Closed FStefanni closed 6 months ago
We don't support NixOS distribution. Therefore, we can't exactly tell what is missing. Feel free to propose a list of requirements if you are able to get it working.
I am having the same issue whenever trying to access my machine via a browser rendered ssh terminal. The whole script of logs is pretty much same as the above.
Whenever I try to access my ssh application in browser, I am greeted with the following view:
The error arises after a successful request to /cert_sign
has been made. The /cert_sign
returns a shining 200 with certificate in its response.
Uncaught (in promise) Error: [FATAL] ../../src/ssh/session.cc(230): libssh2_session_handshake(session_, 0 ) rc=-5
a https://ssh-beidou-sus.ueuie.dev/JZ4D45Y6.js:1
poll https://ssh-beidou-sus.ueuie.dev/JZ4D45Y6.js:65
initialize https://ssh-beidou-sus.ueuie.dev/JZ4D45Y6.js:65
onopen https://ssh-beidou-sus.ueuie.dev/JZ4D45Y6.js:65
Co https://ssh-beidou-sus.ueuie.dev/JZ4D45Y6.js:65
create https://ssh-beidou-sus.ueuie.dev/JZ4D45Y6.js:65
createTransport https://ssh-beidou-sus.ueuie.dev/JZ4D45Y6.js:65
componentDidMount https://ssh-beidou-sus.ueuie.dev/JZ4D45Y6.js:65
Kp https://ssh-beidou-sus.ueuie.dev/JZ4D45Y6.js:8
Kp https://ssh-beidou-sus.ueuie.dev/JZ4D45Y6.js:8
Kp https://ssh-beidou-sus.ueuie.dev/JZ4D45Y6.js:8
an https://ssh-beidou-sus.ueuie.dev/JZ4D45Y6.js:8
bd https://ssh-beidou-sus.ueuie.dev/JZ4D45Y6.js:1
H0 https://ssh-beidou-sus.ueuie.dev/JZ4D45Y6.js:27
<anonymous> https://ssh-beidou-sus.ueuie.dev/JZ4D45Y6.js:65
<anonymous> https://ssh-beidou-sus.ueuie.dev/JZ4D45Y6.js:65
JZ4D45Y6.js:1:3263
onopen https://ssh-beidou-sus.ueuie.dev/JZ4D45Y6.js:65
AsyncFunctionThrow self-hosted:856
(Async: async)
Co https://ssh-beidou-sus.ueuie.dev/JZ4D45Y6.js:65
create https://ssh-beidou-sus.ueuie.dev/JZ4D45Y6.js:65
AsyncFunctionNext self-hosted:852
(Async: async)
createTransport https://ssh-beidou-sus.ueuie.dev/JZ4D45Y6.js:65
componentDidMount https://ssh-beidou-sus.ueuie.dev/JZ4D45Y6.js:65
Kp https://ssh-beidou-sus.ueuie.dev/JZ4D45Y6.js:8
some self-hosted:137
Kp https://ssh-beidou-sus.ueuie.dev/JZ4D45Y6.js:8
some self-hosted:137
Kp https://ssh-beidou-sus.ueuie.dev/JZ4D45Y6.js:8
an https://ssh-beidou-sus.ueuie.dev/JZ4D45Y6.js:8
bd https://ssh-beidou-sus.ueuie.dev/JZ4D45Y6.js:1
H0 https://ssh-beidou-sus.ueuie.dev/JZ4D45Y6.js:27
<anonymous> https://ssh-beidou-sus.ueuie.dev/JZ4D45Y6.js:65
<anonymous> https://ssh-beidou-sus.ueuie.dev/JZ4D45Y6.js:65
The communication that took place via the websocket connection.
-> SSH-2.0-libssh2_1.9.0_DEV <- SSH-2.0-OpenSSH_9.6 -> forth.txt <- back.txt
The tunnel connection is trying to communicate with sshd
, but fails eventually and reports about mismatched macs.
Mai 07 20:19:18 beidou sshd[5155]: Unable to negotiate with ::1 port 49422: no matching MAC found. Their offer: hmac-sha2-256,hmac-sha2-512 [preauth]
Logs printed by cloudflared
are similar to these of the above.
2024-03-06T10:44:48Z DBG downstream->upstream copy: stream 5 canceled by local with error code 0 connIndex=0 destAddr=ssh://localhost:22 event=1 ingressRule=1 originService=ssh://localhost:22
And just as with @FStefanni's issue, it works fine (rendereing of an http page, ssh via console, etc.) except for the SSH rendered via browser. I am leaving this bit of more detailed log script of this particular issue as it is quite notorious to debug and having more keywords to grip to is certainly useful.
As to the cause of the issue, I will investigate of how cloudflare's access ssh
proxy and cloudflare's communication with browser rendered terminal differ. Maybe libssh
and openssh
cause the problem.
I would greatly appreciate help from someone from cloudflare community who may already had to deal with a similar or the exact same issue themselves.
Regards
P.S.: There is a related community issue regarding Support old ssh kex and ciphers in web render.
Also experiencing this same issue on NixOS... :(
Available Documentation
https://developers.cloudflare.com/cloudflare-one/connections/connect-networks/get-started/
Suggested Documentation
Requisites for running cloudflared successfully with all its features. These includes, but are not limited to:
Additional context
I am trying to create a tunnel from a NixOS instance, and it works fine (rendereing of an http page, ssh via console, etc.) except for the SSH rendered via browser. The command I use is:
If I try to use the same command and token from Debian, everything works. So what I suppose is that there is a difference in the NixOS configuration (maybe about sshd) that create the issue, but since no documentation about the setup is truly available, I am unable to understand what the issue truly is.
Just to let you know the error, this is what the browser console prints:
And this is the error that
cloudflared
prints:Regards