Xpra: Ticket #2685: New paramiko default mode doesn't work, --ssh=ssh still does

Summary pretty much says it all

On the client:

~$ xpra --version
xpra v3.0.7-r25627

On the server:

$ xpra --version
xpra v3.0.6-r25195

How I generated debug output on the client:

~$ xpra start ssh:myhost --start="xterm" -d all &> output # fails
~$ xpra start ssh:myhost --start="xterm" -d all --ssh=ssh &> output_ssh # succeeded, then I closed and ctrl+c'd

Sun, 29 Mar 2020 16:46:10 GMT - jgarvin: attachment set


Sun, 29 Mar 2020 16:47:42 GMT - jgarvin: attachment set


Sun, 29 Mar 2020 16:49:05 GMT - jgarvin:

Should have mentioned the error is

2020-03-29 11:41:03,432 Authentication (publickey) faile d.

Regular ssh into the machine from the command line works, as does xpra with --ssh=ssh.

Sun, 29 Mar 2020 16:52:39 GMT - jgarvin:

Also possibly relevant is I use a ProxyCommand in my ssh config (I detect whether my laptop dock is connected, and if so I assume I have ethernet via it directly into a machine on the network, instead of going over the internet). Will attach...

Sun, 29 Mar 2020 16:54:00 GMT - jgarvin: attachment set

Sun, 29 Mar 2020 16:57:28 GMT - jgarvin: attachment set

Mon, 30 Mar 2020 03:14:23 GMT - Antoine Martin: owner, description changed

From the log: the client is running Ubuntu Eoan. (no idea about the server - doesn't matter)

FYI: for ssh debugging, -d ssh is enough, -d all is very verbose.

Edit: saw the proxy command attached (doh). Does it require the public keys to do its job? Are they unlocked by the agent? It looks as if the server only supports auth_publickey? You may want to try the latest 4.0-RC builds: https://xpra.org/beta, as those may give better debug output.

Wed, 08 Apr 2020 14:00:30 GMT - Antoine Martin:

Only just noticed the ProxyCommand script... and it is invoked as:

ProxyCommand ~/etc/systemd/maybe_proxy.sh %h

I think that the problem is that we don't replace %h.

r26047 fixes that, can you try it?

Thu, 09 Apr 2020 03:55:49 GMT - Antoine Martin: status changed; resolution set

Bug fix in r26057 then the whole thing has been removed in r26058 because paramiko does token substitution for us already (doh!): http://docs.paramiko.org/en/stable/api/config.html: We support most SSH config expansion tokens where possible, so when they are present in a config file source, the result of a SSHConfig.lookup will contain the expansions/substitutions (based on the rest of the config or properties of the local system).

And sure enough, your log had:

found proxycommand='/home/prophet/etc/systemd/maybe_proxy.sh myhost' for host 'myhost'

Also verified by adding a simple entry in my .ssh/config:

Host test_local
  Hostname localhost
  ProxyCommand nc %h 22

And the -d ssh output shows paramiko using nc localhost 22.

So this was not the problem.

Then I also tested your script example using:

if [ "1" == "1" ]; then
    exec nc $1 22
    exec ssh -Y localhost nc $1 22

(and changing the if statement to test both branches) This also worked fine.

My guess is that this is a problem with keys or agent, not xpra.

Sat, 23 Jan 2021 05:58:03 GMT - migration script:

this ticket has been moved to: https://github.com/Xpra-org/xpra/issues/2685