JinQ-git / WebTerminal

Web Browser based Terminal (ssh client) with Tomcat Server
MIT License
2 stars 1 forks source link

Stuck after success login #1

Open 0312birdzhang opened 4 years ago

0312birdzhang commented 4 years ago

如图所示,客户端发送消息后服务端只回复了一个{"id":1,"result":"Success"},然后就没有然后了

请问有什么方法可以调试吗?

image

0312birdzhang commented 4 years ago

在要登录的主机上可以看到登录成功了

Oct 19 15:58:52 mytesthost sshd[29138]: Connection from 192.168.2.33 port 23736
Oct 19 15:58:52 mytesthost sshd[29138]: debug1: Client protocol version 2.0; client software version JSCH-0.1.54
Oct 19 15:58:52 mytesthost sshd[29138]: debug1: no match: JSCH-0.1.54
Oct 19 15:58:52 mytesthost sshd[29138]: debug1: Enabling compatibility mode for protocol 2.0
Oct 19 15:58:52 mytesthost sshd[29138]: debug1: Local version string SSH-2.0-OpenSSH_5.3
Oct 19 15:58:52 mytesthost sshd[29139]: debug1: permanently_set_uid: 74/74
Oct 19 15:58:52 mytesthost sshd[29139]: debug1: list_hostkey_types: ssh-rsa,ssh-dss
Oct 19 15:58:52 mytesthost sshd[29139]: debug1: SSH2_MSG_KEXINIT sent
Oct 19 15:58:52 mytesthost sshd[29139]: debug1: SSH2_MSG_KEXINIT received
Oct 19 15:58:52 mytesthost sshd[29139]: debug1: kex: client->server aes128-ctr hmac-md5 none
Oct 19 15:58:52 mytesthost sshd[29139]: debug1: kex: server->client aes128-ctr hmac-md5 none
Oct 19 15:58:52 mytesthost sshd[29139]: debug1: expecting SSH2_MSG_KEXDH_INIT
Oct 19 15:58:52 mytesthost sshd[29139]: debug1: SSH2_MSG_NEWKEYS sent
Oct 19 15:58:52 mytesthost sshd[29139]: debug1: expecting SSH2_MSG_NEWKEYS
Oct 19 15:58:52 mytesthost sshd[29139]: debug1: SSH2_MSG_NEWKEYS received
Oct 19 15:58:52 mytesthost sshd[29139]: debug1: KEX done
Oct 19 15:58:52 mytesthost sshd[29139]: debug1: userauth-request for user testuser service ssh-connection method none
Oct 19 15:58:52 mytesthost sshd[29139]: debug1: attempt 0 failures 0
Oct 19 15:58:52 mytesthost sshd[29138]: debug1: PAM: initializing for "testuser"
Oct 19 15:58:52 mytesthost sshd[29139]: debug1: userauth-request for user testuser service ssh-connection method gssapi-with-mic
Oct 19 15:58:52 mytesthost sshd[29139]: debug1: attempt 1 failures 0
Oct 19 15:58:52 mytesthost sshd[29138]: debug1: PAM: setting PAM_RHOST to "192.168.2.33"
Oct 19 15:58:52 mytesthost sshd[29138]: debug1: PAM: setting PAM_TTY to "ssh"
Oct 19 15:58:52 mytesthost sshd[29138]: debug1: Unspecified GSS failure.  Minor code may provide more information\nKey table file '/etc/krb5.keytab' not found\n
Oct 19 15:58:52 mytesthost sshd[29139]: debug1: userauth-request for user testuser service ssh-connection method password
Oct 19 15:58:52 mytesthost sshd[29139]: debug1: attempt 2 failures 0
Oct 19 15:58:52 mytesthost sshd[29138]: debug1: PAM: password authentication accepted for testuser
Oct 19 15:58:52 mytesthost sshd[29138]: debug1: do_pam_account: called
Oct 19 15:58:52 mytesthost sshd[29138]: Accepted password for testuser from 192.168.2.33 port 23736 ssh2
Oct 19 15:58:52 mytesthost sshd[29138]: debug1: monitor_child_preauth: testuser has been authenticated by privileged process
Oct 19 15:58:52 mytesthost sshd[29138]: debug1: temporarily_use_uid: 805/100 (e=0/0)
Oct 19 15:58:52 mytesthost sshd[29138]: debug1: ssh_gssapi_storecreds: Not a GSSAPI mechanism
Oct 19 15:58:52 mytesthost sshd[29138]: debug1: restore_uid: 0/0
Oct 19 15:58:52 mytesthost sshd[29138]: debug1: SELinux support disabled
Oct 19 15:58:52 mytesthost sshd[29138]: debug1: PAM: establishing credentials
Oct 19 15:58:52 mytesthost sshd[29138]: pam_unix(sshd:session): session opened for user testuser by (uid=0)
Oct 19 15:58:52 mytesthost sshd[29138]: debug1: temporarily_use_uid: 805/100 (e=0/0)
Oct 19 15:58:52 mytesthost sshd[29138]: debug1: ssh_gssapi_storecreds: Not a GSSAPI mechanism
Oct 19 15:58:52 mytesthost sshd[29138]: debug1: restore_uid: 0/0
Oct 19 15:58:52 mytesthost sshd[29138]: User child is on pid 29141
Oct 19 15:58:52 mytesthost sshd[29141]: debug1: PAM: establishing credentials
Oct 19 15:58:52 mytesthost sshd[29141]: debug1: permanently_set_uid: 805/100
Oct 19 15:58:52 mytesthost sshd[29141]: debug1: Entering interactive session for SSH2.
Oct 19 15:58:52 mytesthost sshd[29141]: debug1: server_init_dispatch_20
Oct 19 15:58:52 mytesthost sshd[29141]: debug1: server_input_channel_open: ctype session rchan 1 win 1048576 max 16384
Oct 19 15:58:52 mytesthost sshd[29141]: debug1: input_session_request
Oct 19 15:58:52 mytesthost sshd[29141]: debug1: channel 0: new [server-session]
Oct 19 15:58:52 mytesthost sshd[29141]: debug1: session_new: session 0
Oct 19 15:58:52 mytesthost sshd[29141]: debug1: session_open: channel 0
Oct 19 15:58:52 mytesthost sshd[29141]: debug1: session_open: session 0: link with channel 0
Oct 19 15:58:52 mytesthost sshd[29141]: debug1: server_input_channel_open: confirm session
Oct 19 15:58:52 mytesthost sshd[29141]: debug1: server_input_channel_req: channel 0 request pty-req reply 0
Oct 19 15:58:52 mytesthost sshd[29141]: debug1: session_by_channel: session 0 channel 0
Oct 19 15:58:52 mytesthost sshd[29141]: debug1: session_input_channel_req: session 0 req pty-req
Oct 19 15:58:52 mytesthost sshd[29141]: debug1: Allocating pty.
Oct 19 15:58:52 mytesthost sshd[29138]: debug1: session_new: session 0
Oct 19 15:58:52 mytesthost sshd[29141]: debug1: session_pty_req: session 0 alloc /dev/pts/3
Oct 19 15:58:52 mytesthost sshd[29141]: debug1: server_input_channel_req: channel 0 request env reply 0
Oct 19 15:58:52 mytesthost sshd[29141]: debug1: session_by_channel: session 0 channel 0
Oct 19 15:58:52 mytesthost sshd[29141]: debug1: session_input_channel_req: session 0 req env
Oct 19 15:58:52 mytesthost sshd[29141]: debug1: server_input_channel_req: channel 0 request shell reply 0
Oct 19 15:58:52 mytesthost sshd[29141]: debug1: session_by_channel: session 0 channel 0
Oct 19 15:58:52 mytesthost sshd[29141]: debug1: session_input_channel_req: session 0 req shell
Oct 19 15:58:52 mytesthost sshd[29142]: debug1: Setting controlling tty using TIOCSCTTY.
JinQ-git commented 4 years ago

I can't speak chinese so I write comment with english.

Server Side Check Point:

1. Check Message Receive

    Check dev/websocket/WSSecureShell class.

    onMessageFromClient() method is handling messages from the client.

2. Check Message Write

    Check dev/util/ssh/SecureShellWsWriterSecure or SecureShellWsWriter class.

    JSch ChannelShell calls write() method of above class.

    In write() method,

    ws.getBasicRemote().sendText(
        String.format(
            "{\"method\":\"data\",\"params\":{\"isSecured\":true,\"data\":{\"iv\":\"%s\",\"cipherData\":\"%s\",\"encoding\":\"base64\"}}}",
            ivPartBase64,
            encPartBase64
        )
    );

    this code is a part of writing message to client.

Client Side Check Point:

1. Check Message Write

    Check connectWebsocketWithTerminal() function in WebContent/js/terminal.js (line:281)

    As you know, chrome-like browser will show you in/out messages of websocket through developer tools.

2. Check Message Receive

    Once websocket received the message, wsHandleMessage() function in WebContent/js/terminal.js (line:253) will be called.

    "ev.data" is a raw text message from the server.
0312birdzhang commented 4 years ago

Sorry for use chinese. Thank you very much, i will feedback when i resolve it.

0312birdzhang commented 4 years ago

"Fixed" by disable encrypt when using http protocol, it's weird.

JinQ-git commented 4 years ago

I wonder have you checked server's character encoding.

I found out that some codes are hardcoded which I assume that server's character encoding set to be utf-8.

I tried to set character encoding to utf-8 when connecting to the server. (Java side) In dev/websocket/WSSecureShell.java, onOpenWebsocket() method, the implementation guesses server's character encoding and store it to shEncOpt variable. Please check a value of shEncOpt that is correct encoding string. ( or you can just simply set shEncOpt value as "en_US.UTF-8" for a quick test. )

If your problem is not from a character encoding problem, you have to figure out where is the problem manually by debugging.

For example, (encrypt mode)

  1. Does a message from the client is correct? Check dev/websocket/WSSecureShell: onMessageFromClient() method be called. Print msg and confirm a value of the msg is same as you expected. Check dev/jsonrpc/params/ParamOnData: getBytes(key) method, which decrypts cipher successfully. You can check byte array directly or encode it to UTF-8 string and print it to log window. ( ex> before return, System.out.printnln( new String( decryptData, StandardCharsets.UTF_8 ) ); )
  2. Does a message to client is encoded correctly? Check dev/util/ssh/SecureShellWsWriterSecure: write() method that input byte array is utf-8 encoded string bytes. Note that CryptoJS library encode string as utf-8 after decrypt cipher text. So, byte array data, which has to be encrypted, must be utf-8 encoded string bytes.

I'm sorry that this is all I can do to help you. I wish your problem will be solved.

Thank you