search

hierynomus / sshj

ssh, scp and sftp for java
Apache License 2.0
2.51k stars 601 forks source link

Problem trying out #337 Tunnelling Pull Request #494

Closed dhubbard-ic closed 5 years ago

dhubbard-ic commented 5 years ago

Hi

I am trying out #337 and have cloned liff:jumping branch, which includes this commit

Trying this against Centos 7.6.1810 with OpenSSH 7.4 server (openssh-7.4p1-16.el7) - with an abridged version of Jump example - only changes made were to include using PromiscuousVerifier() and loadKeys() as on Windows rather than external ssh known_hosts etc.

The initial connect works but on I got the following:

[main] INFO net.schmizz.sshj.transport.random.BouncyCastleRandom - Generating random seed from SecureRandom.
About to connect
[main] INFO net.schmizz.sshj.transport.TransportImpl - Client identity string: SSH-2.0-SSHJ_0.21.2_SNAPSHOT
[main] INFO net.schmizz.sshj.transport.TransportImpl - Server identity string: SSH-2.0-OpenSSH_7.4
Done connect
About to Do a new direct connect
[reader] ERROR net.schmizz.sshj.transport.TransportImpl - Dying because - Unexpected: SSH_MSG_UNIMPLEMENTED
net.schmizz.sshj.common.SSHException: [PROTOCOL_ERROR] Unexpected: SSH_MSG_UNIMPLEMENTED
    at net.schmizz.sshj.AbstractService.notifyUnimplemented(AbstractService.java:63)
    at net.schmizz.sshj.transport.TransportImpl.gotUnimplemented(TransportImpl.java:579)
    at net.schmizz.sshj.transport.TransportImpl.handle(TransportImpl.java:514)
    at net.schmizz.sshj.transport.Decoder.decodeMte(Decoder.java:159)
    at net.schmizz.sshj.transport.Decoder.decode(Decoder.java:79)
    at net.schmizz.sshj.transport.Decoder.received(Decoder.java:231)
    at net.schmizz.sshj.transport.Reader.run(Reader.java:59)
[reader] INFO net.schmizz.sshj.transport.TransportImpl - Disconnected - PROTOCOL_ERROR
Exception in thread "main" net.schmizz.sshj.connection.ConnectionException: Timeout expired
    at net.schmizz.sshj.connection.ConnectionException$1.chain(ConnectionException.java:32)
    at net.schmizz.sshj.connection.ConnectionException$1.chain(ConnectionException.java:26)
    at net.schmizz.concurrent.Promise.retrieve(Promise.java:139)
    at net.schmizz.concurrent.Event.await(Event.java:105)
    at net.schmizz.sshj.connection.channel.direct.AbstractDirectChannel.open(AbstractDirectChannel.java:58)
    at net.schmizz.sshj.SSHClient.newDirectConnection(SSHClient.java:685)
    at net.schmizz.sshj.examples.Jump.main(Jump.java:32)
Caused by: java.util.concurrent.TimeoutException: Timeout expired
    ... 5 more

Is this intended to support OpenSSH? and is there any expectation on server SSH version ? From what I read ProxyJump support was added in OpenSSH 7.3.

I apologise if this is the wrong place to post, but liff/sshj is not open for issues.

BTW - the "Client identity string: SSH-2.0-SSHJ_0.21.2_SNAPSHOT" label shows wrong version - this seems to come from a setting in the liff/sshj repo - I am not a gradle person so could not see a way of making this align with the version in hierynoums/sshj .

For completeness here is my version of Jump code

public class Jump {
    public static void main(String... args)
            throws IOException {
        SSHClient firstHop = new SSHClient();
        firstHop.addHostKeyVerifier(new PromiscuousVerifier());

        String keyFile = "C:\\Keys\\MyLaptop.pem";            

        System.out.println("About to connect");
        firstHop.loadKeys(keyFile);
        firstHop.connect("192.168.13.71");
        try {
            System.out.println("Done connect");

            System.out.println("About to Do a new direct connect");
            DirectConnection tunnel = firstHop.newDirectConnection("localhost", 22);
            System.out.println("Done direct connect");

            SSHClient ssh = new SSHClient();
            try {
                System.out.println("Done direct connect");
                ssh.addHostKeyVerifier(new PromiscuousVerifier());
                ssh.loadKeys(keyFile);
                ssh.connectVia(tunnel);
                System.out.println("Done connect via Tunnel");

                final Session session = ssh.startSession();
                try {
                    final Session.Command cmd = session.exec("ping -c 1 google.com");
                    System.out.println(IOUtils.readFully(cmd.getInputStream()).toString());
                    cmd.join(5, TimeUnit.SECONDS);
                    System.out.println("\n** exit status: " + cmd.getExitStatus());
                } finally {
                    session.close();
                }
            }
            catch (Exception ex) {
                ex.printStackTrace();
            } finally {
                ssh.disconnect();
            }
        } finally {
            firstHop.disconnect();
        }
    }
}
dhubbard-ic commented 5 years ago

Hold off on this - I suspect this may be because my initial connect logic - just via key is incorrect - the "preauth" in the following probably means the session isn't logged in correctly.

Mar  9 20:33:10 localhost sshd[11339]: debug3: receive packet: type 90 [preauth]
Mar  9 20:33:10 localhost sshd[11339]: dispatch_protocol_error: type 90 seq 3 [preauth]
Mar  9 20:33:10 localhost sshd[11339]: debug3: send packet: type 3 [preauth]
Mar  9 20:33:10 localhost sshd[11339]: debug3: receive packet: type 1 [preauth]
Mar  9 20:33:10 localhost sshd[11339]: error: Received disconnect from 192.168.13.1 port 64332:2: Unexpected: SSH_MSG_UNIMPLEMENT

I will retry and update/close as appropriate

dhubbard-ic commented 5 years ago

It was my mistake - I adapted the Jump sample and managed to remove the authPublicKey method - hence not authorised - just a bit confused by no "no authenticated" type error.

I will close this.

Here is my adaption which works 

public class Jump {
    public static void main(String... args)
            throws IOException {

        SSHClient firstHop = new SSHClient();
        firstHop.addHostKeyVerifier(new PromiscuousVerifier());

        String keyFile = "C:\\Keys\\MyLaptop.pem";            

        System.out.println("About to connect");
        firstHop.connect("192.168.13.71");

        try {
            String user = "user";

            firstHop.authPublickey(user, new String[] { keyFile });        
            System.out.println("Done connect");

            System.out.println("About to Do a new direct connect");
            DirectConnection tunnel = firstHop.newDirectConnection("localhost", 22);
            System.out.println("Done direct connect");

            SSHClient ssh = new SSHClient();
            try {
                System.out.println("Done direct connect");
                ssh.addHostKeyVerifier(new PromiscuousVerifier());
                ssh.connectVia(tunnel);                
                ssh.authPublickey(user, new String[] { keyFile });   

                System.out.println("Done connect via Tunnel");

                final Session session = ssh.startSession();
                try {
                    final Session.Command cmd = session.exec("ping -c 1 google.com");
                    System.out.println(IOUtils.readFully(cmd.getInputStream()).toString());
                    cmd.join(5, TimeUnit.SECONDS);
                    System.out.println("\n** exit status: " + cmd.getExitStatus());
                } finally {
                    session.close();
                }
            }
            catch (Exception ex) {
                ex.printStackTrace();
            } finally {
                ssh.disconnect();
            }
        } finally {
            firstHop.disconnect();
        }
    }

}

Output

[main] INFO net.schmizz.sshj.transport.random.BouncyCastleRandom - Generating random seed from SecureRandom.
About to connect
[main] INFO net.schmizz.sshj.transport.TransportImpl - Client identity string: SSH-2.0-SSHJ_0.21.2_SNAPSHOT
[main] INFO net.schmizz.sshj.transport.TransportImpl - Server identity string: SSH-2.0-OpenSSH_7.4
Done connect
About to Do a new direct connect
Done direct connect
[main] INFO net.schmizz.sshj.transport.random.BouncyCastleRandom - Generating random seed from SecureRandom.
Done direct connect
[main] INFO net.schmizz.sshj.transport.TransportImpl - Client identity string: SSH-2.0-SSHJ_0.21.2_SNAPSHOT
[main] INFO net.schmizz.sshj.transport.TransportImpl - Server identity string: SSH-2.0-OpenSSH_7.4
Done connect via Tunnel
PING google.com (216.58.214.14) 56(84) bytes of data.
64 bytes from lhr26s05-in-f14.1e100.net (216.58.214.14): icmp_seq=1 ttl=52 time=30.2 ms

--- google.com ping statistics ---
1 packets transmitted, 1 received, 0% packet loss, time 0ms
rtt min/avg/max/mdev = 30.256/30.256/30.256/0.000 ms

** exit status: 0
[main] INFO net.schmizz.sshj.transport.TransportImpl - Disconnected - BY_APPLICATION
[main] INFO net.schmizz.sshj.transport.TransportImpl - Disconnected - BY_APPLICATION