xpra icon
Bug tracker and wiki

Opened 8 months ago

Closed 8 months ago

#2685 closed defect (invalid)

New paramiko default mode doesn't work, --ssh=ssh still does

Reported by: jgarvin Owned by: jgarvin
Priority: major Milestone: 4.0
Component: client Version: 3.0.x
Keywords: Cc:

Description (last modified by Antoine Martin)

Summary pretty much says it all

On the client:

~$ xpra --version
xpra v3.0.7-r25627

On the server:

$ xpra --version
xpra v3.0.6-r25195

How I generated debug output on the client:

~$ xpra start ssh:myhost --start="xterm" -d all &> output # fails
~$ xpra start ssh:myhost --start="xterm" -d all --ssh=ssh &> output_ssh # succeeded, then I closed and ctrl+c'd

Attachments (4)

output (262.9 KB) - added by jgarvin 8 months ago.
output
output_ssh.gz (3.2 MB) - added by jgarvin 8 months ago.
output_ssh.gz
maybe-proxy.sh (118 bytes) - added by jgarvin 8 months ago.
sshconfig (264 bytes) - added by jgarvin 8 months ago.

Change History (9)

Changed 8 months ago by jgarvin

Attachment: output added

output

Changed 8 months ago by jgarvin

Attachment: output_ssh.gz added

output_ssh.gz

comment:1 Changed 8 months ago by jgarvin

Should have mentioned the error is

2020-03-29 11:41:03,432 Authentication (publickey) faile
d.

Regular ssh into the machine from the command line works, as does xpra with --ssh=ssh.

comment:2 Changed 8 months ago by jgarvin

Also possibly relevant is I use a ProxyCommand in my ssh config (I detect whether my laptop dock is connected, and if so I assume I have ethernet via it directly into a machine on the network, instead of going over the internet). Will attach...

Last edited 8 months ago by Antoine Martin (previous) (diff)

Changed 8 months ago by jgarvin

Attachment: maybe-proxy.sh added

Changed 8 months ago by jgarvin

Attachment: sshconfig added

comment:3 Changed 8 months ago by Antoine Martin

Description: modified (diff)
Owner: changed from Antoine Martin to jgarvin

From the log: the client is running Ubuntu Eoan. (no idea about the server - doesn't matter)

FYI: for ssh debugging, -d ssh is enough, -d all is very verbose.

Edit: saw the proxy command attached (doh).
Does it require the public keys to do its job? Are they unlocked by the agent?
It looks as if the server only supports auth_publickey?
You may want to try the latest 4.0-RC builds: https://xpra.org/beta, as those may give better debug output.

Last edited 8 months ago by Antoine Martin (previous) (diff)

comment:4 Changed 8 months ago by Antoine Martin

Only just noticed the ProxyCommand script... and it is invoked as:

ProxyCommand ~/etc/systemd/maybe_proxy.sh %h

I think that the problem is that we don't replace %h.

r26047 fixes that, can you try it?

Last edited 8 months ago by Antoine Martin (previous) (diff)

comment:5 Changed 8 months ago by Antoine Martin

Resolution: invalid
Status: newclosed

Bug fix in r26057 then the whole thing has been removed in r26058 because paramiko does token substitution for us already (doh!): http://docs.paramiko.org/en/stable/api/config.html: We support most SSH config expansion tokens where possible, so when they are present in a config file source, the result of a SSHConfig.lookup will contain the expansions/substitutions (based on the rest of the config or properties of the local system).

And sure enough, your log had:

found proxycommand='/home/prophet/etc/systemd/maybe_proxy.sh myhost' for host 'myhost'

Also verified by adding a simple entry in my .ssh/config:

Host test_local
  Hostname localhost
  ProxyCommand nc %h 22

And the -d ssh output shows paramiko using nc localhost 22.

So this was not the problem.

Then I also tested your script example using:

#!/bin/bash
	
if [ "1" == "1" ]; then
    exec nc $1 22
else
    exec ssh -Y localhost nc $1 22
fi

(and changing the if statement to test both branches)
This also worked fine.

My guess is that this is a problem with keys or agent, not xpra.

Note: See TracTickets for help on using tickets.