Open freebrowser1 opened 1 year ago
Same here. The problem is, I believe, that the sftp-server dies immediately after being called. If you call the sftp-server manually, you get:
# /usr/lib/ssh/sftp-server -e
unable to make the process undumpable
...and the sftp server exits immediately. If I get it right, then the relevant prctl is not available. One way out would probably be compiling a suitable sftp server, by changing in sftp_server.c
platform_disable_tracing(1); /* strict */
to
platform_disable_tracing(0); /* not strict */
Unfortunately, the choice strict/not strict cannot be made with ssh options.
Yes. this works.
$ scp out wuebbel@ipad-von-frank-2:
out 100% 385KB 1.6MB/s 00:00
The only thing I changed was
iPad-von-Frank-2:~/openssh-portable# grep platform_disable sftp-server.c
platform_disable_tracing(0); /* strict */
@wuebbel: what did you change ? You used an sftp client 'openssh-portable' ?
Does it have to do with that sftp-server uses SHA-1 instead of the usual SHA-2 RSA keys ? If yes, can there be a SHA-2 variant which complies with most usual clients ?
@freebrowser1 No. I think you are completely on the wrong track. As I wrote above, call the sftp-server executable directly in ish. If it returns immediately, that is your problem. In this case, you have the option of either convincing the ish developers not to throw an error when an executable tries to protect itself, or compile your own sftp-server. To do the latter, you need to pull the original ssh sources, make the change mentioned above in sftp-server.c, compile, install, and add the newly installed sftp server to sshd_config. Note that by default this installs to /usr/local, so it will not overwrite your existing ssh distribution. Something along the lines of (from my .ash_history)
apk add openssh-sftp-server gcc autoconf git automake musl-dev zlib-dev openssl openssl-dev make
git config --global pack.threads "1"
git clone --depth 10 https://github.com/openssh/openssh-portable.git
cd openssh-portable
vi sftp-server.c
autoreconf
./configure
make
make install
vi /etc/ssh/sshd_config
Note that this will install a newer version of ssh, but it seems to work anyway.
Thanks for your effort, but it did not work.
apk add openssh-sftp-server gcc autoconf git automake musl-dev zlib-dev openssl openssl-dev make
git config --global pack.threads "1"
git clone --depth 10 https://github.com/openssh/openssh-portable.git
cd openssh/portable
Appeared to be openssh-portable
vi sftp-server.c
What should be changed here ?
./configure
This does not exist but there is a ./configure.ac
.
make
make install
vi /etc/ssh/sshd_config
@freebrowser1 Change the line I mentioned in the first post.
by changing in sftp_server.c
` platform_disable_tracing(1); / strict /
to
platform_disable_tracing(0); /* not strict */
I missed an "autoreconf" in my .ash_history. You'd better follow the instructions in the git, though. I'll add the autoreconf to my instructions.
@wuebbel
Thanks. Yesterday I forgot to run autoreconf
and now I did everything again, using these commands:
apk add openssh-sftp-server gcc autoconf git automake musl-dev zlib-dev openssl openssl-dev make
git config --global pack.threads "1"
git clone --depth 10 https://github.com/openssh/openssh-portable.git
cd openssh-portable
vi sftp-server.c
autoreconf
./configure
make
make install
It compiled until make install
which did compile several files but errored out at:
_SOURCE -D_GNU_SOURCE -DSSHDIR=\"/usr/local/etc\" -D_PATH_SSH_PROGRAM=\"/usr/local/bin/ssh\" -D_PATH_SSH_ASKPASS_DEFAULT=\"/usr/local/libexec/ssh-askpass\" -D_PATH_SFTP_SERVER=\"/usr/local/libexec/sftp-server\" -D_PATH_SSH_KEY_SIGN=\"/usr/local/libexec/ssh-keysign\" -D_PATH_SSH_PKCS11_HELPER=\"/usr/local/libexec/ssh-pkcs11-helper\" -D_PATH_SSH_SK_HELPER=\"/usr/local/libexec/ssh-sk-helper\" -D_PATH_SSH_PIDDIR=\"/var/run\" -D_PATH_PRIVSEP_CHROOT_DIR=\"/var/empty\" -DHAVE_CONFIG_H -c ssh-sk-client.c -o ssh-sk-client.o
cc -o ssh ssh.o readconf.o clientloop.o sshtty.o sshconnect.o sshconnect2.o mux.o ssh-sk-client.o -L. -Lopenbsd-compat/ -Wl,-z,relro -Wl,-z,now -Wl,-z,noexecstack -fstack-protector-strong -pie -lssh -lopenbsd-compat -lcrypto -lz
/usr/lib/gcc/i586-alpine-linux-musl/10.3.1/../../../../i586-alpine-linux-musl/bin/ld: ./libssh.a(sshkey.o):(.data.rel.ro+0x3c): undefined reference to `sshkey_rsa_impl'
/usr/lib/gcc/i586-alpine-linux-musl/10.3.1/../../../../i586-alpine-linux-musl/bin/ld: ./libssh.a(sshkey.o):(.data.rel.ro+0x40): undefined reference to `sshkey_rsa_cert_impl'
/usr/lib/gcc/i586-alpine-linux-musl/10.3.1/../../../../i586-alpine-linux-musl/bin/ld: ./libssh.a(sshkey.o):(.data.rel.ro+0x44): undefined reference to `sshkey_rsa_sha256_impl'
/usr/lib/gcc/i586-alpine-linux-musl/10.3.1/../../../../i586-alpine-linux-musl/bin/ld: ./libssh.a(sshkey.o):(.data.rel.ro+0x48): undefined reference to `sshkey_rsa_sha256_cert_impl'
/usr/lib/gcc/i586-alpine-linux-musl/10.3.1/../../../../i586-alpine-linux-musl/bin/ld: ./libssh.a(sshkey.o):(.data.rel.ro+0x4c): undefined reference to `sshkey_rsa_sha512_impl'
/usr/lib/gcc/i586-alpine-linux-musl/10.3.1/../../../../i586-alpine-linux-musl/bin/ld: ./libssh.a(sshkey.o):(.data.rel.ro+0x50): undefined reference to `sshkey_rsa_sha512_cert_impl'
collect2: error: ld returned 1 exit status
make: *** [Makefile:207: ssh] Error 1
I saw 'i586' as target, it appears that this script is using a cross compiler to an Intel platform. Should this code not be compiled to 'arm64' so that it runs under iSH on iOS ?
@freebrowser1 Did you file a bug in OpenSSH-portable ? What happens when you use stable branch instead master?
This is a really nice app, much like Termux in Android.
But there is one flaw: sftp in an SSH file browser does not work. Probably a 'standard' Linux/SSH issue.
I connected using Forklift on macOS which resulted in an error (screenshot)
.
I changed sshd-config on the iSH server with the help of searching on this issue on internet by adding
PubkeyAuthentication yes
and changing:but to no avail. Obviously I restarted iSH by closing and reopening it on the iPad itself by pressing Ctrl+D and then starting again which automatically starts sshd as I can immediately ssh into iSH again from my Mac.
When I run sftp in verbose mode then the result is:
Adding to
~/.ssh/config
does not help, it only leaves out the message
debug1: client_global_hostkeys_private_confirm: server used untrusted RSA signature algorithm ssh-rsa for key 0, disregarding
.And why does it ask for known_hosts2 ?
iPadOS version 16.4
From a Debian Linux client a similar RSA key message appears.