[winswitch] WinSwitch - Issues connecting via SSH?

Antoine Martin antoine at nagafix.co.uk
Wed Feb 22 16:47:06 GMT 2012 

(snip)
> The reason I'm using Putty to setup a tunnel first, and connecting via
> that is because I can't SSH directly from client to server - I have to
> go via a HTTP proxy. However, WinSwitch doesn't have support for using a
> HTTP proxy and SSH, hence I have to connect using Putty, setup a tunnel,
> and then use WinSwitch through that.
Hah, OK, I understand.

> I've tested the Ptty tunnel with a SSH client, and it seems to work
> fine, so the tunnel certainly *seems* to be setup correctly.
>
>
> So the Windows WinSwitch client doesn't currently support Pageant's key
> agent, right?
No, and by the looks of things, it may never do. (Pageant's fault)

> But there's a option in WinSwitch itself to select a SSH
> key - that should work right?
As per separate email reply, you may be hitting a Python-Twisted bug...

> And then when it tries to connect, it
> should prompt me for the password for that keyfile?
It does here (tested on both Linux and Windows), the problem is that the
Twisted bug prevents it from loading the keyfile afterwards...
So it keeps asking me for the passphrase again and again..

> When I tried using a keyfile, it didn't seem to do anything - no
> connection or error message.
That's odd, not what I am seeing here...

What format are they in?
Can you possibly reproduce this with a brand new keypair? One you could
send me for testing?
The only thing I can think of is that the conch code tests the public
key and decides that it can't be used for authentication against the
server so it doesn't bother asking you for the passphrase.
(at least that's what it does if I use the wrong key here)

> When I removed the keyfile and enabled password authentication, I got
> the following message in /var/log/auth.log on the server:
> 
>     Failed keyboard-interactive/pam for <username> from 127.0.0.1 port
>     38428 ssh2
You should have got prompted for a password if you did not specify one,
the dialog also has an option to save the password.
You can also specify this password in the server's "Connection"
configuration dialog.

I test this regularly and I've just tested it again, worked fine.

> So it's almost like WinSwitch is sending the wrong password or something
> to the server - although I'm confirmed that password works fine with an
> ordinary SSH client. Very weird.
Indeed.
Can you try both options? (password prompt and "Connection" dialog)

> Is there anything else I can do to diagnose/narrow down the issue?
You've provided plenty of details, we should be able to get somewhere!

Cheers
Antoine



> 
> Cheers,
> Victor 
> 
> On Wed, Feb 22, 2012 at 21:02, Antoine Martin <antoine at nagafix.co.uk
> <mailto:antoine at nagafix.co.uk>> wrote:
> 
>     >> Firstly - is it possible to use a SSH private key that has a
>     password? I
>     >> can't seem to find any option to enter in a password for the key. The
>     >> workaround is just to use a keyfile without a password, or to use
>     >> username/password based authentication, but neither are as secure, of
>     >> course.
>     > Yes.
>     > It will use an ssh agent if one is running.
>     > If it isn't running or if it does not have the passphrase for that
>     key,
>     > Winswitch will popup a dialog asking for the passphrase (the same
>     dialog
>     > which may ask you for a password if you have no key defined)
>     Until pagent is supported, this is your only option.
> 
>     > From you log file, I see:
>     > ConchUserAuth.serviceStarted() agent_socket_filename=None
>     > Which tells me that Winswitch cannot find the ssh-agent's socket.
>     > This is what my environment looks like, yours should be similar for it
>     > to work:
>     > $ export | grep -i ssh_
>     > declare -x SSH_AGENT_PID="1998"
>     > declare -x SSH_ASKPASS="/usr/libexec/openssh/gnome-ssh-askpass"
>     > declare -x SSH_AUTH_SOCK="/tmp/ssh-urTdcIsR1903/agent.1903"
>     Which is irrelevant on MS Windows...
> 
>     > If this does not help, please let me know your full distribution
>     version
>     > and environment so I can try to reproduce the problem.
>     It just occurred to me that you are using the Windows client, which does
>     not support putty's "pageant" authentication agent as it is...
> 
>     I can't seem to find information on what environment variables pageant
>     sets and how we're supposed to talk to it. (no unix domain sockets on MS
>     Windows.. and I don't think twisted-conch supports NamedPipes)
> 
>     So I've created a ticket for this feature:
>     https://winswitch.org/trac/ticket/190
> 
>     Cheers
>     Antoine
>     _______________________________________________
>     shifter-users mailing list
>     shifter-users at lists.devloop.org.uk
>     <mailto:shifter-users at lists.devloop.org.uk>
>     http://lists.devloop.org.uk/mailman/listinfo/shifter-users
> 
>

More information about the shifter-users mailing list