[winswitch] WinSwitch - Issues connecting via SSH?

Wed Feb 22 11:14:45 GMT 2012

heya,

Ok, so to confirm, my client is Windows 7 running Winswitch 0.12.11.

The server I'm connecting to is running Ubuntu Server 11.10 (Oneiric
Ocelot). I've installed Xorg, as well as nxproxy and nxagent from the X2Go
PPA (https://launchpad.net/~x2go/+archive/stable/+packages).

The reason I'm using Putty to setup a tunnel first, and connecting via that
is because I can't SSH directly from client to server - I have to go via a
HTTP proxy. However, WinSwitch doesn't have support for using a HTTP proxy
and SSH, hence I have to connect using Putty, setup a tunnel, and then use
WinSwitch through that.

I've tested the Ptty tunnel with a SSH client, and it seems to work fine,
so the tunnel certainly *seems* to be setup correctly.

So the Windows WinSwitch client doesn't currently support Pageant's key
agent, right? But there's a option in WinSwitch itself to select a SSH key
- that should work right? And then when it tries to connect, it should
prompt me for the password for that keyfile?

When I tried using a keyfile, it didn't seem to do anything - no connection
or error message.

When I removed the keyfile and enabled password authentication, I got the
following message in /var/log/auth.log on the server:

Failed keyboard-interactive/pam for <username> from 127.0.0.1 port 38428
> ssh2

So it's almost like WinSwitch is sending the wrong password or something to
the server - although I'm confirmed that password works fine with an
ordinary SSH client. Very weird.

Is there anything else I can do to diagnose/narrow down the issue?

Cheers,
Victor

On Wed, Feb 22, 2012 at 21:02, Antoine Martin <antoine at nagafix.co.uk> wrote:

> >> Firstly - is it possible to use a SSH private key that has a password? I
> >> can't seem to find any option to enter in a password for the key. The
> >> workaround is just to use a keyfile without a password, or to use
> >> username/password based authentication, but neither are as secure, of
> >> course.
> > Yes.
> > It will use an ssh agent if one is running.
> > If it isn't running or if it does not have the passphrase for that key,
> > Winswitch will popup a dialog asking for the passphrase (the same dialog
> > which may ask you for a password if you have no key defined)
> Until pagent is supported, this is your only option.
>
> > From you log file, I see:
> > ConchUserAuth.serviceStarted() agent_socket_filename=None
> > Which tells me that Winswitch cannot find the ssh-agent's socket.
> > This is what my environment looks like, yours should be similar for it
> > to work:
> > $ export | grep -i ssh_
> > declare -x SSH_AGENT_PID="1998"
> > declare -x SSH_ASKPASS="/usr/libexec/openssh/gnome-ssh-askpass"
> > declare -x SSH_AUTH_SOCK="/tmp/ssh-urTdcIsR1903/agent.1903"
> Which is irrelevant on MS Windows...
>
> > If this does not help, please let me know your full distribution version
> > and environment so I can try to reproduce the problem.
> It just occurred to me that you are using the Windows client, which does
> not support putty's "pageant" authentication agent as it is...
>
> I can't seem to find information on what environment variables pageant
> sets and how we're supposed to talk to it. (no unix domain sockets on MS
> Windows.. and I don't think twisted-conch supports NamedPipes)
>
> So I've created a ticket for this feature:
> https://winswitch.org/trac/ticket/190
>
> Cheers
> Antoine
> _______________________________________________
> shifter-users mailing list
> shifter-users at lists.devloop.org.uk
> http://lists.devloop.org.uk/mailman/listinfo/shifter-users
>