[winswitch] SSH login failure with winswitch

Shane Williams shanew at shanew.net
Wed Aug 20 21:51:29 BST 2014 

On Wed, 20 Aug 2014, Antoine Martin wrote:

>
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
>
> On 20/08/14 21:11, Shane Williams wrote:
>> On Wed, 20 Aug 2014, Antoine Martin wrote:
>>
>>
>> I emerged x11-ssh-askpass, and when I try to connect to the remote
>> server, it doesn't pop anything up.
> IIRC, you may also need environment variables to tell SSH about it.

Added SSH_ASKPASS to my environment variables and ran winswitch_applet
from the CLI.  Still nothing.  That said, if I'm entering my password
into the connection configuration, shouldn't a ssh_askpass binary be
unnecessary?

>> I tried removing my password from
>> the connection configuration screen thinking that might prompt the
>> askpass, and noticed something interesting.  When I have an empty or
>> incorrect password entered in the configuration, I get errors like
>> this on the remote side (in auth.log):
>>
>> Aug 20 09:00:11 xxxxxx sshd[23427]: Bad protocol version identification
>> 'set_salt 'cfcb532196ab4b7c8f51c3c9dd907adf'' from 192.168.1.9 port
>> 60288
>> Aug 20 09:00:12 xxxxxx sshd[23430]: Bad protocol version identification
>> 'set_salt '4994cf6a6b4b44ba82e33ec39110c99e'' from 192.168.1.9 port 60289
>>
>> In fact, now even if I set the password back to the correct one, I
>> still see errors like that in the remote auth.log.  I don't know if
>> that represents progress or a step backwards?
> Not sure, it looks like winswitch is not using ssh at all and is sending
> the regular winswitch packet data to ssh, as it would do when configured
> to use plain tcp.

You are correct.  Somehow when I blanked out the password, the "use
ssh tunnels" box got unchecked, so that was user / UI error, and can
be ignored.

>> If there's a specific version of twisted (core or conch) that I should
>> be using, let me know.  I have at least a few options to choose from
>> on gentoo.
> Before you downgrade anything, it probably makes sense to ascertain if
> twisted is part of the problem or not.
> Try running the client in debug mode:
> http://winswitch.org/dev/debugging.html
> And look for ssh in the output.

I've put up the entire output up at http://pastebin.com/s6i8QDkR
I notice several errors, some of which seem more important than
others.  The part at the end is when I actually try connecting, and it
kind of looks like ConchUserAuth is never trying keyboard-interactive
as a method, relying instead on publickey.  As it indicates in the
output, twisted (both core and conch) are version 13 (13.0.0 to be
precise).


-- 
Public key #7BBC68D9 at            |                 Shane Williams
http://pgp.mit.edu/                |      System Admin - UT iSchool
=----------------------------------+-------------------------------
All syllogisms contain three lines |              shanew at shanew.net
Therefore this is not a syllogism  | www.ischool.utexas.edu/~shanew

More information about the shifter-users mailing list