Closed foice closed 1 year ago
This error has been fixed in all recent builds, including 4.4.6: 11164643ae02263a1eca88444aa7918d53027628 and 3.1.5: fefe5b48cd3f1b5bd9cd5d0bcd3b287ce2110b24
You haven't specified how you installed xpra or what command line you have used to trigger the problem, which makes it impossible to diagnose. Please see: https://github.com/Xpra-org/xpra/wiki/Reporting-Bugs
This error has been fixed in all recent builds, including 4.4.6: 1116464 and 3.1.5: fefe5b4
You haven't specified how you installed xpra or what command line you have used to trigger the problem, which makes it impossible to diagnose. Please see: https://github.com/Xpra-org/xpra/wiki/Reporting-Bugs
Now the original post should be fixed and contain the info you requested. Thanks for your time.
I have made sure OpenSSL and not LibreSSL is MacOS PATH
These changes will be ignored by xpra which uses its own $PATH
pointing inside the installed application on MacOS.
and I also modified the open SSL configuration on both server and client to load the legacy provider, as explained here.
Don't do that.
Xpra sets CRYPTOGRAPHY_OPENSSL_NO_LEGACY=1
.
My guess is that the openssl environment variable is not being applied with xpra start ssh://
URLs.
You should be able to start xpra with:
CRYPTOGRAPHY_OPENSSL_NO_LEGACY=1 xpra start ssh
Or by first starting your server instance and then using xpra attach
instead.
Thanks for chiming in. I managed to haveit to work issuing xpra start :7
and DISPLAY=:7 Mathematica
on the server (also tried xterm and firefox, 7 of course can be changed). Then on the client I used
CRYPTOGRAPHY_OPENSSL_NO_LEGACY=1 xpra attach ssh://d114/7
Without the CRYPTOGRAPHY_OPENSSL_NO_LEGACY=1
it does not work. Please note I have not changed my openssl.cfg
, it still loads legacy stuff, but I'd say this has no impact now, maybe I am wrong, see below.
Unfortunately if I try the one-shot command from the client
CRYPTOGRAPHY_OPENSSL_NO_LEGACY=1 xpra start ssh:d114 --start=xterm
there is a new error
2023-07-05 10:56:04,573 SSH: 'Actual display used: :0'
2023-07-05 10:56:04,573 SSH: "Actual log file name is now: '/run/user/1000/xpra/0/server.log'"
2023-07-05 10:56:07,856 Warning: received cipher block,
2023-07-05 10:56:07,856 but we don't have a cipher to decrypt it with,
2023-07-05 10:56:07,856 not an xpra client?
2023-07-05 10:56:07,856 Error: failed to connect
2023-07-05 10:56:07,856 received uninterpretable nonsense: invalid encryption packet flag (no cipher configured): 0x50e33f0000000000
2023-07-05 10:56:07,856 b'P\xe3?\x00\x00\x00\x00\x00' (8 bytes)
2023-07-05 10:56:07,857 data: 'Pã?\x00\x00\x00\x00\x00'
2023-07-05 10:56:07,862 SSH EOF on stderr of run-xpra
2023-07-05 10:56:07,873 removing unix domain socket '/Users/roberto/.xpra/clients/RobertoBP132021.lan-26264'
Any chance that I can get the one-shot command to work from the server if I revert to not have openssl to load legacy providers?
to work issuing
xpra start :7
andDISPLAY=:7 Mathematica
Don't do that. Use this instead:
xpra start :7 --start=Mathematica
CRYPTOGRAPHY_OPENSSL_NO_LEGACY=1 xpra start ssh:d114 --start=xterm
there is a new error (..)b'P\xe3?\x00\x00\x00\x00\x00' (8 bytes)
Odd. This looks like a zero-length encrypted packet.
BTW, as per my examples, ssh:d114
is deprecated. Use ssh://d114/
Perhaps the problem comes from using the automatic display :0
, try specifying another one: ssh://HOST/DISPLAY
.
ie: ssh://d111/7
Finally had time to try out. The one-shot command from the client seems not to work no matter the variable CRYPTOGRAPHY_OPENSSL_NO_LEGACY
is set or not.
xpra start ssh://d114/9 --start=xterm
grep: /usr/share/locale/locale.alias: No such file or directory
xpra main error:
Traceback (most recent call last):
File "/Applications/Xpra.app/Contents/Resources/lib/python/xpra/scripts/main.py", line 156, in main
return run_mode(script_file, cmdline, err, options, args, mode, defaults)
File "/Applications/Xpra.app/Contents/Resources/lib/python/xpra/scripts/main.py", line 465, in run_mode
return do_run_mode(script_file, cmdline, error_cb, options, args, mode, defaults)
File "/Applications/Xpra.app/Contents/Resources/lib/python/xpra/scripts/main.py", line 476, in do_run_mode
return run_remote_server(script_file, cmdline, error_cb, options, args, mode, defaults)
File "/Applications/Xpra.app/Contents/Resources/lib/python/xpra/scripts/main.py", line 1917, in run_remote_server
params = parse_display_name(error_cb, opts, display_name, cmdline)
File "/Applications/Xpra.app/Contents/Resources/lib/python/xpra/scripts/parsing.py", line 482, in parse_display_name
ssh = parse_ssh_option(opts.ssh)
File "/Applications/Xpra.app/Contents/Resources/lib/python/xpra/scripts/parsing.py", line 661, in parse_ssh_option
import paramiko
File "/Applications/Xpra.app/Contents/Resources/lib/python/paramiko/__init__.py", line 22, in <module>
from paramiko.transport import (
File "/Applications/Xpra.app/Contents/Resources/lib/python/paramiko/transport.py", line 137, in <module>
class Transport(threading.Thread, ClosingContextManager):
File "/Applications/Xpra.app/Contents/Resources/lib/python/paramiko/transport.py", line 211, in Transport
if KexCurve25519.is_available():
File "/Applications/Xpra.app/Contents/Resources/lib/python/paramiko/kex_curve25519.py", line 30, in is_available
X25519PrivateKey.generate()
File "cryptography/hazmat/primitives/asymmetric/x25519.pyc", line 59, in generate
File "cryptography/hazmat/backends/openssl/__init__.pyc", line 7, in <module>
File "cryptography/hazmat/backends/openssl/backend.pyc", line 27, in <module>
File "cryptography/hazmat/bindings/openssl/binding.pyc", line 167, in <module>
File "cryptography/hazmat/bindings/openssl/binding.pyc", line 134, in init_static_locks
File "cryptography/hazmat/bindings/openssl/binding.pyc", line 123, in _ensure_ffi_initialized
File "cryptography/hazmat/bindings/openssl/binding.pyc", line 43, in _legacy_provider_error
RuntimeError: OpenSSL 3.0's legacy provider failed to load. This is a fatal error by default, but cryptography supports running without legacy algorithms by setting the environment variable CRYPTOGRAPHY_OPENSSL_NO_LEGACY. If you did not expect this error, you have likely made a mistake with your OpenSSL configuration.
CRYPTOGRAPHY_OPENSSL_NO_LEGACY=1 xpra start ssh://d114/9 --start=xterm
grep: /usr/share/locale/locale.alias: No such file or directory
(Xpra:41782): Gtk-CRITICAL **: 20:49:56.128: gtk_window_add_accel_group: assertion 'GTK_IS_WINDOW (window)' failed
2023-07-10 20:49:56,204 Xpra GTK3 client version 4.4.6-r29 64-bit
2023-07-10 20:49:56,244 running on Mac OS X 10.16
grep: /usr/share/locale/locale.alias: No such file or directory
grep: /usr/share/locale/locale.alias: No such file or directory
2023-07-10 20:50:00,287 GStreamer version 1.22.3
2023-07-10 20:50:00,312 created unix domain socket '/Users/roberto/.xpra/clients/DGTELA-033.personale.local-41782'
2023-07-10 20:50:01,062 Warning: vendor 'Intel Inc.' is greylisted,
2023-07-10 20:50:01,062 you may want to turn off OpenGL if you encounter bugs
2023-07-10 20:50:01,189 OpenGL enabled on 'Intel(R) Iris(TM) Plus Graphics OpenGL Engine'
2023-07-10 20:50:02,769 Connected (version 2.0, client OpenSSH_8.7)
2023-07-10 20:50:03,213 Authentication (publickey) failed.
2023-07-10 20:50:03,674 Authentication (publickey) successful!
2023-07-10 20:50:06,151 ssh server OS is 'linux-gnu'
(Xpra:41782): Gtk-CRITICAL **: 20:50:07.429: gtk_window_add_accel_group: assertion 'GTK_IS_WINDOW (window)' failed
2023-07-10 20:50:07,462 keyboard settings: layout=us
2023-07-10 20:50:07,470 desktop size is 1440x900:
2023-07-10 20:50:07,470 robertos-macbook-pro132021.local (381x238 mm - DPI: 96x96) workarea: 1395x875 at 45x25
2023-07-10 20:50:07,470 monitor 1 (285x179 mm - DPI: 128x128)
2023-07-10 20:50:07,477 SSH: ' * keychain 2.8.5 ~ http://www.funtoo.org'
2023-07-10 20:50:07,719 SSH: ' * Found existing ssh-agent: 27607'
2023-07-10 20:50:07,719 SSH: ' * Known ssh key: /home/roberto/.ssh/id_ed25519_SF'
2023-07-10 20:50:07,907 SSH: 'WARNING: low display number: 9'
2023-07-10 20:50:07,907 SSH: ' You are attempting to run the xpra server'
2023-07-10 20:50:07,907 SSH: " against a low X11 display number: ':9'"
2023-07-10 20:50:07,907 SSH: ' This is generally not what you want.'
2023-07-10 20:50:07,907 SSH: ' You should probably use a higher display number'
2023-07-10 20:50:07,908 SSH: ' just to avoid any confusion and this warning message.'
2023-07-10 20:50:08,502 SSH: 'Entering daemon mode; any further errors will be reported to:'
2023-07-10 20:50:08,503 SSH: " '/run/user/1000/xpra/9/server.log'"
2023-07-10 20:50:15,582 Warning: received cipher block,
2023-07-10 20:50:15,582 but we don't have a cipher to decrypt it with,
2023-07-10 20:50:15,582 not an xpra client?
2023-07-10 20:50:15,584 Error: failed to connect
2023-07-10 20:50:15,584 received uninterpretable nonsense: invalid encryption packet flag (no cipher configured): 0x50e33f0000000000
2023-07-10 20:50:15,585 b'P\xe3?\x00\x00\x00\x00\x00' (8 bytes)
2023-07-10 20:50:15,585 data: 'Pã?\x00\x00\x00\x00\x00'
2023-07-10 20:50:15,595 SSH EOF on stderr of run-xpra
2023-07-10 20:50:15,605 removing unix domain socket '/Users/roberto/.xpra/clients/DGTELA-033.personale.local-41782'
The one-shot command from the client seems not to work no matter ..
These are two completely unrelated errors.
2023-07-10 20:50:07,477 SSH: ' * keychain 2.8.5 ~ http://www.funtoo.org'
Where are these messages coming from?
2023-07-10 20:50:07,907 SSH: 'WARNING: low display number: 9'
Just like it tells you, don't use low display numbers and get rid of those warnings.
received uninterpretable nonsense: invalid encryption packet flag (no cipher configured): 0x50e33f0000000000 b'P\xe3?\x00\x00\x00\x00\x00' (8 bytes) data: 'Pã?\x00\x00\x00\x00\x00'
Your connection is producing junk data:
from xpra.net.protocol.header import unpack_header
unpack_header(b'P\xe3?\x00\x00\x00\x00\x00')
(b'P', 227, 63, 0, 0)
This is not an xpra packet. Something is polluting the ssh process's output.
Like I said before:
Or by first starting your server instance and then using xpra attach instead.
Just to give some info. On the server there is keychain running to ensure keys are brought up. I have tried with display number 19, still junk data
.
I am not sure what is special with my connection. that "produced junk". In any case, surprisingly, if I run the command a second time on the same display it works.
Just to give some info. On the server there is keychain running to ensure keys are brought up.
I don't know when it is launched or how, but perhaps this is why your stdout contains junk data.
I have tried with display number 19, still junk data.
Of course, this is only meant to remove the ugly warning, nothing else.
I am not sure what is special with my connection. that "produced junk". In any case, surprisingly, if I run the command a second time on the same display it works.
Clearly, something is getting launched the first time and polluting stdout.
Could be keychain
or something Xorg
related.
This is still usable, but not how intended. So let me try to help debug it. I have disabled keychain from my bashrc. Still same problem
>CRYPTOGRAPHY_OPENSSL_NO_LEGACY=1 xpra start ssh://d114/49 --start=xterm
grep: /usr/share/locale/locale.alias: No such file or directory
grep: /usr/share/locale/locale.alias: No such file or directory
(Xpra:45779): Gtk-CRITICAL **: 23:16:29.681: gtk_window_add_accel_group: assertion 'GTK_IS_WINDOW (window)' failed
2023-07-10 23:16:29,808 Xpra GTK3 client version 4.4.6-r29 64-bit
2023-07-10 23:16:29,855 running on Mac OS X 10.16
grep: /usr/share/locale/locale.alias: No such file or directory
2023-07-10 23:16:34,291 GStreamer version 1.22.3
2023-07-10 23:16:34,363 created unix domain socket '/Users/roberto/.xpra/clients/DGTELA-033.personale.local-45779'
2023-07-10 23:16:35,232 Warning: vendor 'Intel Inc.' is greylisted,
2023-07-10 23:16:35,232 you may want to turn off OpenGL if you encounter bugs
2023-07-10 23:16:35,367 OpenGL enabled on 'Intel(R) Iris(TM) Plus Graphics OpenGL Engine'
2023-07-10 23:16:37,189 Connected (version 2.0, client OpenSSH_8.7)
2023-07-10 23:16:37,859 Authentication (publickey) failed.
2023-07-10 23:16:38,385 Authentication (publickey) successful!
2023-07-10 23:16:39,334 ssh server OS is 'linux-gnu'
(Xpra:45779): Gtk-CRITICAL **: 23:16:40.347: gtk_window_add_accel_group: assertion 'GTK_IS_WINDOW (window)' failed
2023-07-10 23:16:40,408 keyboard settings: layout=us
2023-07-10 23:16:40,412 desktop size is 1440x900:
2023-07-10 23:16:40,413 robertos-macbook-pro132021.local (381x238 mm - DPI: 96x96) workarea: 1395x875 at 45x25
2023-07-10 23:16:40,413 monitor 1 (285x179 mm - DPI: 128x128)
2023-07-10 23:16:41,030 SSH: 'Entering daemon mode; any further errors will be reported to:'
2023-07-10 23:16:41,031 SSH: " '/run/user/1000/xpra/49/server.log'"
2023-07-10 23:16:48,208 Warning: received cipher block,
2023-07-10 23:16:48,209 but we don't have a cipher to decrypt it with,
2023-07-10 23:16:48,209 not an xpra client?
2023-07-10 23:16:48,210 Error: failed to connect
2023-07-10 23:16:48,211 received uninterpretable nonsense: invalid encryption packet flag (no cipher configured): 0x50e33f0000000000
2023-07-10 23:16:48,211 b'P\xe3?\x00\x00\x00\x00\x00' (8 bytes)
2023-07-10 23:16:48,211 data: 'Pã?\x00\x00\x00\x00\x00'
2023-07-10 23:16:48,227 SSH EOF on stderr of run-xpra
2023-07-10 23:16:48,256 removing unix domain socket '/Users/roberto/.xpra/clients/DGTELA-033.personale.local-45779'
So let me try to help debug it.
To debug this, just run the client with --ssh 'ssh -v' -d ssh
then cut&paste the ssh command line into a plain terminal.
It should try to run some _proxy_start
command, this command will exit with a "not an xpra packet" error if you enter a carriage return.
Perhaps the problem is only with the paramiko backend. In which case, a plain -d ssh
will show more details.
BTW, you should fix this:
grep: /usr/share/locale/locale.alias: No such file or directory
Something on your system is not configured properly.
I assume that this error is gone with the v5 builds.
I am using client 4.4.6 on Mac OS (installed from
pkg
) and server 4.4.4 on Almalinux installed from dnf with the repobaseurl=https://xpra.org/dists/almalinux/$releasever/$basearch/
. I get this error when issuingxpra start ssh:d114 --start=xterm
whered114
is an entry in my.ssh/config
file with a jump-host.I have made sure OpenSSL and not LibreSSL is MacOS PATH and I also modified the open SSL configuration on both server and client to load the legacy provider, as explained here.
Still I get the same error. I see that some recent versions changelog has items related to silencing SSL errors, maybe related?
I have seen this problem also changing my client to 3.1.5 (installed via
pkg
), but I do not get it if I use client 3.0.8 (of which I have a backup copy from and old install frompkg
ordmg
, can't remember) Any suggestion to debug/surpass this error?