search

gjedeer / tuntox

Tunnel TCP connections over the Tox protocol
https://gdr.name/tuntox/
Other
344 stars 58 forks source link

ssh error #75

Closed artenax closed 6 months ago

artenax commented 6 months ago

When I run on the client:

sudo ssh -p 2222 denis@localhost I get on the server:

[INFO]  Got a request to forward data from 127.0.0.1:22
client: connect: Connection refused
[WARNING]   failed to connect to 127.0.0.1:22
[WARNING]   Could not connect to 127.0.0.1:22

and nothing, doesn't work.

I would like to use another computer's internet via proxy. Like commercial vpn offer.

artenax commented 6 months ago

The reason was that openssh-server was not installed on the server computer. https://phoenixnap.com/kb/ssh-connection-refused

sudo apt install openssh-server
sudo systemctl status sshd
ssh localhost

Now the ssh connection is established, but I don't know what to do with it or how to use the server internet.

gjedeer commented 6 months ago

I'm not sure tuntox is the best tool to use other computer's internet, but here's what you can do.

ssh -p 2222 -D 1234 denis@localhost

Then, set up your browser to use localhost:1234 as a SOCKS5 proxy:

image

It will only tunnel your web browser's traffic over tuntox.

artenax commented 6 months ago

The proxy server is refusing connections.

gjedeer commented 6 months ago

Do you have SSH running while you try to connect with Firefox? Does SSH work?

artenax commented 6 months ago

Do you have SSH running while you try to connect with Firefox? Does SSH work?

Client or server? There is silence in the client ssh terminal. Something is running with no status output. I try to make a request for some site through the browser. Exactly two minutes later the ssh connection is broken. In the logs after the triplet.

Server log (tuntox): [denis@alt ~]$ sudo LD_LIBRARY_PATH=/usr/local/lib64 tuntox -C /etc/tuntox 2024-05-10 21:51:26: [INFO] Tuntox built from git commit 54289f5c94db7d8c14d228eb8dd0ba90d20c33db, toxcore version 0.2.19 2024-05-10 21:51:26: [INFO] Using 63362 for TCP relay port and 44863-44873 for UDP 2024-05-10 21:51:26: [INFO] Could not find Tox bootstrap nodes. Using hardcoded. 2024-05-10 21:51:26: [WARNING] Shared secret authentication is not used - skilled attackers may connect to your tuntox server 2024-05-10 21:51:26: [INFO] Using Tox ID: DA3DFBA4C7E1D3FB4CA22FDE917E81672D71E983C0DA859496E17A42A331172C865E4BC95273 2024-05-10 21:51:35: [INFO] Connection status changed: An UDP connection has been established 2024-05-10 21:52:06: [INFO] Accepted friend request from 59723A13545EEB374F78D471E362EABF365237DCB752E68F885505513FA37A734A6EE6107ADE as 0 2024-05-10 21:52:34: [INFO] Got a request to forward data from 127.0.0.1:22 2024-05-10 21:52:34: [INFO] Created a new tunnel object connid=54299 sockfd=5 ... 2024-05-10 21:54:34: [WARNING] conn closed! 2024-05-10 21:54:34: [INFO] Deleting tunnel #54299 ptr 0x5652003ba640

Server log (sshd-server): [denis@alt ~]$ sudo systemctl status sshd ● sshd.service - OpenSSH server daemon Loaded: loaded (/lib/systemd/system/sshd.service; enabled; preset: enabled) Active: active (running) since Fri 2024-05-10 21:50:03 +07; 7min ago Process: 930 ExecStartPre=/usr/bin/ssh-keygen -A (code=exited, status=0/SUCCESS) Process: 936 ExecStartPre=/usr/sbin/sshd -t (code=exited, status=0/SUCCESS) Main PID: 953 (sshd) Tasks: 1 (limit: 522) Memory: 3.9M CPU: 138ms CGroup: /system.slice/sshd.service └─953 "sshd: /usr/sbin/sshd -D [listener] 0 of 10-100 startups"

мая 10 21:50:02 alt systemd[1]: Starting sshd.service - OpenSSH server daemon... мая 10 21:50:03 alt systemd[1]: Started sshd.service - OpenSSH server daemon.
мая 10 21:50:03 alt sshd[953]: Server listening on 127.0.0.1 port 22.
мая 10 21:54:34 alt sshd[1483]: fatal: Timeout before authentication for 127.0.0.1 port 36618

/etc/openssh/sshd_config: Port 22

AddressFamily any

ListenAddress 127.0.0.1

Server ssh localhost: [denis@alt ~]$ ssh localhost denis@localhost's password: Last login: Fri May 10 20:59:13 2024 from 127.0.0.1

artenax commented 6 months ago

Client log (tuntox): denis@systemp:~$ sudo tuntox -C /etc/tuntox -i DA3DFBA4C7E1D3FB4CA22FDE917E81672D71E983C0DA859496E17A42A331172C865E4BC95273 -L 2222:127.0.0.1:22 2024-05-10 21:51:52: [DEBUG] Server whitelist mode enabled 2024-05-10 21:51:52: [INFO] Tuntox built from git commit 54289f5c94db7d8c14d228eb8dd0ba90d20c33db, toxcore version 0.2.19 2024-05-10 21:51:52: [INFO] Using 49242 for TCP relay port and 65375-65385 for UDP 2024-05-10 21:51:52: [INFO] Could not find Tox bootstrap nodes. Using hardcoded. 2024-05-10 21:51:52: [INFO] Connecting to Tox... 2024-05-10 21:52:02: [INFO] Connection status changed: An UDP connection has been established 2024-05-10 21:52:02: [INFO] Connected. Sending friend request. 2024-05-10 21:52:02: [INFO] Waiting for friend to accept us... 2024-05-10 21:52:08: [INFO] Friend connection status changed to: An UDP connection has been established (2) 2024-05-10 21:52:08: [INFO] Friend request accepted (An UDP connection has been established)! 2024-05-10 21:52:34: [INFO] Accepting a new connection - requesting tunnel... 2024-05-10 21:52:34: [INFO] Sending packet to friend #0 to forward 127.0.0.1:22 2024-05-10 21:52:34: [INFO] Created a new tunnel object connid=54299 sockfd=5 2024-05-10 21:52:34: [INFO] Accepted a new connection on port 2222 sockfd 32 ... 2024-05-10 21:54:34: [INFO] Deleting tunnel #54299 ptr 0x5568dbe93960

Client log (ssh-client): denis@systemp:~$ ssh -p 2222 -D 1234 denis@localhost (nothing) ... Connection reset by 127.0.0.1 port 2222

Client log (sshd): denis@systemp:~$ sudo systemctl status sshd Unit sshd.service could not be found. ... sudo apt install openssh-server ... /etc/ssh/sshd_config: Port 22

AddressFamily any

ListenAddress 127.0.0.1

denis@systemp:~$ sudo systemctl restart sshd sudo systemctl status sshd ● ssh.service - OpenBSD Secure Shell server Loaded: loaded (/lib/systemd/system/ssh.service; enabled; vendor preset: enabled) Active: active (running) since Fri 2024-05-10 22:02:13 +07; 8min ago Docs: man:sshd(8) man:sshd_config(5) Process: 1580670 ExecStartPre=/usr/sbin/sshd -t (code=exited, status=0/SUCCESS) Main PID: 1580671 (sshd) Tasks: 1 (limit: 1962) Memory: 3.9M CPU: 154ms CGroup: /system.slice/ssh.service └─1580671 "sshd: /usr/sbin/sshd -D [listener] 0 of 10-100 startups"

мая 10 22:02:13 systemp systemd[1]: Starting OpenBSD Secure Shell server... мая 10 22:02:13 systemp sshd[1580671]: Server listening on 127.0.0.1 port 22. мая 10 22:02:13 systemp systemd[1]: Started OpenBSD Secure Shell server. мая 10 22:08:21 systemp sshd[1580919]: Connection closed by 127.0.0.1 port 50430 [preauth] мая 10 22:10:32 systemp sshd[1581046]: Connection closed by 127.0.0.1 port 50434 [preauth]

Client ssh localhost: @@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@ @ WARNING: REMOTE HOST IDENTIFICATION HAS CHANGED! @ @@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@ IT IS POSSIBLE THAT SOMEONE IS DOING SOMETHING NASTY! Someone could be eavesdropping on you right now (man-in-the-middle attack)! It is also possible that a host key has just been changed. The fingerprint for the ED25519 key sent by the remote host is SHA256:GnirMVmkHXn6HQN/ju+RNF5hAmzMRViHN8WAgzNEPNw. Please contact your system administrator. Add correct host key in /home/denis/.ssh/known_hosts to get rid of this message. Offending RSA key in /home/denis/.ssh/known_hosts:8 remove with: ssh-keygen -f "/home/denis/.ssh/knownhosts" -R "localhost" Host key for localhost has changed and you have requested strict checking. Host key verification failed. (This problem was solved by deleting $HOME/.ssh folder, but still no connection)_

artenax commented 6 months ago

I'm testing in a host (Xubuntu 22.04, systemp) and a virtual machine (ALT Linux LXQt Sisyphus, alt, NAT network). tuntox and toxcore are self-built new. The username is the same everywhere (denis). IP is of course the same, because the network is NAT (but I tried also connecting VPN in the virtual machine).

Xubuntu 22.04 (host) - client ALT (vm) - server

The client browser (Basilisk, socks5 proxy 127.0.0.1:1234, dns through socks) immediately shows an error: "The proxy server is refusing connections"

artenax commented 6 months ago

Here's how I compiled toxcore and tuntox: Installed: gcc g++ make cmake ninja-build git pkgconf libconfig-dev libsodium-dev libcap-dev nlohmann-json3-dev libjsoncpp-dev libopus-dev libvpx-dev libevent-dev libssl-dev

git clone https://github.com/TokTok/c-toxcore
cd c-toxcore
git submodule update --init
rm -rdf 1 && mkdir 1 && cd 1
cmake .. -G Ninja -DCMAKE_BUILD_TYPE=Release -DCMAKE_INSTALL_PREFIX=/usr/local -DENABLE_SHARED=ON -DENABLE_STATIC=OFF -DFULLY_STATIC=OFF -DBOOTSTRAP_DAEMON=ON -DDHT_BOOTSTRAP=ON -DAUTOTEST=OFF -DUNITTEST=OFF -DBUILD_TESTING=OFF -DBUILD_TOXAV=ON -DMUST_BUILD_TOXAV=OFF -DUSE_IPV6=ON
ninja -j1
sudo ninja install
sudo ldconfig
git clone https://github.com/gjedeer/tuntox
cd tuntox
# PREFIX changed to /usr/local in Makefile 
export PKG_CONFIG_PATH=/usr/local/lib64/pkgconfig:$PKG_CONFIG_PATH
make tuntox_nostatic
sudo PKG_CONFIG_PATH=/usr/local/lib64/pkgconfig make tuntox_nostatic install

I see that the command -L 2222:127.0.0.1:22 redirects 2222 client port to 22 server port. So using ssh is not necessary, right? I tried replacing ssh with the gost proxy running on the server on port 5555: Server: gost -L=0.0.0.0.0:5555

Client: tuntox -C /etc/tuntox -i ID -L 5556:127.0.0.1:5555 Client browser: socks5 127.0.0.1:5556

but still no connection. And this is even worse than ssh, which at least tried, judging by the logs.

I see that the ssh connection terminates with a timeout. But why?

I'm not sure tuntox is the best tool to use other computer's internet

Why? It works with toxvpn. It connects two computers via Tox and provides local IPs through which you can run any services. However, I don't see local IPs in tuntox. But the connection in toxvpn sometimes breaks (a friend goes offline, even though it is not).

artenax commented 6 months ago

Instead of my new build, I used your build (with toxcore 0.2.13) and it worked. There must be some incompatibility with the new toxcore. I also added TUNTOX_SHARED_SECRET=hello

ssh allows you to control another computer. I think it can be replaced by a proxy like gost. I think you should also specify in the documentation about the necessity to activate openssh-server and about the risks of default settings.

artenax commented 6 months ago

https://github.com/ginuerzh/gost/releases/download/v2.11.5/gost-linux-amd64-2.11.5.gz

Server (Terminal 1): gost -L=127.0.0.1:5555

Server (Terminal 2):

sudo mkdir -p /etc/tuntox
sudo TUNTOX_SHARED_SECRET=hello LD_LIBRARY_PATH=/usr/local/lib64 tuntox-old -C /etc/tuntox

Client:

sudo mkdir -p /etc/tuntox
sudo TUNTOX_SHARED_SECRET=hello tuntox-old -C /etc/tuntox -i DA3DFBA4C7E1D3... -L 5556:127.0.0.1:5555

Browser proxy: socks5 127.0.0.1:5556

ssh isn't necessary. gost is safer for internet sharing. You can use another utility instead of gost. Remember about port redirection (5556 > 5555). Below 1024 requires root. tuntox-old = tuntox LD_LIBRARY_PATH with official tuntox is not needed either.

gjedeer commented 6 months ago

From your logs, it looks like you get a lot of timeouts in the SSH session, so the link Tox formed between computers is probably very slow.

My build vs yours -> I don't know, maybe you had a different version of c-toxcore or tuntox on one of the machines? I don't get it.

The version in master branch of tuntox is a development one right now, I omited an important field in initial protocol design and am fixing it now. So anything built with master will not work with 0.0.x versions - the fix is not backwards comptabile.

artenax commented 5 months ago

tuntox/toxcore is the same on both systems, but new.

I have seen warning when they were different only once.