.

It *could* also be a bug in libssh, but that would be very odd. Especially given it works for other people.

I assume access to these machines for debug purposes is not an option?

Mihai

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256

Am 11.05.2015 um 18:16 schrieb Real, Elizabeth (392K):

debug1: sshd version OpenSSH_6.4, OpenSSL 1.0.1e-fips 11 Feb 2013 debug3: Incorrect RSA1 identifier debug1: read PEM private key done: type RSA debug3: Incorrect RSA1 identifier debug3: Could not load "/etc/ssh/ssh_host_rsa_key" as a RSA1 public key ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ debug1: private host key: #0 type 1 RSA debug3: Incorrect RSA1 identifier debug1: read PEM private key done: type ECDSA debug3: Incorrect RSA1 identifier debug3: Could not load "/etc/ssh/ssh_host_ecdsa_key" as a RSA1 public key ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^

These two lines seem to indicate that you have a malformed RSA host key (and a malformed ECDSA host key as well) on your server, which means they are being ignored by the SSH daemon, which in turn explains why you cannot connect using X2Go. Why exactly they are considered malformed by the server is what we're going to try to find out next.

Please run the following command on the server: ls -lah /etc/ssh/*host*

It should deliver an output similar to this one (with an extra pair of files for the ECDSA key):

• -rw------- 1 root root 668 Mar 25 2011 /etc/ssh/ssh_host_dsa_key
• -rw-r--r-- 1 root root 601 Mar 25 2011 /etc/ssh/ssh_host_dsa_key.pub
• -rw------- 1 root root 1,7K Mar 25 2011 /etc/ssh/ssh_host_rsa_key
• -rw-r--r-- 1 root root 393 Mar 25 2011 /etc/ssh/ssh_host_rsa_key.pub

Please post that output to the list.

All the host key files not ending in ".pub" should have the permissions, all host key files ending in ".pub" should have the

• -rw-------

• -rw-r--r-- permissions, all host key files regardless of ending should be owned by user root and group root, as in the example above.

Once you verified/fixed that, try running $(which sshd) -ddd -p 18935 again and check if at least the error message regarding the RSA key from above are gone.

Of course, it may also be that the key files themselves are damaged internally. However, since it would be a REALLY BAD(tm) idea to post them to the list for inspection, please don't do that.

Instead, I would recommend moving the current RSA key files aside (using the "mv" command or a file manager of your choice) and regenerating them using the following command, as root: ssh-keygen -t rsa -f /etc/ssh/ssh_host_rsa_key

Then perform the above checks again (presence of files, ownership, permissions) and verify that $(which sshd) -ddd -p 18935 no longer spits out the error message regarding the RSA key from above.

Kind Regards, Stefan

BAUR-ITCS UG (haftungsbeschränkt) Geschäftsführer: Stefan Baur Eichenäckerweg 10, 89081 Ulm | Registergericht Ulm, HRB 724364 Fon/Fax 0731 40 34 66-36/-35 | USt-IdNr.: DE268653243 -----BEGIN PGP SIGNATURE----- Version: GnuPG v2

iQEcBAEBCAAGBQJVUPm8AAoJEG7d9BjNvlEZmt0IAJBRFPYQr/L1htHD7H6Q6pr2 IyZGmUH/YWvrSYonhSaKudZ6ccIiewTYem+EMTbyWzzFM51Fupkq5RTMqjBk1yAS updIZvuo+uu9kpqBnxUKP1mOu5PuleptGFBV/01VEs8xB4Y9deBfRgg6dK60ctGf XEqVZAqoXneoaV9QBrZSD7avi/JXYEtGzGvxEvhoJZjFNyBhVXVTgdWXebfKPyHS JOFUoW+FOfIVDrpLPyWs2IZebgxSMRKW2Pe93IOV7STtjqbBvX7YxujvyEyhxZZG fb5xo+lkEd4/EIonmLWxsTlq8gN8V06MA0Si8RXMR9z2NlcIEu7cYCja1vr8ymw= =yTHQ -----END PGP SIGNATURE-----