search

danfruehauf / NetworkManager-ssh

SSH VPN integration for NetworkManager
Other
253 stars 40 forks source link

Cannot connect with ssh agent #70

Closed lyp256 closed 6 years ago

lyp256 commented 6 years ago

debug output

Message: nm-ssh-service (version 1.2.0) starting... Message: real_need_secrets: connection ------------------------------------- connection id : "VPN 1" (s) uuid : "2db9fb18-c4e5-4938-9c09-802fa88ebe1b" (s) interface-name : NULL (sd) type : "vpn" (s) permissions : ["user:lyp:"] (s) autoconnect : FALSE (s) autoconnect-priority : 0 (sd) timestamp : 0 (sd) read-only : FALSE (sd) zone : NULL (sd) master : NULL (sd) slave-type : NULL (sd) autoconnect-slaves : ((NMSettingConnectionAutoconnectSlaves) NM_SETTING_CONNECTION_AUTOCONNECT_SLAVES_DEFAULT) (sd) secondaries : [] (s) gateway-ping-timeout : 0 (sd) metered : ((NMMetered) NM_METERED_UNKNOWN) (sd) lldp : -1 (sd) stable-id : NULL (sd)

ipv6 method : "auto" (s) dns : [] (s) dns-search : [] (s) dns-options : NULL (sd) dns-priority : 0 (sd) addresses : ((GPtrArray) 0x55b8ec245ce0) (s) gateway : NULL (sd) routes : ((GPtrArray) 0x55b8ec245d00) (s) route-metric : -1 (sd) ignore-auto-routes : FALSE (sd) ignore-auto-dns : FALSE (sd) dhcp-hostname : NULL (sd) dhcp-send-hostname : TRUE (sd) never-default : FALSE (sd) may-fail : TRUE (sd) dad-timeout : -1 (sd) dhcp-timeout : 0 (sd) ip6-privacy : ((NMSettingIP6ConfigPrivacy) NM_SETTING_IP6_CONFIG_PRIVACY_UNKNOWN) (sd) addr-gen-mode : 1 (sd) token : NULL (sd)

ipv4 method : "auto" (s) dns : [] (s) dns-search : [] (s) dns-options : NULL (sd) dns-priority : 0 (sd) addresses : ((GPtrArray) 0x55b8ec245e60) (s) gateway : NULL (sd) routes : ((GPtrArray) 0x55b8ec245da0) (s) route-metric : -1 (sd) ignore-auto-routes : FALSE (sd) ignore-auto-dns : FALSE (sd) dhcp-hostname : NULL (sd) dhcp-send-hostname : TRUE (sd) never-default : FALSE (sd) may-fail : TRUE (sd) dad-timeout : -1 (sd) dhcp-timeout : 0 (sd) dhcp-client-id : NULL (sd) dhcp-fqdn : NULL (sd)

vpn service-type : "org.freedesktop.NetworkManager.ssh" (s) user-name : NULL (sd) persistent : FALSE (sd) data : ((GHashTable) 0x55b8ec24d4c0) (s) secrets : ((GHashTable) 0x55b8ec24d520) (s) timeout : 0 (sd)

** Message: real_need_secrets: connection ------------------------------------- connection id : "VPN 1" (s) uuid : "2db9fb18-c4e5-4938-9c09-802fa88ebe1b" (s) interface-name : NULL (sd) type : "vpn" (s) permissions : ["user:lyp:"] (s) autoconnect : FALSE (s) autoconnect-priority : 0 (sd) timestamp : 0 (sd) read-only : FALSE (sd) zone : NULL (sd) master : NULL (sd) slave-type : NULL (sd) autoconnect-slaves : ((NMSettingConnectionAutoconnectSlaves) NM_SETTING_CONNECTION_AUTOCONNECT_SLAVES_DEFAULT) (sd) secondaries : [] (s) gateway-ping-timeout : 0 (sd) metered : ((NMMetered) NM_METERED_UNKNOWN) (sd) lldp : -1 (sd) stable-id : NULL (sd)

ipv6 method : "auto" (s) dns : [] (s) dns-search : [] (s) dns-options : NULL (sd) dns-priority : 0 (sd) addresses : ((GPtrArray) 0x55b8ec245ce0) (s) gateway : NULL (sd) routes : ((GPtrArray) 0x55b8ec245e60) (s) route-metric : -1 (sd) ignore-auto-routes : FALSE (sd) ignore-auto-dns : FALSE (sd) dhcp-hostname : NULL (sd) dhcp-send-hostname : TRUE (sd) never-default : FALSE (sd) may-fail : TRUE (sd) dad-timeout : -1 (sd) dhcp-timeout : 0 (sd) ip6-privacy : ((NMSettingIP6ConfigPrivacy) NM_SETTING_IP6_CONFIG_PRIVACY_UNKNOWN) (sd) addr-gen-mode : 1 (sd) token : NULL (sd)

ipv4 method : "auto" (s) dns : [] (s) dns-search : [] (s) dns-options : NULL (sd) dns-priority : 0 (sd) addresses : ((GPtrArray) 0x55b8ec245ca0) (s) gateway : NULL (sd) routes : ((GPtrArray) 0x7fa854001340) (s) route-metric : -1 (sd) ignore-auto-routes : FALSE (sd) ignore-auto-dns : FALSE (sd) dhcp-hostname : NULL (sd) dhcp-send-hostname : TRUE (sd) never-default : FALSE (sd) may-fail : TRUE (sd) dad-timeout : -1 (sd) dhcp-timeout : 0 (sd) dhcp-client-id : NULL (sd) dhcp-fqdn : NULL (sd)

vpn service-type : "org.freedesktop.NetworkManager.ssh" (s) user-name : "lyp" (s) persistent : FALSE (sd) data : ((GHashTable) 0x55b8ec24d400) (s) secrets : ((GHashTable) 0x7fa8540052a0) (s) timeout : 0 (sd)

** Message: real_need_secrets: connection ------------------------------------- connection id : "VPN 1" (s) uuid : "2db9fb18-c4e5-4938-9c09-802fa88ebe1b" (s) interface-name : NULL (sd) type : "vpn" (s) permissions : ["user:lyp:"] (s) autoconnect : FALSE (s) autoconnect-priority : 0 (sd) timestamp : 0 (sd) read-only : FALSE (sd) zone : NULL (sd) master : NULL (sd) slave-type : NULL (sd) autoconnect-slaves : ((NMSettingConnectionAutoconnectSlaves) NM_SETTING_CONNECTION_AUTOCONNECT_SLAVES_DEFAULT) (sd) secondaries : [] (s) gateway-ping-timeout : 0 (sd) metered : ((NMMetered) NM_METERED_UNKNOWN) (sd) lldp : -1 (sd) stable-id : NULL (sd)

ipv6 method : "auto" (s) dns : [] (s) dns-search : [] (s) dns-options : NULL (sd) dns-priority : 0 (sd) addresses : ((GPtrArray) 0x7fa854001300) (s) gateway : NULL (sd) routes : ((GPtrArray) 0x7fa854001300) (s) route-metric : -1 (sd) ignore-auto-routes : FALSE (sd) ignore-auto-dns : FALSE (sd) dhcp-hostname : NULL (sd) dhcp-send-hostname : TRUE (sd) never-default : FALSE (sd) may-fail : TRUE (sd) dad-timeout : -1 (sd) dhcp-timeout : 0 (sd) ip6-privacy : ((NMSettingIP6ConfigPrivacy) NM_SETTING_IP6_CONFIG_PRIVACY_UNKNOWN) (sd) addr-gen-mode : 1 (sd) token : NULL (sd)

ipv4 method : "auto" (s) dns : [] (s) dns-search : [] (s) dns-options : NULL (sd) dns-priority : 0 (sd) addresses : ((GPtrArray) 0x7fa854001320) (s) gateway : NULL (sd) routes : ((GPtrArray) 0x7fa854001300) (s) route-metric : -1 (sd) ignore-auto-routes : FALSE (sd) ignore-auto-dns : FALSE (sd) dhcp-hostname : NULL (sd) dhcp-send-hostname : TRUE (sd) never-default : FALSE (sd) may-fail : TRUE (sd) dad-timeout : -1 (sd) dhcp-timeout : 0 (sd) dhcp-client-id : NULL (sd) dhcp-fqdn : NULL (sd)

vpn service-type : "org.freedesktop.NetworkManager.ssh" (s) user-name : "lyp" (s) persistent : FALSE (sd) data : ((GHashTable) 0x7fa854004de0) (s) secrets : ((GHashTable) 0x7fa8540052a0) (s) timeout : 0 (sd)

Message: Using known_hosts at: '/home/lyp/.ssh/known_hosts' Message: -o Message: ServerAliveInterval=10 Message: -o Message: TCPKeepAlive=yes sh: 1: Syntax error: Bad fd number Message: ssh started with pid 22006 ** Message: OpenSSH_7.4p1 Ubuntu-10, OpenSSL 1.0.2g 1 Mar 2016

** Message: debug1: Reading configuration data /etc/ssh/ssh_config

* Message: debug1: /etc/ssh/ssh_config line 19: Applying options for

** Message: debug1: Connecting to to.lyp256.cn [69.171.70.2] port 22.

** Message: debug1: Connection established.

** Message: debug1: permanently_set_uid: 0/0

** Message: debug1: key_load_public: No such file or directory

** Message: debug1: identity file /root/.ssh/id_rsa type -1

** Message: debug1: key_load_public: No such file or directory

** Message: debug1: identity file /root/.ssh/id_rsa-cert type -1

** Message: debug1: key_load_public: No such file or directory

** Message: debug1: identity file /root/.ssh/id_dsa type -1

** Message: debug1: key_load_public: No such file or directory

** Message: debug1: identity file /root/.ssh/id_dsa-cert type -1

** Message: debug1: key_load_public: No such file or directory

** Message: debug1: identity file /root/.ssh/id_ecdsa type -1

** Message: debug1: key_load_public: No such file or directory

** Message: debug1: identity file /root/.ssh/id_ecdsa-cert type -1

** Message: debug1: key_load_public: No such file or directory

** Message: debug1: identity file /root/.ssh/id_ed25519 type -1

** Message: debug1: key_load_public: No such file or directory

** Message: debug1: identity file /root/.ssh/id_ed25519-cert type -1

** Message: debug1: Enabling compatibility mode for protocol 2.0

** Message: debug1: Local version string SSH-2.0-OpenSSH_7.4p1 Ubuntu-10

** Message: debug1: Remote protocol version 2.0, remote software version OpenSSH_7.4

* Message: debug1: match: OpenSSH_7.4 pat OpenSSH compat 0x04000000

** Message: debug1: Authenticating to to.lyp256.cn:22 as 'root'

** Message: debug1: SSH2_MSG_KEXINIT sent

** Message: debug1: SSH2_MSG_KEXINIT received

** Message: debug1: kex: algorithm: curve25519-sha256

** Message: debug1: kex: host key algorithm: ecdsa-sha2-nistp256

** Message: debug1: kex: server->client cipher: chacha20-poly1305@openssh.com MAC: compression: none

** Message: debug1: kex: client->server cipher: chacha20-poly1305@openssh.com MAC: compression: none

** Message: debug1: expecting SSH2_MSG_KEX_ECDH_REPLY

** Message: debug1: Server host key: ecdsa-sha2-nistp256 SHA256:/4juzLbEtvX/clEwn0lADDB5nhTkXWBMKgg+TANe7bo

** Message: debug1: Host 'to.lyp256.cn' is known and matches the ECDSA host key.

** Message: debug1: Found key in /home/lyp/.ssh/known_hosts:1

** Message: debug1: rekey after 134217728 blocks

** Message: debug1: SSH2_MSG_NEWKEYS sent

** Message: debug1: expecting SSH2_MSG_NEWKEYS

** Message: debug1: SSH2_MSG_NEWKEYS received

** Message: debug1: rekey after 134217728 blocks

** Message: debug1: SSH2_MSG_EXT_INFO received

** Message: debug1: kex_input_ext_info: server-sig-algs=<rsa-sha2-256,rsa-sha2-512>

** Message: debug1: SSH2_MSG_SERVICE_ACCEPT received

** Message: debug1: Authentications that can continue: publickey,gssapi-keyex,gssapi-with-mic,password

** Message: debug1: Next authentication method: password

** Message: debug1: Authentication succeeded (password).

** Message: Authenticated to to.lyp256.cn ([69.171.70.2]:22).

** Message: debug1: Requesting tun unit 0 in mode 2

** Message: debug1: sys_tun_open: tap0 mode 2 fd 4

** Message: debug1: channel 0: new [tun]

** Message: debug1: channel 1: new [client-session]

** Message: debug1: Requesting no-more-sessions@openssh.com

** Message: debug1: Entering interactive session.

** Message: debug1: pledge: network

** Message: debug1: client_input_global_request: rtype hostkeys-00@openssh.com want_reply 0

(nm-ssh-service:21982): WARNING : Tunnel device open failed on remote server.

(nm-ssh-service:21982): WARNING : Make sure you have privileges to open tun/tap devices and that your SSH server is configured with 'PermitTunnel=yes' Message: Terminated ssh daemon with PID 22006. Message: debug1: Remote: Server has rejected tunnel device forwarding

** Message: channel 0: open failed: administratively prohibited: open failed

** Message: debug1: Sending environment.

Message: Not starting local timer because plugin is in STOPPED state Message: debug1: Sending command: /sbin/ifconfig tap100 inet 172.16.40.1 netmask 255.255.255.252 pointopoint 172.16.40.2 mtu 1200;

** Message: debug1: channel 0: free: tun, nchannels 2

(nm-ssh-service:21982): WARNING : ssh died with signal 15

lyp256 commented 6 years ago

Because I'm not good at English, I can't give too much detail

danfruehauf commented 6 years ago

So, looks like authentication succeeded, but not with ssh-agent:

** Message: debug1: Authentication succeeded (password).

However, looks like you need to enable tunneling on the server side:

** (nm-ssh-service:21982): WARNING **: Make sure you have privileges to open tun/tap devices and that your SSH server is configured with 'PermitTunnel=yes'
** Message: Terminated ssh daemon with PID 22006.
** Message: debug1: Remote: Server has rejected tunnel device forwarding

So what exactly is the problem?

lyp256 commented 6 years ago

@danfruehauf Thank you, according to your prompt, I modified the server configuration, has been able to connect successfully, thank you very much

danfruehauf commented 6 years ago

I assume we can close this?