search

aker-gateway / Aker

SSH bastion/jump host/jumpserver
Other
566 stars 81 forks source link

The second time can not be operated #88

Open zl opened 5 years ago

zl commented 5 years ago

When I log in to JumpServer(Aker Server), choose a server to log in, then exit, and go back to JumpServer, I can't operate any more. Cannot enter any content and direction keys.

anazmy commented 5 years ago

Can you attach debug logs while issue occurs and aker.ini for your setup please

zl commented 5 years ago

aker.ini

[General]
log_level = INFO
ssh_port = 22

# Identity Provider to determine the list of available hosts
# options shipped are IPA, Json. Default is IPA
idp = IPA
hosts_file = /etc/aker/hosts.json

# FreeIPA hostgroup name contatining Aker gateways
# to be excluded from hosts presented to user
gateway_group = ipaservers

aker.log

2019-03-28 15:41:03,892 - INFO - Core: Starting up, user=testuser from=111.222.333.444:55230
2019-03-28 15:41:03,892 - INFO - IdPFactory: trying dynamic loading of module : IPA
2019-03-28 15:41:04,289 - INFO - IPA: loaded
2019-03-28 15:41:04,338 - INFO - trying https://ipa.test.com/ipa/json
2019-03-28 15:41:04,338 - INFO - [try 1]: Forwarding 'schema' to json server 'https://ipa.test.com/ipa/json'
2019-03-28 15:41:05,243 - INFO - trying https://ipa.test.com/ipa/session/json
2019-03-28 15:41:05,245 - INFO - Hosts: loading hosts from cache
2019-03-28 15:41:10,032 - INFO - Core: Starting session UUID 8e25d0b0-bbf8-4b34-a6b2-20e8d0d83d40 for user testuser to host app1-runner.test.com
2019-03-28 15:41:10,033 - ERROR - Core: Invalid Private Key for user testuser :
2019-03-28 15:41:12,461 - INFO - Connected (version 2.0, client OpenSSH_7.4)
2019-03-28 15:41:12,794 - INFO - Authentication (keyboard-interactive) successful!
2019-03-28 15:41:14,991 - INFO - Core: Finished session UUID 8e25d0b0-bbf8-4b34-a6b2-20e8d0d83d40 for user testuser to host app1-runner.test.com
mordreneth commented 5 years ago

Can confirm this issue...

Install on Ubuntu 18.04, after first session ends, and returns to aker menu, screen freezes.

Install on Ubuntu 16.04, works as expected...

anazmy commented 5 years ago

Can you provide debug logs, where settings in aker.ini is:

log_level = DEBUG
AdamLeonSmith commented 3 years ago

I am also having this issue. I have two ways to reproduce:

  1. Log into a host via aker, exit the shell, it reverts to the aker UI but is frozen. Debug log:
2021-01-21 09:07:01,851 - DEBUG - [chan 0] EOF received (0)
2021-01-21 09:07:01,852 - DEBUG - [chan 0] EOF sent (0)
2021-01-21 09:07:01,852 - DEBUG - SSHClient: interactive session ending
2021-01-21 09:07:01,852 - INFO - Core: Finished session UUID 7e94ad29-a6fb-4221-88c8-fcb73fb45a62 for user asmith@corp.thepiccadillygroup.com to host 10.0.0.118
2021-01-21 09:07:01,952 - DEBUG - EOF in transport thread
2021-01-21 09:07:01,967 - DEBUG - TUI restored
2021-01-21 09:07:01,967 - DEBUG - TUI: Host search handler called with text 
2021-01-21 09:07:01,967 - DEBUG - TUI: host Mautic matches search text 
2021-01-21 09:07:01,967 - DEBUG - TUI: host PG Ehour Production matches search text 
2021-01-21 09:07:01,967 - DEBUG - TUI: host Finops matches search text
  1. Attempt to log into a host via aker, login fails for some reason, it reverts to the aker UI but is frozen:
  2. 
2021-01-21 09:07:01,851 - DEBUG - [chan 0] EOF received (0)
2021-01-21 09:07:01,852 - DEBUG - [chan 0] EOF sent (0)
2021-01-21 09:07:01,852 - DEBUG - SSHClient: interactive session ending
2021-01-21 09:07:01,852 - INFO - Core: Finished session UUID 7e94ad29-a6fb-4221-88c8-fcb73fb45a62 for user asmith@corp.thepiccadillygroup.com to host 10.0.0.118
2021-01-21 09:07:01,952 - DEBUG - EOF in transport thread
2021-01-21 09:07:01,967 - DEBUG - TUI restored
2021-01-21 09:07:01,967 - DEBUG - TUI: Host search handler called with text 
2021-01-21 09:07:01,967 - DEBUG - TUI: host Mautic matches search text 
2021-01-21 09:07:01,967 - DEBUG - TUI: host PG Ehour Production matches search text 
2021-01-21 09:07:01,967 - DEBUG - TUI: host Finops matches search text 


O/S:  Linux ip-10-0-14-186 5.4.0-1035-aws #37~18.04.1-Ubuntu SMP Wed Jan 6 22:31:04 UTC 2021 x86_64 x86_64 x86_64 GNU/Linux
anazmy commented 3 years ago

Hi @AdamLeonSmith

Thanks for the details, some questions to help looking into this

1- how is your dns setup, are all hosts resolvable? 2- which identity provider approach you're using, json or freeipa? 3- in case its json, is the actual hostname used in connection different from hostname shown on screen? 4- are you using a custom ssh port? 5- did you have an idea why ssh login is failing? 6- did I get what you're saying correctly, after a failed login (first or second time) the UI freezes? 7- all machines are Ubuntu 18.04?

AdamLeonSmith commented 3 years ago

1- how is your dns setup, are all hosts resolvable? I am using multiple internal DNS servers, but in the hosts.json I am specifying IP addresses rather than hosts. 2- which identity provider approach you're using, json or freeipa? JSON 3- in case its json, is the actual hostname used in connection different from hostname shown on screen? Yes, on screen is a human friendly label, in the hosts file is IP addresses 4- are you using a custom ssh port? Nope 5- did you have an idea why ssh login is failing? Yes, that isn't a concern per se. Note that this is also occuring where connection is successful and I exit the connected shell. 6- did I get what you're saying correctly, after a failed login (first or second time) the UI freezes? Yes, or after exiting a successful connection 7- all machines are Ubuntu 18.04? No, some are 20.x and some are Amazon LInux. The box running Aker is 18.04

Let me know if I can provide any additional logs or debug info!

Thanks, Adam

anazmy commented 3 years ago

Thanks Adam,

This helps in investigation. I just need the version of urwid you're using on Aker server

AdamLeonSmith commented 3 years ago

Urwid version 2.0.1

anazmy commented 3 years ago

I see, that rings a bell, and it is related to Urwid 2.X vs. 1.X and I can reproduce it.

Need to check further on that

EoleDev commented 3 years ago

Hi @anazmy, The patch I did at the beginning of the issue fix the problem on the urwid version 2.X (Was tested on 2.1.0 it seems). You reverted the patch to keep compatibility with urwid 1.X

My patch may help you find a way to handle the problem on 2.X, and maybe find a patch which allow all the versions of urwid to work.

AdamLeonSmith commented 3 years ago

A lower version of urwid is not available in APT, so I have applied the changes in PR #97. The issue is confirmed resolved, locally. Thanks @EoleDev @anazmy

anazmy commented 3 years ago

@AdamLeonSmith

I've been testing a patch to fix this issue and in the same time allow Aker to work with urwid 1.1 and later. I think the update I just pushed does that. Can you please test on your side and let me know how it goes?

anazmy commented 3 years ago

@EoleDev I missed your comment earlier, apologies.

That is exactly what I was after, and I think the latest commit provide that, if you or @AdamLeonSmith can test to confirm it is working fine on your side, that would be great.

AdamLeonSmith commented 3 years ago

Yes, it's working fine for me now from the phase0 branch