is it possible to use ssh to connect to toxiproxy with a SSH server as backend.

[mpet]

Hi,

I have setup toxiproxy for java in project so we can get the same ip and port and don't have to restart our server but only the proxy.

We use a java client and then ToxiProxy and Netopeer2 (both containers).

I setup using java and then I print the ports to make sure we setup correct.

2022-11-15 12:07:37,015 INFO : Netopeer2 mapped port 51579 2022-11-15 12:07:40,506 INFO : ToxiProxy mapped port 51608

Then we try to connect:

Could not connect to localhost:51608 using SSH.

We are using trilead ssh2 java library to connect ( it works fine wo toxiproxy).

I checked the stacktrace then could see that the following could be performed

/* First, establish the TCP connection to the SSH-2 server */

    establishConnection(proxyData, connectTimeout, readTimeout);

So we could establish a tcp connection.

But then it fails in:

/* Parse the server line and say hello - important: this information is later needed for the

• key exchange (to stop man-in-the-middle attacks) - that is why we wrap it into an object

• for later use. */

  ClientServerHello csh = new ClientServerHello(sock.getInputStream(), sock.getOutputStream());

Within this method it fails on:

int c = is.read();
        if (c == -1)
            throw new IOException("Premature connection close");

Do you know what could be the issue here?

br

//mike

[miry]

@mpet Sorry but I could not fully understand the problem. Can you share an example how it could be reproduced with docker compose/containers or shell scripts?

[mpet]

@miry I will try to supply a working example.

[mpet]

Hi again,

Prequesites: Docker Desktop or similar. I start the provided example and put a breakpoint in class ToxiProxyTest line 58. netopeer2Proxy.toxics().resetPeer("reset-peer-down", ToxicDirection.UPSTREAM, 10);

Then when it is running. I first try to connect to the mapped port for the Netopeer2 server.

The rpc.xml contains:

`<?xml version="1.0" encoding="UTF-8"?>

urn:ietf:params:neconf:base:1.0 urn:ietf:params:netconf:base:1.1 urn:ietf:params:netconf:capability:writable-running:1.0 urn:ietf:params:xml:ns:yang:ietf-netconf-monitoring?module=ietf-netconf-monitoring&revision=2010-10-04 ` Then form cywin I start ssh from command line : ` ssh -i idkey netconf@localhost -p 57115 -s netconf < rpc.xml` Then I get the following output. Warning: Identity file idkey not accessible: No such file or directory. The authenticity of host '[localhost]:57115 ([::1]:57115)' can't be established. RSA key fingerprint is SHA256:4dfREFhjQJ9Mpv1PJOJHaM2n0NTM4oJLoLIx8z+xAJU. This host key is known by the following other names/addresses: ~/.ssh/known_hosts:22: [localhost]:53619 Are you sure you want to continue connecting (yes/no/[fingerprint])? yes Warning: Permanently added '[localhost]:57115' (RSA) to the list of known hosts. Interactive SSH Authentication Type your password: (netconf@localhost) Password: urn:ietf:params:netconf:base:1.0urn:ietf:params:netconf:base:1.1urn:ietf:params:netconf:capability:writable-running:1.0urn:ietf:params:netconf:capability:candidate:1.0urn:ietf:params:netconf:capability:rollback-on-error:1.0urn:ietf:params:netconf:capability:validate:1.1urn:ietf:params:netconf:capability:startup:1.0urn:ietf:params:netconf:capability:xpath:1.0urn:ietf:params:netconf:capability:with-defaults:1.0?basic-mode=explicit&also-supported=report-all,report-all-tagged,trim,expliciturn:ietf:params:netconf:capability:notification:1.0urn:ietf:params:netconf:capability:interleave:1.0urn:ietf:params:xml:ns:yang:ietf-yang-metadata?module=ietf-yang-metadata&revision=2016-08-05urn:ietf:params:xml:ns:yang:1?module=yang&revision=2017-02-20urn:ietf:params:xml:ns:yang:ietf-inet-types?module=ietf-inet-types&revision=2013-07-15urn:ietf:params:xml:ns:yang:ietf-yang-types?module=ietf-yang-types&revision=2013-07-15urn:ietf:params:netconf:capability:yang-library:1.1?revision=2019-01-04&content-id=32urn:sysrepo:plugind?module=sysrepo-plugind&revision=2020-12-10urn:ietf:params:xml:ns:yang:ietf-netconf-acm?module=ietf-netconf-acm&revision=2018-02-14urn:ietf:params:xml:ns:netconf:base:1.0?module=ietf-netconf&revision=2013-09-29&features=writable-running,candidate,rollback-on-error,validate,startup,url,xpathurn:ietf:params:xml:ns:yang:ietf-netconf-with-defaults?module=ietf-netconf-with-defaults&revision=2011-06-01urn:ietf:params:xml:ns:yang:ietf-netconf-notifications?module=ietf-netconf-notifications&revision=2012-02-06urn:ietf:params:xml:ns:yang:ietf-netconf-monitoring?module=ietf-netconf-monitoring&revision=2010-10-04urn:ietf:params:xml:ns:netconf:notification:1.0?module=notifications&revision=2008-07-14urn:ietf:params:xml:ns:netmod:notification?module=nc-notifications&revision=2008-07-14urn:ietf:params:xml:ns:yang:ietf-x509-cert-to-name?module=ietf-x509-cert-to-name&revision=2014-12-10urn:ietf:params:xml:ns:yang:iana-crypt-hash?module=iana-crypt-hash&revision=2014-08-061]]>]]>Connection to localhost closed by remote host. This works fine! **Note:** check log for port , "mapped port for netopeer2" Then when try to connect to toxiproxy I get the following: $ ssh -i idkey netconf@localhost -p 57094 -s netconf < rpc.xml Warning: Identity file idkey not accessible: No such file or directory. kex_exchange_identification: Connection closed by remote host Connection closed by ::1 port 57094 **Note:** check the log for port, mapped port for toxiproxy 57585 I am expecting that I could connect to toxiproxy port and the created, ToxiProxy in ToxiProxyTest and get the same result back as with the netopeer2. What am I missing? Eclipse project to execute with Docker Desktop running. [toxiproxy.zip](https://github.com/Shopify/toxiproxy/files/10014736/toxiproxy.zip) //mike

[mpet]

@miry I found the issue in my code:

I had this line: netopeer2Proxy = toxiproxyClient.createProxy("netopeer2", "localhost:8666", "localhost:"+netopeer2.getMappedPort(830));

The line should be:

netopeer2Proxy = toxiproxyClient.createProxy("netopeer2", "0.0.0.0:8666", "localhost:830");

It is a bit confusing that for listener that localhost does not work but it is ok for the upstream.

[miry]

The upstream is how Toxiproxy can reach service. It could be that the service was available by 0.0.0.0:830. For listener it is what would be available for other services. If the clients located on another machine, then those could not reach Proxy.

@mpet I am glad that you found the problem. I am going to close the issue.