search

microsoft / vscode-remote-release

Visual Studio Code Remote Development: Open any folder in WSL, in a Docker container, or on a remote machine using SSH and take advantage of VS Code's full feature set.
https://aka.ms/vscode-remote
Other
3.67k stars 291 forks source link

remote-ssh from MacOS to Linux times out #1127

Closed pktgen closed 5 years ago

pktgen commented 5 years ago

Also tested on insiders version: Version: 1.37.0-insider Commit: 5e08ee01b7daee99cdda2456f19d77e715fb8762 Date: 2019-08-05T21:16:01.319Z Electron: 4.2.7 Chrome: 69.0.3497.128 Node.js: 10.11.0 V8: 6.9.427.31-electron.0 OS: Darwin x64 18.7.0

Steps to Reproduce:

  1. Install Remote-SSH and enable
  2. Use remote-ssh to connect to the remote client click on Remote-SSH: Connect to remote host
  3. type in hostname

I have two ways to connect to the local machine. turn off the software VPN and everything works as expected. When I turn on the software VPN I can not connect to the local machine via the proxy server. I need the VPN running for work, which does not support split-tunneling which is disabled at the remote VPN server side.

The IP address I use is the IP address of the local linksys router(internet router) with port forwarding enabled for port 22 to the local machine IP address.

Using simple 'ssh linksys' from the command line works with VPN enabled.

The remote-ssh uses the command: ssh -o ClearAllForwardings=true -o ConnectTimeout=15 linksys bash

I then took the line above and executed it in the macOS terminal and the command timed out as well. If I remove 'bash' and '-o ConnectTimeout=15' the ssh session connects to the local machine via the VPN/Proxy server. I also tried removing just one of the two options.

For whatever reason (I am assuming the proxy server) does not like these two options.

I could not find any method to remove these options from being used with the remote-ssh, is there someway to remove these or a different configuration option? I can not have the remote VPN server change or modified in any way.

Does this issue occur when you try this locally?: Yes without VPN, No with the VPN up Does this issue occur when you try this locally and all extensions are disabled?: Same as above.

roblourens commented 5 years ago

It sounds like it's just timing out due to the ConnectTimeout option. How long does it take to successfully connect when you remove the timeout option? I can add a setting to change or disable that timeout.

pktgen commented 5 years ago

It normally takes only few seconds to connect with vpn up.

I did try the command without the timeout option in the macOS terminal window and it still did not connect after 20 secs or so. I had to remove both timeout and the bash at the end of the line to get the connection to work.

roblourens commented 5 years ago

What if you try a different command like replace bash with "uname -a"

pktgen commented 5 years ago

I tried with vpn enabled: ssh -o ClearAllForwardings=true -o ConnectTimeout=15 linksys bash # does NOT work ssh -o ClearAllForwardings=true -o ConnectTimeout=15 linksys uname -a # does NOT work

Turned on the -o LogLevel=DEBUG2

ssh -o ClearAllForwardings=true -o ConnectTimeout=15 -o LogLevel=DEBUG2 linksys bash # does NOT work ssh -o ClearAllForwardings=true -o ConnectTimeout=15 -o LogLevel=DEBUG2 linksys uname -a # does NOT work

The two above just hang trying to connect, but timeout in 15 secs.

ssh -o ClearAllForwardings=true linksys uname -a # does work ssh -o ClearAllForwardings=true linksys # does work

ssh -o ClearAllForwardings=true -o LogLevel=DEBUG2 linksys bash # does NOT work

The one above seems to connect and sends the command 'bash', but hangs with no shell command prompt.

Without VPN enabled:

ssh -o ClearAllForwardings=true -o LogLevel=DEBUG2 linksys bash # Does not work

This command seems to connect, but hangs after sending the bash command just like the ones above. With uname -a as the command it works.

ssh -o ClearAllForwardings=true -o ConnectTimeout=15 -o LogLevel=DEBUG2 linksys uname -a # Works

It appears the command using 'bash' does not work with or without VPN enabled. This seems to be some type of restriction on the Ubuntu 19.04 Linux setup. I could not find any place to disable and maybe just a security feature not allowing you to start a bash shell with a Authentication login.

I create a simple user with a password and entered the password, this did not work for 'bash'. Removing bash allowed me to enter password and get a shell prompt. Also uname -a worked.

It seems like I have two problems '-o ConnectTimeout=15' seems to work without VPN, but using bash as the command does not work.

With VPN '-o ConnectTimeout=15' does not work in any case. If I remove the timeout then only the 'bash' command does not work.

It appears if I could disable the Timeout and 'bash' then it would work for both. Hope I did not make any mistakes it is very late.

Thanks

roblourens commented 5 years ago

Do you get any useful logs when you start with LogLevel set, or just with -vvv?

Getting rid of bash isn't possible, because we have to run a command in bash.

pktgen commented 5 years ago

I only tried with LogLevel=DEBUGX. I did not include the output as it can be long.

Here is the normal text in the output window with VPN enabled.

[11:31:54.617] remote-ssh@0.45.4 [11:31:54.617] darwin x64 [11:31:54.618] SSH Resolver called for "ssh-remote+linksys", attempt 1 [11:31:54.618] SSH Resolver called for host: linksys [11:31:54.618] Setting up SSH remote "linksys" [11:31:54.630] Using commit id "036a6b1d3ac84e5ca96a17a44e63a87971f8fcc8" and quality "stable" for server [11:31:54.632] Testing ssh with ssh -V [11:31:54.656] ssh exited with code: 0 [11:31:54.656] Got stderr from ssh: OpenSSH_7.9p1, LibreSSL 2.7.3 [11:31:54.656] Running script with connection command: ssh -o ClearAllForwardings=true -o ConnectTimeout=15 linksys bash [11:31:54.656] Install and start server if needed [11:32:09.778] > ssh: connect to host linksys port 22: Operation timed out [11:32:09.778] Got some output, clearing connection timeout [11:32:10.052] "install" terminal command done [11:32:10.052] Install terminal quit with output: ssh: connect to host linksys port 22: Operation timed out [11:32:10.052] Received install output: ssh: connect to host linksys port 22: Operation timed out [11:32:10.053] The operation timed out [11:32:10.053] TELEMETRY: {"eventName":"resolver","properties":{"outcome":"failure","reason":"OfflineError"},"measures":{"resolveAttempts":1,"retries":1}} [11:32:10.053] ------

Here is the DEBUG2 output from the command line. (replaced the IP address with 1.2.3.4) If I remove 'bash' I get the exact same output.

ssh -o ClearAllForwardings=true -o ConnectTimeout=15 -o LogLevel=DEBUG2 linksys bash debug1: Reading configuration data /Users/foobar/.ssh/config debug1: Reading configuration data /etc/ssh/ssh_config debug1: /etc/ssh/ssh_config line 48: Applying options for debug1: /etc/ssh/ssh_config line 54: Applying options for debug2: resolving "linksys" port 22 debug2: ssh_connect_direct debug1: Connecting to linksys [1.2.3.4] port 22. debug2: fd 5 setting O_NONBLOCK debug1: connect to address 1.2.3.4 port 22: Operation timed out ssh: connect to host linksys port 22: Operation timed out

If I take out the ConnectTimeout=15

ssh -o ClearAllForwardings=true -o LogLevel=DEBUG2 linksys bash debug1: Reading configuration data /Users/foobar/.ssh/config debug1: Reading configuration data /etc/ssh/ssh_config debug1: /etc/ssh/ssh_config line 48: Applying options for debug1: /etc/ssh/ssh_config line 54: Applying options for debug1: Connecting to linksys port 22. debug1: Connection established. debug1: identity file /Users/foobar/.ssh/id_rsa type 0 debug1: identity file /Users/foobar/.ssh/id_rsa-cert type -1 debug1: identity file /Users/foobar/.ssh/id_dsa type -1 debug1: identity file /Users/foobar/.ssh/id_dsa-cert type -1 debug1: identity file /Users/foobar/.ssh/id_ecdsa type -1 debug1: identity file /Users/foobar/.ssh/id_ecdsa-cert type -1 debug1: identity file /Users/foobar/.ssh/id_ed25519 type -1 debug1: identity file /Users/foobar/.ssh/id_ed25519-cert type -1 debug1: identity file /Users/foobar/.ssh/id_xmss type -1 debug1: identity file /Users/foobar/.ssh/id_xmss-cert type -1 debug1: Local version string SSH-2.0-OpenSSH_7.9 debug1: Remote protocol version 2.0, remote software version OpenSSH_7.9p1 Ubuntu-10 debug1: match: OpenSSH_7.9p1 Ubuntu-10 pat OpenSSH* compat 0x04000000 debug1: Authenticating to linksys:22 as 'foobar' debug1: SSH2_MSG_KEXINIT sent debug1: SSH2_MSG_KEXINIT received debug2: local client KEXINIT proposal debug2: KEX algorithms: curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c debug2: host key algorithms: ecdsa-sha2-nistp256-cert-v01@openssh.com,ecdsa-sha2-nistp384-cert-v01@openssh.com,ecdsa-sha2-nistp521-cert-v01@openssh.com,ecdsa-sha2-nistp256,ecdsa-sha2-nistp384,ecdsa-sha2-nistp521,ssh-ed25519-cert-v01@openssh.com,rsa-sha2-512-cert-v01@openssh.com,rsa-sha2-256-cert-v01@openssh.com,ssh-rsa-cert-v01@openssh.com,ssh-ed25519,rsa-sha2-512,rsa-sha2-256,ssh-rsa debug2: ciphers ctos: chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com debug2: ciphers stoc: chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com debug2: MACs ctos: umac-64-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha1-etm@openssh.com,umac-64@openssh.com,umac-128@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1 debug2: MACs stoc: umac-64-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha1-etm@openssh.com,umac-64@openssh.com,umac-128@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1 debug2: compression ctos: none,zlib@openssh.com,zlib debug2: compression stoc: none,zlib@openssh.com,zlib debug2: languages ctos: debug2: languages stoc: debug2: first_kex_follows 0 debug2: reserved 0 debug2: peer server KEXINIT proposal debug2: KEX algorithms: curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1 debug2: host key algorithms: rsa-sha2-512,rsa-sha2-256,ssh-rsa,ecdsa-sha2-nistp256,ssh-ed25519 debug2: ciphers ctos: chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com debug2: ciphers stoc: chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com debug2: MACs ctos: umac-64-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha1-etm@openssh.com,umac-64@openssh.com,umac-128@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1 debug2: MACs stoc: umac-64-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha1-etm@openssh.com,umac-64@openssh.com,umac-128@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1 debug2: compression ctos: none,zlib@openssh.com debug2: compression stoc: none,zlib@openssh.com debug2: languages ctos: debug2: languages stoc: debug2: first_kex_follows 0 debug2: reserved 0 debug1: kex: algorithm: curve25519-sha256 debug1: kex: host key algorithm: ecdsa-sha2-nistp256 debug1: kex: server->client cipher: chacha20-poly1305@openssh.com MAC: compression: none debug1: kex: client->server cipher: chacha20-poly1305@openssh.com MAC: compression: none debug1: expecting SSH2_MSG_KEX_ECDH_REPLY debug1: Server host key: ecdsa-sha2-nistp256 SHA256:6AdpPnbFBxaAiDdrldBQaHopRx debug1: Host 'linksys' is known and matches the ECDSA host key. debug1: Found key in /Users/foobar/.ssh/known_hosts:1 debug2: set_newkeys: mode 1 debug1: rekey after 134217728 blocks debug1: SSH2_MSG_NEWKEYS sent debug1: expecting SSH2_MSG_NEWKEYS debug1: SSH2_MSG_NEWKEYS received debug2: set_newkeys: mode 0 debug1: rekey after 134217728 blocks debug1: Will attempt key: /Users/foobar/.ssh/id_rsa RSA SHA256:m7AYy/iUhUbl9vuzlGSnZJbp3qq80 debug1: Will attempt key: /Users/foobar/.ssh/id_dsa debug1: Will attempt key: /Users/foobar/.ssh/id_ecdsa debug1: Will attempt key: /Users/foobar/.ssh/id_ed25519 debug1: Will attempt key: /Users/foobar/.ssh/id_xmss debug2: pubkey_prepare: done debug1: SSH2_MSG_EXT_INFO received debug1: kex_input_ext_info: server-sig-algs=<ssh-ed25519,ssh-rsa,rsa-sha2-256,rsa-sha2-512,ssh-dss,ecdsa-sha2-nistp256,ecdsa-sha2-nistp384,ecdsa-sha2-nistp521> debug2: service_accept: ssh-userauth debug1: SSH2_MSG_SERVICE_ACCEPT received debug1: Authentications that can continue: publickey,password debug1: Next authentication method: publickey debug1: Offering public key: /Users/foobar/.ssh/id_rsa RSA SHA256:m7AYy/iUhUbl9vuzlGSnZJbp3qq8 debug2: we sent a publickey packet, wait for reply debug1: Server accepts key: /Users/foobar/.ssh/id_rsa RSA SHA256:m7AYy/iUhUbl9vuzlGSnZJbp3qq debug1: Authentication succeeded (publickey). Authenticated to linksys ([127.0.0.1]:57384). debug1: channel 0: new [client-session] debug2: channel 0: send open debug1: Requesting no-more-sessions@openssh.com debug1: Entering interactive session. debug1: pledge: network debug1: client_input_global_request: rtype hostkeys-00@openssh.com want_reply 0 debug1: Remote: /work/home/foobar/.ssh/authorized_keys:1: key options: agent-forwarding port-forwarding pty user-rc x11-forwarding debug1: Remote: /work/home/foobar/.ssh/authorized_keys:1: key options: agent-forwarding port-forwarding pty user-rc x11-forwarding debug2: channel_input_open_confirmation: channel 0: callback start debug2: fd 5 setting TCP_NODELAY debug2: client_session2_setup: id 0 debug1: Sending environment. debug1: Sending env LANG = en_US.UTF-8 debug2: channel 0: request env confirm 0 debug1: Sending env LC_TERMINAL_VERSION = 3.3.20190810-nightly debug2: channel 0: request env confirm 0 debug1: Sending env LC_TERMINAL = iTerm2 debug2: channel 0: request env confirm 0 debug1: Sending command: bash debug2: channel 0: request exec confirm 1 debug2: channel_input_open_confirmation: channel 0: callback done debug2: channel 0: open confirm rwindow 0 rmax 32768 debug2: channel 0: rcvd adjust 2097152 debug2: channel_input_status_confirm: type 99 id 0 debug2: exec request accepted on channel 0 debug1: client_input_channel_req: channel 0 rtype keepalive@openssh.com reply 1 debug1: client_input_channel_req: channel 0 rtype keepalive@openssh.com reply 1 Control-C to exit

If I remove ConnectTimeout and bash I get the following.

ssh -o ClearAllForwardings=true -o LogLevel=DEBUG2 linksys debug1: Reading configuration data /Users/foobar/.ssh/config debug1: Reading configuration data /etc/ssh/ssh_config debug1: /etc/ssh/ssh_config line 48: Applying options for debug1: /etc/ssh/ssh_config line 54: Applying options for debug1: Connecting to linksys port 22. debug1: Connection established. debug1: identity file /Users/foobar/.ssh/id_rsa type 0 debug1: identity file /Users/foobar/.ssh/id_rsa-cert type -1 debug1: identity file /Users/foobar/.ssh/id_dsa type -1 debug1: identity file /Users/foobar/.ssh/id_dsa-cert type -1 debug1: identity file /Users/foobar/.ssh/id_ecdsa type -1 debug1: identity file /Users/foobar/.ssh/id_ecdsa-cert type -1 debug1: identity file /Users/foobar/.ssh/id_ed25519 type -1 debug1: identity file /Users/foobar/.ssh/id_ed25519-cert type -1 debug1: identity file /Users/foobar/.ssh/id_xmss type -1 debug1: identity file /Users/foobar/.ssh/id_xmss-cert type -1 debug1: Local version string SSH-2.0-OpenSSH_7.9 debug1: Remote protocol version 2.0, remote software version OpenSSH_7.9p1 Ubuntu-10 debug1: match: OpenSSH_7.9p1 Ubuntu-10 pat OpenSSH* compat 0x04000000 debug1: Authenticating to linksys:22 as 'foobar' debug1: SSH2_MSG_KEXINIT sent debug1: SSH2_MSG_KEXINIT received debug2: local client KEXINIT proposal debug2: KEX algorithms: curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c debug2: host key algorithms: ecdsa-sha2-nistp256-cert-v01@openssh.com,ecdsa-sha2-nistp384-cert-v01@openssh.com,ecdsa-sha2-nistp521-cert-v01@openssh.com,ecdsa-sha2-nistp256,ecdsa-sha2-nistp384,ecdsa-sha2-nistp521,ssh-ed25519-cert-v01@openssh.com,rsa-sha2-512-cert-v01@openssh.com,rsa-sha2-256-cert-v01@openssh.com,ssh-rsa-cert-v01@openssh.com,ssh-ed25519,rsa-sha2-512,rsa-sha2-256,ssh-rsa debug2: ciphers ctos: chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com debug2: ciphers stoc: chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com debug2: MACs ctos: umac-64-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha1-etm@openssh.com,umac-64@openssh.com,umac-128@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1 debug2: MACs stoc: umac-64-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha1-etm@openssh.com,umac-64@openssh.com,umac-128@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1 debug2: compression ctos: none,zlib@openssh.com,zlib debug2: compression stoc: none,zlib@openssh.com,zlib debug2: languages ctos: debug2: languages stoc: debug2: first_kex_follows 0 debug2: reserved 0 debug2: peer server KEXINIT proposal debug2: KEX algorithms: curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1 debug2: host key algorithms: rsa-sha2-512,rsa-sha2-256,ssh-rsa,ecdsa-sha2-nistp256,ssh-ed25519 debug2: ciphers ctos: chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com debug2: ciphers stoc: chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com debug2: MACs ctos: umac-64-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha1-etm@openssh.com,umac-64@openssh.com,umac-128@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1 debug2: MACs stoc: umac-64-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha1-etm@openssh.com,umac-64@openssh.com,umac-128@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1 debug2: compression ctos: none,zlib@openssh.com debug2: compression stoc: none,zlib@openssh.com debug2: languages ctos: debug2: languages stoc: debug2: first_kex_follows 0 debug2: reserved 0 debug1: kex: algorithm: curve25519-sha256 debug1: kex: host key algorithm: ecdsa-sha2-nistp256 debug1: kex: server->client cipher: chacha20-poly1305@openssh.com MAC: compression: none debug1: kex: client->server cipher: chacha20-poly1305@openssh.com MAC: compression: none debug1: expecting SSH2_MSG_KEX_ECDH_REPLY debug1: Server host key: ecdsa-sha2-nistp256 SHA256:6AdpPnbFBxaAiDdrldBQaHopRxBRQ/42EoqN/v1BSdw debug1: Host 'linksys' is known and matches the ECDSA host key. debug1: Found key in /Users/foobar/.ssh/known_hosts:1 debug2: set_newkeys: mode 1 debug1: rekey after 134217728 blocks debug1: SSH2_MSG_NEWKEYS sent debug1: expecting SSH2_MSG_NEWKEYS debug1: SSH2_MSG_NEWKEYS received debug2: set_newkeys: mode 0 debug1: rekey after 134217728 blocks debug1: Will attempt key: /Users/foobar/.ssh/id_rsa RSA SHA256:m7AYy/iUhUbl9vuzlGSnZJbp3qq80Cr debug1: Will attempt key: /Users/foobar/.ssh/id_dsa debug1: Will attempt key: /Users/foobar/.ssh/id_ecdsa debug1: Will attempt key: /Users/foobar/.ssh/id_ed25519 debug1: Will attempt key: /Users/foobar/.ssh/id_xmss debug2: pubkey_prepare: done debug1: SSH2_MSG_EXT_INFO received debug1: kex_input_ext_info: server-sig-algs=<ssh-ed25519,ssh-rsa,rsa-sha2-256,rsa-sha2-512,ssh-dss,ecdsa-sha2-nistp256,ecdsa-sha2-nistp384,ecdsa-sha2-nistp521> debug2: service_accept: ssh-userauth debug1: SSH2_MSG_SERVICE_ACCEPT received debug1: Authentications that can continue: publickey,password debug1: Next authentication method: publickey debug1: Offering public key: /Users/foobar/.ssh/id_rsa RSA SHA256:m7AYy/iUhUbl9vuzlGSnZJbp3qq80Cr debug2: we sent a publickey packet, wait for reply debug1: Server accepts key: /Users/foobar/.ssh/id_rsa RSA SHA256:m7AYy/iUhUbl9vuzlGSnZJbp3qq80Cr debug1: Authentication succeeded (publickey). Authenticated to linksys ([127.0.0.1]:57426). debug1: channel 0: new [client-session] debug2: channel 0: send open debug1: Requesting no-more-sessions@openssh.com debug1: Entering interactive session. debug1: pledge: network debug1: client_input_global_request: rtype hostkeys-00@openssh.com want_reply 0 debug1: Remote: /work/home/foobar/.ssh/authorized_keys:1: key options: agent-forwarding port-forwarding pty user-rc x11-forwarding debug1: Remote: /work/home/foobar/.ssh/authorized_keys:1: key options: agent-forwarding port-forwarding pty user-rc x11-forwarding debug2: channel_input_open_confirmation: channel 0: callback start debug2: fd 5 setting TCP_NODELAY debug2: client_session2_setup: id 0 debug2: channel 0: request pty-req confirm 1 debug1: Sending environment. debug1: Sending env LANG = en_US.UTF-8 debug2: channel 0: request env confirm 0 debug1: Sending env LC_TERMINAL_VERSION = 3.3.20190810-nightly debug2: channel 0: request env confirm 0 debug1: Sending env LC_TERMINAL = iTerm2 debug2: channel 0: request env confirm 0 debug2: channel 0: request shell confirm 1 debug2: channel_input_open_confirmation: channel 0: callback done debug2: channel 0: open confirm rwindow 0 rmax 32768 debug2: channel_input_status_confirm: type 99 id 0 debug2: PTY allocation request accepted on channel 0 debug2: channel 0: rcvd adjust 2097152 debug2: channel_input_status_confirm: type 99 id 0 debug2: shell request accepted on channel 0 Welcome to Ubuntu 19.04 (GNU/Linux 5.0.0-23-generic x86_64)

1 update can be installed immediately. 0 of these updates are security updates.

Last login: Sat Aug 10 02:19:36 2019 from 192.168.1.1

So for my configuration it seems bash maybe a problem with login to the Ubuntu server and ConnectTimeout maybe a problem with the VPN Server. I searched for something that maybe was restricting the use of bash on the command line.

Does SSH not just use the login shell defined in the login process or is that just me assuming it does?

Is the source code open sourced as I could not find it with my searching? I was thinking I could play with the options and maybe give more details. If not that is OK too.

Thanks

pktgen commented 5 years ago

Here is the output with VPN disabled.

ssh -o ClearAllForwardings=true -o LogLevel=DEBUG2 linksys bash debug1: Reading configuration data /Users/rkwiles/.ssh/config debug1: Reading configuration data /etc/ssh/ssh_config debug1: /etc/ssh/ssh_config line 48: Applying options for debug1: /etc/ssh/ssh_config line 54: Applying options for debug1: Connecting to linksys port 22. debug1: Connection established. debug1: identity file /Users/rkwiles/.ssh/id_rsa type 0 debug1: identity file /Users/rkwiles/.ssh/id_rsa-cert type -1 debug1: identity file /Users/rkwiles/.ssh/id_dsa type -1 debug1: identity file /Users/rkwiles/.ssh/id_dsa-cert type -1 debug1: identity file /Users/rkwiles/.ssh/id_ecdsa type -1 debug1: identity file /Users/rkwiles/.ssh/id_ecdsa-cert type -1 debug1: identity file /Users/rkwiles/.ssh/id_ed25519 type -1 debug1: identity file /Users/rkwiles/.ssh/id_ed25519-cert type -1 debug1: identity file /Users/rkwiles/.ssh/id_xmss type -1 debug1: identity file /Users/rkwiles/.ssh/id_xmss-cert type -1 debug1: Local version string SSH-2.0-OpenSSH_7.9 debug1: Remote protocol version 2.0, remote software version OpenSSH_7.9p1 Ubuntu-10 debug1: match: OpenSSH_7.9p1 Ubuntu-10 pat OpenSSH* compat 0x04000000 debug1: Authenticating to linksys:22 as 'rkwiles' debug1: SSH2_MSG_KEXINIT sent debug1: SSH2_MSG_KEXINIT received debug2: local client KEXINIT proposal debug2: KEX algorithms: curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c debug2: host key algorithms: ecdsa-sha2-nistp256-cert-v01@openssh.com,ecdsa-sha2-nistp384-cert-v01@openssh.com,ecdsa-sha2-nistp521-cert-v01@openssh.com,ecdsa-sha2-nistp256,ecdsa-sha2-nistp384,ecdsa-sha2-nistp521,ssh-ed25519-cert-v01@openssh.com,rsa-sha2-512-cert-v01@openssh.com,rsa-sha2-256-cert-v01@openssh.com,ssh-rsa-cert-v01@openssh.com,ssh-ed25519,rsa-sha2-512,rsa-sha2-256,ssh-rsa debug2: ciphers ctos: chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com debug2: ciphers stoc: chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com debug2: MACs ctos: umac-64-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha1-etm@openssh.com,umac-64@openssh.com,umac-128@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1 debug2: MACs stoc: umac-64-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha1-etm@openssh.com,umac-64@openssh.com,umac-128@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1 debug2: compression ctos: none,zlib@openssh.com,zlib debug2: compression stoc: none,zlib@openssh.com,zlib debug2: languages ctos: debug2: languages stoc: debug2: first_kex_follows 0 debug2: reserved 0 debug2: peer server KEXINIT proposal debug2: KEX algorithms: curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1 debug2: host key algorithms: rsa-sha2-512,rsa-sha2-256,ssh-rsa,ecdsa-sha2-nistp256,ssh-ed25519 debug2: ciphers ctos: chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com debug2: ciphers stoc: chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com debug2: MACs ctos: umac-64-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha1-etm@openssh.com,umac-64@openssh.com,umac-128@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1 debug2: MACs stoc: umac-64-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha1-etm@openssh.com,umac-64@openssh.com,umac-128@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1 debug2: compression ctos: none,zlib@openssh.com debug2: compression stoc: none,zlib@openssh.com debug2: languages ctos: debug2: languages stoc: debug2: first_kex_follows 0 debug2: reserved 0 debug1: kex: algorithm: curve25519-sha256 debug1: kex: host key algorithm: ecdsa-sha2-nistp256 debug1: kex: server->client cipher: chacha20-poly1305@openssh.com MAC: compression: none debug1: kex: client->server cipher: chacha20-poly1305@openssh.com MAC: compression: none debug1: expecting SSH2_MSG_KEX_ECDH_REPLY debug1: Server host key: ecdsa-sha2-nistp256 SHA256:6AdpPnbFBxaAiDdrldBQaHopRxBRQ/42EoqN/v1BSdw debug1: Host 'linksys' is known and matches the ECDSA host key. debug1: Found key in /Users/rkwiles/.ssh/known_hosts:1 debug2: set_newkeys: mode 1 debug1: rekey after 134217728 blocks debug1: SSH2_MSG_NEWKEYS sent debug1: expecting SSH2_MSG_NEWKEYS debug1: SSH2_MSG_NEWKEYS received debug2: set_newkeys: mode 0 debug1: rekey after 134217728 blocks debug1: Will attempt key: /Users/rkwiles/.ssh/id_rsa RSA SHA256:m7AYy/iUhUbl9vuzlGSnZJbp3qq80Crf2h/f9DZO6Fg debug1: Will attempt key: /Users/rkwiles/.ssh/id_dsa debug1: Will attempt key: /Users/rkwiles/.ssh/id_ecdsa debug1: Will attempt key: /Users/rkwiles/.ssh/id_ed25519 debug1: Will attempt key: /Users/rkwiles/.ssh/id_xmss debug2: pubkey_prepare: done debug1: SSH2_MSG_EXT_INFO received debug1: kex_input_ext_info: server-sig-algs=<ssh-ed25519,ssh-rsa,rsa-sha2-256,rsa-sha2-512,ssh-dss,ecdsa-sha2-nistp256,ecdsa-sha2-nistp384,ecdsa-sha2-nistp521> debug2: service_accept: ssh-userauth debug1: SSH2_MSG_SERVICE_ACCEPT received debug1: Authentications that can continue: publickey,password debug1: Next authentication method: publickey debug1: Offering public key: /Users/rkwiles/.ssh/id_rsa RSA SHA256:m7AYy/iUhUbl9vuzlGSnZJbp3qq80Crf2h/f9DZO6Fg debug2: we sent a publickey packet, wait for reply debug1: Server accepts key: /Users/rkwiles/.ssh/id_rsa RSA SHA256:m7AYy/iUhUbl9vuzlGSnZJbp3qq80Crf2h/f9DZO6Fg debug1: Authentication succeeded (publickey). Authenticated to linksys ([47.24.80.18]:22). debug1: channel 0: new [client-session] debug2: channel 0: send open debug1: Requesting no-more-sessions@openssh.com debug1: Entering interactive session. debug1: pledge: network debug1: client_input_global_request: rtype hostkeys-00@openssh.com want_reply 0 debug1: Remote: /work/home/rkwiles/.ssh/authorized_keys:1: key options: agent-forwarding port-forwarding pty user-rc x11-forwarding debug1: Remote: /work/home/rkwiles/.ssh/authorized_keys:1: key options: agent-forwarding port-forwarding pty user-rc x11-forwarding debug2: channel_input_open_confirmation: channel 0: callback start debug2: fd 5 setting TCP_NODELAY debug2: client_session2_setup: id 0 debug1: Sending environment. debug1: Sending env LANG = en_US.UTF-8 debug2: channel 0: request env confirm 0 debug1: Sending env LC_TERMINAL_VERSION = 3.3.20190810-nightly debug2: channel 0: request env confirm 0 debug1: Sending env LC_TERMINAL = iTerm2 debug2: channel 0: request env confirm 0 debug1: Sending command: bash debug2: channel 0: request exec confirm 1 debug2: channel_input_open_confirmation: channel 0: callback done debug2: channel 0: open confirm rwindow 0 rmax 32768 debug2: channel 0: rcvd adjust 2097152 debug2: channel_input_status_confirm: type 99 id 0 debug2: exec request accepted on channel 0

Just seems to hang here not giving me a login prompt. I see the keepalive messages. With the ConnectTimeout=15 option and with 'bash' I do not get a login prompt, but seems to connect.

With the ConnectTimeout=15 and no 'bash' option it does login and give me a prompt.

Hope this is enough info.

Thanks

roblourens commented 5 years ago

Ok, thanks for the logs. I don't really see any red flags. I am really confused that ConnectTimeout is breaking this since you say

It normally takes only few seconds to connect with vpn up.

What if you try something like ConnectTimeout=200000

pktgen commented 5 years ago

I tried 2000 and that worked, then I set it to 30 - did not worked Operation Timed out 45 - worked - After waiting 30secs 31 - worked - After waiting 30secs ConnectTimeout=0 works normally without delay

Must be some type of default at the VPN server when it sees the ConnectTimeout option.

ssh -o ConnectTimeout=XX linksys bash

Just hangs but it does connect to the remote machine as if bash is waiting for a command, but I expected it to give a shell prompt. So to test that out I create a simple UNAME script in my home directory that just had one line 'uname -a'. XX = 0 works within a second. Any value <= 30 timeout, >=31 works after 30 second timeout.

ssh -o ConnectTimeout=XX linksys bash UNAME

Looks like all I really need is a way to set the ConnectTimeout value to zero or greater than 30 seconds or disable the to ConnectTimeout completely. I did try 30 before and it timed out, just did not try a longer time. :-(

Looks like I was just not waiting long enough time for the VPN server to timeout and continue the connection. Not sure why the Server is waiting to continue the connection if it sees the ConnectTimeout option does not equal 0.

Is there a way to change the connection timeout of 15 to 0 or at least 31? I tried changing the /etc/ssh/ssh_config file and setting the ConnectTimeout= 0 or 31 and did not change the line used in remote-ssh output.

Thanks

pktgen commented 5 years ago

I set up ~/.ssh/config to

Host linksys-VPN User foobar HostName linksys ConnectTimeout 0

and it works.

Thanks

roblourens commented 5 years ago

I'm pretty sure ConnectTimeout is a client-side option, which is why this is so confusing. That's the whole point, so timeout if a connection can't be established to the server.

I'm glad you have a workaround, I think you should stick with your workaround for now. I don't want to add a setting for this until I understand the actual problem better. Will watch out for more reports...

ianpogi5 commented 5 years ago

This is almost the same issue as mine #1415 except that I don't use vpn (both client and server are on the same LAN).

"ConnectTimeout 0" didn't work for me.

Here's my ssh config

Host pi
HostName 192.168.1.7
User pi
ConnectTimeout 0

It seems to stop at "Sending command: bash". @roblourens can you tell us what commands are being run so I can troubleshoot manually on my end? Or is there a debug mode for remote-ssh I could turn on to find out more info?

roblourens commented 5 years ago

Please open your own issue and include the log from the Remote-SSH output channel.

ianpogi5 commented 5 years ago

@roblourens I did and you closed it. #1415