[X2Go-Dev] X2go Mac client and Red Hat 7 server
Real, Elizabeth (392K)
Elizabeth.Real at jpl.nasa.gov
Mon May 11 22:54:33 CEST 2015
Permissions seem ok:
> Run the following command on the server:
> ls -lah /etc/ssh/*host*
> Please post that output to the list.
-rw-r-----. 1 root ssh_keys 227 Aug 21 2014 ssh_host_ecdsa_key
-rw-r--r--. 1 root root 162 Aug 21 2014 ssh_host_ecdsa_key.pub
-rw-r-----. 1 root ssh_keys 1.7K Aug 21 2014 ssh_host_rsa_key
-rw-r--r--. 1 root root 382 Aug 21 2014 ssh_host_rsa_key.pub
> Once you verified/fixed that, try running
> $(which sshd) -ddd -p 18935
> again and check if at least the error message regarding the RSA key from
>above are gone.
THE RSA key error came up again:
debug1: sshd version OpenSSH_6.4, OpenSSL 1.0.1e-fips 11 Feb 2013
debug3: Incorrect RSA1 identifier
debug1: read PEM private key done: type RSA
debug3: Incorrect RSA1 identifier
debug3: Could not load "/etc/ssh/ssh_host_rsa_key" as a RSA1 public key
debug1: private host key: #0 type 1 RSA
debug3: Incorrect RSA1 identifier
debug1: read PEM private key done: type ECDSA
debug3: Incorrect RSA1 identifier
debug3: Could not load "/etc/ssh/ssh_host_ecdsa_key" as a RSA1 public key
debug1: private host key: #1 type 3 ECDSA
debug1: rexec_argv[0]='/sbin/sshd'
debug1: rexec_argv[1]='-ddd'
debug1: rexec_argv[2]='-p'
debug1: rexec_argv[3]='18935'
debug3: oom_adjust_setup
Set /proc/self/oom_score_adj from 0 to -1000
debug2: fd 3 setting O_NONBLOCK
debug1: Bind to port 18935 on 0.0.0.0.
Server listening on 0.0.0.0 port 18935.
debug2: fd 4 setting O_NONBLOCK
debug3: sock_set_v6only: set socket 4 IPV6_V6ONLY
debug1: Bind to port 18935 on ::.
Server listening on :: port 18935.
> move and regenere rsa keys using the following command, as root:
> ssh-keygen -t rsa -f /etc/ssh/ssh_host_rsa_key
-rw-r-----. 1 root ssh_keys 227 Aug 21 2014 ssh_host_ecdsa_key
-rw-r--r--. 1 root root 162 Aug 21 2014 ssh_host_ecdsa_key.pub
-rw-------. 1 root root 1.7K May 11 13:46 ssh_host_rsa_key
-rw-r--r--. 1 root root 404 May 11 13:46 ssh_host_rsa_key.pub
> Then perform the above checks again (presence of files, ownership,
>permissions) and verify that
> $(which sshd) -ddd -p 18935
> no longer spits out the error message regarding the RSA key from above.
SAME RSA key error :/
# $(which sshd) -ddd -p 18935
debug2: load_server_config: filename /etc/ssh/sshd_config
debug2: load_server_config: done config len = 848
debug2: parse_server_config: config /etc/ssh/sshd_config len 848
debug3: /etc/ssh/sshd_config:28 setting HostKey /etc/ssh/ssh_host_rsa_key
debug3: /etc/ssh/sshd_config:30 setting HostKey /etc/ssh/ssh_host_ecdsa_key
debug3: /etc/ssh/sshd_config:42 setting SyslogFacility AUTHPRIV
debug3: /etc/ssh/sshd_config:44 setting LogLevel VERBOSE
debug3: /etc/ssh/sshd_config:56 setting MaxAuthTries 5
debug3: /etc/ssh/sshd_config:64 setting AuthorizedKeysFile
.ssh/authorized_keys
debug3: /etc/ssh/sshd_config:73 setting RhostsRSAAuthentication yes
debug3: /etc/ssh/sshd_config:76 setting HostbasedAuthentication yes
debug3: /etc/ssh/sshd_config:82 setting IgnoreRhosts no
debug3: /etc/ssh/sshd_config:87 setting PasswordAuthentication yes
debug3: /etc/ssh/sshd_config:91 setting ChallengeResponseAuthentication yes
debug3: /etc/ssh/sshd_config:102 setting GSSAPIAuthentication yes
debug3: /etc/ssh/sshd_config:104 setting GSSAPICleanupCredentials yes
debug3: /etc/ssh/sshd_config:120 setting UsePAM yes
debug3: /etc/ssh/sshd_config:126 setting X11Forwarding yes
debug3: /etc/ssh/sshd_config:133 setting UsePrivilegeSeparation sandbox
debug3: /etc/ssh/sshd_config:149 setting Banner /etc/banners/sshd
debug3: /etc/ssh/sshd_config:152 setting AcceptEnv LANG LC_CTYPE
LC_NUMERIC LC_TIME LC_COLLATE LC_MONETARY LC_MESSAGES
debug3: /etc/ssh/sshd_config:153 setting AcceptEnv LC_PAPER LC_NAME
LC_ADDRESS LC_TELEPHONE LC_MEASUREMENT
debug3: /etc/ssh/sshd_config:154 setting AcceptEnv LC_IDENTIFICATION
LC_ALL LANGUAGE
debug3: /etc/ssh/sshd_config:155 setting AcceptEnv XMODIFIERS
debug3: /etc/ssh/sshd_config:158 setting Subsystem
sftp /usr/libexec/openssh/sftp-server
debug1: sshd version OpenSSH_6.4, OpenSSL 1.0.1e-fips 11 Feb 2013
debug3: Incorrect RSA1 identifier
debug1: read PEM private key done: type RSA
debug3: Incorrect RSA1 identifier
debug3: Could not load "/etc/ssh/ssh_host_rsa_key" as a RSA1 public key
debug1: private host key: #0 type 1 RSA
debug3: Incorrect RSA1 identifier
debug1: read PEM private key done: type ECDSA
debug3: Incorrect RSA1 identifier
debug3: Could not load "/etc/ssh/ssh_host_ecdsa_key" as a RSA1 public key
debug1: private host key: #1 type 3 ECDSA
debug1: rexec_argv[0]='/sbin/sshd'
debug1: rexec_argv[1]='-ddd'
debug1: rexec_argv[2]='-p'
debug1: rexec_argv[3]='18935'
debug3: oom_adjust_setup
Set /proc/self/oom_score_adj from 0 to -1000
debug2: fd 3 setting O_NONBLOCK
debug1: Bind to port 18935 on 0.0.0.0.
Server listening on 0.0.0.0 port 18935.
debug2: fd 4 setting O_NONBLOCK
debug3: sock_set_v6only: set socket 4 IPV6_V6ONLY
debug1: Bind to port 18935 on ::.
Server listening on :: port 18935.
On 5/11/15, 10:28 AM, "Real, Elizabeth (392K)"
<Elizabeth.Real at jpl.nasa.gov> wrote:
>Tried this again and when I got to executing netstat -ant | grep ':18935'
>| wc -l the server returned the number 2, however the client still gave
>protocol mismatch:
>
>
>x2go-INFO-8> "Starting connection to server: 127.0.0.1:18935"
>x2go-ERROR-2> "Connection Error(Cannot connect to 127.0.0.1:18935):
>Protocol mismatch: "
>
>
>On 5/11/15, 9:44 AM, "Real, Elizabeth (392K)"
><Elizabeth.Real at jpl.nasa.gov> wrote:
>
>>> if my previous message with the $(which sshd) line didn't produce any
>>>useful debug output, here's something else you could try. However, if
>>>you *did* get debug output from
>>> that previous step, there's no need to try the following as well.
>>>These
>>>are mainly connectivity tests.
>>> On the client's commandline, execute:
>>> ssh -L18935:128.149.23.102:22 128.149.23.102
>>> If that connects, leave the ssh session running.
>>
>>Client connects and I¹m able to authenticate.
>>
>>> Then, change your X2GoClient session to point to
>>> 127.0.0.1:18935 instead of 128.149.23.102:22
>>> Try and see if it connects.
>>> (Expected result: Protocol mismatch error message)
>>
>>2015-05-11 09:28:59.009 x2goclient[21467:1656748] modalSession has been
>>exited prematurely - check for a reentrant call to endModalSession:
>>x2go-INFO-8> "Starting connection to server: 127.0.0.1:18935"
>>x2go-ERROR-2> "Connection Error(Cannot connect to 127.0.0.1:18935):
>>Protocol mismatch: "
>>
>>
>>> Close X2GoClient, close the SSH session, then repeat it like this:
>>> ssh -L18935:127.0.0.1:22 128.149.23.102
>>> # ^^^^^^^^^ note the different IP here
>>> Try and see if it connects. (Expected result: Protocol mismatch error
>>>message)
>>
>>x2go-INFO-8> "Starting connection to server: 127.0.0.1:18935"
>>x2go-ERROR-2> "Connection Error(Cannot connect to 127.0.0.1:18935):
>>Protocol mismatch: "
>>
>>
>>> Again, close X2GoClient, close the SSH session.
>>> Repeat with
>>> ssh -L18935:127.0.0.1:18935 128.149.23.102
>>> # ^^^^^ note the different port number here
>>
>>Able to connect and authenticate
>>
>>> verify that an SSHD is listening on the server by using the command
>>> netstat -ant | grep ':18935' | wc -l
>>> on the *server*. It should return a number greater than 0.
>>
>>Returned 0
>>
>>> Now, try to connect X2GoClient using 127.0.0.1:18935 again.
>>
>>
>>2015-05-11 09:36:04.970 x2goclient[21660:1659334] modalSession has been
>>exited prematurely - check for a reentrant call to endModalSession:
>>x2go-INFO-8> "Starting connection to server: 127.0.0.1:18935"
>>x2go-ERROR-2> "Connection Error(Cannot connect to 127.0.0.1:18935):
>>Connection refused"
>>
>>
>>
>>
>>On 5/11/15, 9:16 AM, "Real, Elizabeth (392K)"
>><Elizabeth.Real at jpl.nasa.gov> wrote:
>>
>>>See my replies below:
>>>
>>>> When using "sudo sshd -ddd -p 18935" like suggested by Mihai, I'm
>>>> getting "sshd re-exec requires execution with an absolute path" and
>>>> the shell prompt returns.
>>>
>>>I got this last Friday and figured the absolute path
>>>
>>>> Which means there is no SSHD running on port 18935. (Verifiable with
>>>> "netstat -ant | grep ':18935' | wc -l" - that should return a number
>>>> greater than 0 if SSHD is running on Port 18935.)
>>>
>>>Returned the number 2
>>>
>>>> sudo $(which sshd) -ddd -p 18935
>>>> Leave that commandline window open, important debug information will
>>>>appear there.
>>>
>>># $(which sshd) -ddd -p 18935
>>>debug2: load_server_config: filename /etc/ssh/sshd_config
>>>debug2: load_server_config: done config len = 848
>>>debug2: parse_server_config: config /etc/ssh/sshd_config len 848
>>>debug3: /etc/ssh/sshd_config:28 setting HostKey
>>>/etc/ssh/ssh_host_rsa_key
>>>debug3: /etc/ssh/sshd_config:30 setting HostKey
>>>/etc/ssh/ssh_host_ecdsa_key
>>>debug3: /etc/ssh/sshd_config:42 setting SyslogFacility AUTHPRIV
>>>debug3: /etc/ssh/sshd_config:44 setting LogLevel VERBOSE
>>>debug3: /etc/ssh/sshd_config:56 setting MaxAuthTries 5
>>>debug3: /etc/ssh/sshd_config:64 setting AuthorizedKeysFile
>>>.ssh/authorized_keys
>>>debug3: /etc/ssh/sshd_config:73 setting RhostsRSAAuthentication yes
>>>debug3: /etc/ssh/sshd_config:76 setting HostbasedAuthentication yes
>>>debug3: /etc/ssh/sshd_config:82 setting IgnoreRhosts no
>>>debug3: /etc/ssh/sshd_config:87 setting PasswordAuthentication yes
>>>debug3: /etc/ssh/sshd_config:91 setting ChallengeResponseAuthentication
>>>yes
>>>debug3: /etc/ssh/sshd_config:102 setting GSSAPIAuthentication yes
>>>debug3: /etc/ssh/sshd_config:104 setting GSSAPICleanupCredentials yes
>>>debug3: /etc/ssh/sshd_config:120 setting UsePAM yes
>>>debug3: /etc/ssh/sshd_config:126 setting X11Forwarding yes
>>>debug3: /etc/ssh/sshd_config:133 setting UsePrivilegeSeparation sandbox
>>>
>>>debug3: /etc/ssh/sshd_config:149 setting Banner /etc/banners/sshd
>>>debug3: /etc/ssh/sshd_config:152 setting AcceptEnv LANG LC_CTYPE
>>>LC_NUMERIC LC_TIME LC_COLLATE LC_MONETARY LC_MESSAGES
>>>debug3: /etc/ssh/sshd_config:153 setting AcceptEnv LC_PAPER LC_NAME
>>>LC_ADDRESS LC_TELEPHONE LC_MEASUREMENT
>>>debug3: /etc/ssh/sshd_config:154 setting AcceptEnv LC_IDENTIFICATION
>>>LC_ALL LANGUAGE
>>>debug3: /etc/ssh/sshd_config:155 setting AcceptEnv XMODIFIERS
>>>debug3: /etc/ssh/sshd_config:158 setting Subsystem sftp
>>>/usr/libexec/openssh/sftp-server
>>>debug1: sshd version OpenSSH_6.4, OpenSSL 1.0.1e-fips 11 Feb 2013
>>>debug3: Incorrect RSA1 identifier
>>>debug1: read PEM private key done: type RSA
>>>debug3: Incorrect RSA1 identifier
>>>debug3: Could not load "/etc/ssh/ssh_host_rsa_key" as a RSA1 public key
>>>debug1: private host key: #0 type 1 RSA
>>>debug3: Incorrect RSA1 identifier
>>>debug1: read PEM private key done: type ECDSA
>>>debug3: Incorrect RSA1 identifier
>>>debug3: Could not load "/etc/ssh/ssh_host_ecdsa_key" as a RSA1 public
>>>key
>>>debug1: private host key: #1 type 3 ECDSA
>>>debug1: rexec_argv[0]='/sbin/sshd'
>>>debug1: rexec_argv[1]='-ddd'
>>>debug1: rexec_argv[2]='-p'
>>>debug1: rexec_argv[3]='18935'
>>>debug3: oom_adjust_setup
>>>Set /proc/self/oom_score_adj from 0 to -1000
>>>debug2: fd 3 setting O_NONBLOCK
>>>debug1: Bind to port 18935 on 0.0.0.0.
>>>Server listening on 0.0.0.0 port 18935.
>>>debug2: fd 4 setting O_NONBLOCK
>>>debug3: sock_set_v6only: set socket 4 IPV6_V6ONLY
>>>debug1: Bind to port 18935 on ::.
>>>Server listening on :: port 18935.
>>>
>>>
>>>> With that window open, try connecting with X2GoClient to
>>>>128.149.23.102:18935.
>>>% /Applications/x2goclient.app/Contents/MacOS/x2goclient ; exit;
>>>x2go-INFO-1> "Starting x2goclient..."
>>>x2go-WARNING-1> "Can't load translator: :/i18n/x2goclient_en_us"
>>>x2go-WARNING-2> "Can't load translator: :/i18n/qt_en_US"
>>>x2go-INFO-3> "Started x2goclient."
>>>Object::connect: No such slot SessionWidget::slot_emitSettings()
>>>Object::connect: No such slot SessionWidget::slot_emitSettings()
>>>Object::connect: No such signal SessionWidget::directRDP(bool)
>>>Object::connect: No such signal
>>>SessionWidget::settingsChanged(QString,QString,QString)
>>>2015-05-11 09:15:19.797 x2goclient[21241:1652401] modalSession has been
>>>exited prematurely - check for a reentrant call to endModalSession:
>>>x2go-INFO-8> "Starting connection to server: 128.149.23.102:18935"
>>>x2go-ERROR-2> "Connection Error(Cannot connect to 128.149.23.102:18935):
>>>Connection refused"
>>>
>>>
>>>
>>>
>>>
>>>On 5/11/15, 9:05 AM, "Real, Elizabeth (392K)"
>>><Elizabeth.Real at jpl.nasa.gov> wrote:
>>>
>>>>Here are the outputs from RH7 server and Mac client:
>>>>
>>>>RH7 server:
>>>># /usr/sbin/sshd -ddd -p 18935
>>>>debug2: load_server_config: filename /etc/ssh/sshd_config
>>>>debug2: load_server_config: done config len = 848
>>>>debug2: parse_server_config: config /etc/ssh/sshd_config len 848
>>>>debug3: /etc/ssh/sshd_config:28 setting HostKey
>>>>/etc/ssh/ssh_host_rsa_key
>>>>debug3: /etc/ssh/sshd_config:30 setting HostKey
>>>>/etc/ssh/ssh_host_ecdsa_key
>>>>debug3: /etc/ssh/sshd_config:42 setting SyslogFacility AUTHPRIV
>>>>debug3: /etc/ssh/sshd_config:44 setting LogLevel VERBOSE
>>>>debug3: /etc/ssh/sshd_config:56 setting MaxAuthTries 5
>>>>debug3: /etc/ssh/sshd_config:64 setting AuthorizedKeysFile
>>>>.ssh/authorized_keys
>>>>debug3: /etc/ssh/sshd_config:73 setting RhostsRSAAuthentication yes
>>>>debug3: /etc/ssh/sshd_config:76 setting HostbasedAuthentication yes
>>>>debug3: /etc/ssh/sshd_config:82 setting IgnoreRhosts no
>>>>debug3: /etc/ssh/sshd_config:87 setting PasswordAuthentication yes
>>>>debug3: /etc/ssh/sshd_config:91 setting ChallengeResponseAuthentication
>>>>yes
>>>>debug3: /etc/ssh/sshd_config:102 setting GSSAPIAuthentication yes
>>>>debug3: /etc/ssh/sshd_config:104 setting GSSAPICleanupCredentials yes
>>>>debug3: /etc/ssh/sshd_config:120 setting UsePAM yes
>>>>debug3: /etc/ssh/sshd_config:126 setting X11Forwarding yes
>>>>debug3: /etc/ssh/sshd_config:133 setting UsePrivilegeSeparation
>>>>sandbox
>>>>debug3: /etc/ssh/sshd_config:149 setting Banner /etc/banners/sshd
>>>>debug3: /etc/ssh/sshd_config:152 setting AcceptEnv LANG LC_CTYPE
>>>>LC_NUMERIC LC_TIME LC_COLLATE LC_MONETARY LC_MESSAGES
>>>>debug3: /etc/ssh/sshd_config:153 setting AcceptEnv LC_PAPER LC_NAME
>>>>LC_ADDRESS LC_TELEPHONE LC_MEASUREMENT
>>>>debug3: /etc/ssh/sshd_config:154 setting AcceptEnv LC_IDENTIFICATION
>>>>LC_ALL LANGUAGE
>>>>debug3: /etc/ssh/sshd_config:155 setting AcceptEnv XMODIFIERS
>>>>debug3: /etc/ssh/sshd_config:158 setting Subsystem
>>>>sftp /usr/libexec/openssh/sftp-server
>>>>debug1: sshd version OpenSSH_6.4, OpenSSL 1.0.1e-fips 11 Feb 2013
>>>>debug3: Incorrect RSA1 identifier
>>>>debug1: read PEM private key done: type RSA
>>>>debug3: Incorrect RSA1 identifier
>>>>debug3: Could not load "/etc/ssh/ssh_host_rsa_key" as a RSA1 public key
>>>>debug1: private host key: #0 type 1 RSA
>>>>debug3: Incorrect RSA1 identifier
>>>>debug1: read PEM private key done: type ECDSA
>>>>debug3: Incorrect RSA1 identifier
>>>>debug3: Could not load "/etc/ssh/ssh_host_ecdsa_key" as a RSA1 public
>>>>key
>>>>debug1: private host key: #1 type 3 ECDSA
>>>>debug1: rexec_argv[0]='/usr/sbin/sshd'
>>>>debug1: rexec_argv[1]='-ddd'
>>>>debug1: rexec_argv[2]='-p'
>>>>debug1: rexec_argv[3]='18935'
>>>>debug3: oom_adjust_setup
>>>>Set /proc/self/oom_score_adj from 0 to -1000
>>>>debug2: fd 3 setting O_NONBLOCK
>>>>debug1: Bind to port 18935 on 0.0.0.0.
>>>>Server listening on 0.0.0.0 port 18935.
>>>>debug2: fd 4 setting O_NONBLOCK
>>>>debug3: sock_set_v6only: set socket 4 IPV6_V6ONLY
>>>>debug1: Bind to port 18935 on ::.
>>>>Server listening on :: port 18935.
>>>>
>>>>
>>>>Mac client:
>>>>% ssh -p 18935 root at joey
>>>>ssh: connect to host joey port 18935: Connection refused
>>>>
>>>>________________________________________
>>>>From: Real, Elizabeth (392K)
>>>>Sent: Thursday, May 07, 2015 3:23 PM
>>>>To: Mihai Moldovan; x2go-dev at lists.x2go.org
>>>>Subject: Re: [X2Go-Dev] X2go Mac client and Red Hat 7 server
>>>>
>>>>RH7 server: setup debug and set sshd port 18935
>>>>
>>>>Client: configured x2goclient to connect to port 18935 but got
>>>>connection
>>>>refused
>>>>x2go-INFO-8> "Starting connection to server: 128.149.23.102:18935"
>>>>x2go-ERROR-2> "Connection Error(Cannot connect to
>>>>128.149.23.102:18935):
>>>>Connection refused"
>>>>
>>>>
>>>>
>>>>On 5/7/15, 12:41 PM, "Mihai Moldovan" <ionic at ionic.de> wrote:
>>>>
>>>>>On 06.05.2015 11:55 PM, Real, Elizabeth (392K) wrote:
>>>>>> Any other ideas?
>>>>>
>>>>>No new information and you have done nothing wrong.
>>>>>
>>>>>Looks like you will need to get your hands dirty.
>>>>>
>>>>>Please start sshd manually as root on the RH 7 machine:
>>>>>
>>>>>sudo sshd -ddd -p 18935
>>>>>
>>>>>It should be running in the foreground, outputting debug information
>>>>>and
>>>>>listening on port 18935 (feel free to change this to whatever you feel
>>>>>suitable,
>>>>>it doesn't matter as long it as the port is unused and not colling
>>>>>with
>>>>>anything
>>>>>else you might use.
>>>>>
>>>>>Then, configure x2goclient to connect to that port and start a
>>>>>session.
>>>>>
>>>>>You should see additional debug information printed by sshd...
>>>>>hopefully
>>>>>hinting
>>>>>at what might have gone awry.
>>>>>
>>>>>
>>>>>
>>>>>Mihai
>>>>>
>>>>
>>>
>>
>
More information about the x2go-dev
mailing list