[winswitch] SSH login failure with winswitch

Antoine Martin antoine at nagafix.co.uk
Wed Aug 20 15:20:52 BST 2014


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

On 20/08/14 21:11, Shane Williams wrote:
> On Wed, 20 Aug 2014, Antoine Martin wrote:
>
>> On 20/08/14 19:39, Shane Williams wrote:
>>> I've been trying for a while to use winswitch between several
>>> systems.  First, trying to connect from OSX to a Linux workstation,
>>> but then from one Linux workstation to another (I'm running gentoo on
>>> both Linux boxes).
>>>
>>> In each case, what I've found is that it looks like SSH isn't able to
>>> connect with the password, despite the fact that I can connect between
>>> systems using ssh at the command line (these are systems I connect to
>>> regularly, so I feel very confident I'm not mistyping the password).
>>>
>>> In particular, what I'm seeing in the logs are entries like:
>>>
>>> Aug 20 07:27:54 xxxxxx sshd[23276]: SSH: Server;Ltype: Version;Remote:
>>> 192.168.1.9-56825;Protocol: 2.0;Client: Twisted
>>> Aug 20 07:27:54 xxxxxx sshd[23276]: SSH: Server;Ltype: Kex;Remote:
>>> 192.168.1.9-56825;Enc: aes256-ctr;MAC: hmac-sha1;Comp: none [preauth]
>>> Aug 20 07:27:54 xxxxxx sshd[23276]: SSH: Server;Ltype: Authname;Remote:
>>> 192.168.1.9-56825;Name: shanew [preauth]
>>> Aug 20 07:27:54 xxxxxx sshd[23276]: Postponed keyboard-interactive for
>>> shanew from 192.168.1.9 port 56825 ssh2 [preauth]
>>> Aug 20 07:27:54 xxxxxx last message repeated 2 times
>>> Aug 20 07:27:54 xxxxxx sshd[23276]: Failed keyboard-interactive/pam for
>>> shanew from 192.168.1.9 port 56825 ssh2
>>> Aug 20 07:27:54 xxxxxx sshd[23276]: Disconnecting: Too many
>>> authentication failures for shanew [preauth]
>>>
>>> I haven't tried using keys yet, but I get the impression that keys
>>> shouldn't be necessary to connect.
>> Correct. Keys are nice, but should not be needed.
>>>
>>> Any suggestions?
>> Yes... (I assume that you've checked your username, etc):
>> * on Linux, especially with distros like gentoo, you may need to add an
>> "askpass" utility to your environment to ensure that you get prompted
>> for a password
>> * could be an incompatibility with the Twisted library you have
>> installed (on Linux only, we ship our own one with OSX builds)
>> * OSX, I will try to test again, what version are you using?
>> (unfortunately, I don't have every version available for testing..)
>
> I emerged x11-ssh-askpass, and when I try to connect to the remote
> server, it doesn't pop anything up.
IIRC, you may also need environment variables to tell SSH about it.
> I tried removing my password from
> the connection configuration screen thinking that might prompt the
> askpass, and noticed something interesting.  When I have an empty or
> incorrect password entered in the configuration, I get errors like
> this on the remote side (in auth.log):
>
> Aug 20 09:00:11 xxxxxx sshd[23427]: Bad protocol version identification
> 'set_salt 'cfcb532196ab4b7c8f51c3c9dd907adf'' from 192.168.1.9 port
> 60288
> Aug 20 09:00:12 xxxxxx sshd[23430]: Bad protocol version identification
> 'set_salt '4994cf6a6b4b44ba82e33ec39110c99e'' from 192.168.1.9 port 60289
>
> In fact, now even if I set the password back to the correct one, I
> still see errors like that in the remote auth.log.  I don't know if
> that represents progress or a step backwards?
Not sure, it looks like winswitch is not using ssh at all and is sending
the regular winswitch packet data to ssh, as it would do when configured
to use plain tcp.
I would double-check that the connection mode for this server does
specify ssh mode.
Defining a brand new config for it if you were using mdns to
auto-configure previously.
>
> If there's a specific version of twisted (core or conch) that I should
> be using, let me know.  I have at least a few options to choose from
> on gentoo.
Before you downgrade anything, it probably makes sense to ascertain if
twisted is part of the problem or not.
Try running the client in debug mode:
http://winswitch.org/dev/debugging.html
And look for ssh in the output.

Cheers
Antoine

>
> I don't have the OSX machine in front of me, but I'll let you know
> what version it's on once I've had a look.
>

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2

iEYEARECAAYFAlP0rsQACgkQGK2zHPGK1rt6ngCcDrI7svO6Rnlra4PwwfQfeWKT
W2oAnA/ZR5oPig6jKre3M4InNrfRvGVp
=wo/r
-----END PGP SIGNATURE-----




More information about the shifter-users mailing list