From mboxrd@z Thu Jan 1 00:00:00 1970 MIME-Version: 1.0 In-Reply-To: References: Date: Sun, 22 Apr 2012 19:11:57 -0600 Message-ID: From: andy zerger To: Fans of the OS Plan 9 from Bell Labs <9fans@9fans.net> Content-Type: multipart/alternative; boundary=14dae9340dd513849a04be4e5345 Subject: Re: [9fans] SSHv2 Topicbox-Message-UUID: 7aa61cba-ead7-11e9-9d60-3106f5b1d025 --14dae9340dd513849a04be4e5345 Content-Type: text/plain; charset=ISO-8859-1 On Apr 2, 8:31 pm, lyn...@orthanc.ca (Lyndon Nerenberg) wrote: > On 2012-04-02, at 7:27 PM, Lyndon Nerenberg wrote: > > > I haven't tried genning up a CPU kernel with the new factotum yet. > > Sorry, I meant to say "with Richard's patched original factotum." (if there is a double-post in play or in an individuals mailbox pardon me, i tried using comp.os.plan9 on the web and I am not sure where "reply" sent the message") I haven't tried building a new pccpuf kernel yet either, but on rebooting with factotum and ssh binaries built from from blstuart/ssh and on miller/factotum I get to "auth Authentication failed" I think I might have something configured wrong, and not a bug, so please look? any thoughts/suggestions/other debugging tools? Here is some output from acid -l truss on my plan9 client, and the sshd -d logs from my gentoo sshd host /*acid -l truss /bin/ssh */ acid: new() acid: truss() fd2path(0, 0xdfffdeb0, 64) return value: 0 data: "/dev/cons" brk_(0x0000fd60) return value: 0 stat("/net/ssh", 0x0000ede4, 115) return value: -1 rfork(0x00000038) return value: 7629 await(0xdfffdcec, 511, 511) return value: 38 data: "7629 0 10 10 'sshtun 7629: threadmain'" rfork(0x00000074) return value: 7632 notify(0x0000405c) return value: 0 open("/net/cs", 2) return value: 4 pwrite(4, "ssh!192.168.1.10!22", 19, 4294967295) return value: 19 seek(0x0000e754, 4, 0, 0) return value: 0 pread(4, 0xdfffdcb0, 127, 4294967295) return value: 30 data: "/net/ssh/clone 192.168.1.10!22" open("/net/ssh/clone", 2) return value: 7 pread(7, 0xdfffd880, 255, 4294967295) return value: 1 data: "0" pwrite(7, "connect 192.168.1.10!22", 23, 4294967295) return value: 23 open("/net/ssh/0/data", 2) return value: 10 close(4) return value: 0 errstr(0xdfffda08, 128, 128) return value: 0 data: "'/net/ssh' dns: file does not exist" seek(0x0000e754, 7, 0, 0) return value: 0 pread(7, 0xdfffdf1c, 10, 4294967295) return value: 1 data: "0" open("/dev/cons", 2) return value: 4 open("/dev/consctl", 1) return value: 11 pwrite(11, "rawon", 5, 4294967295) return value: 5 pwrite(7, "ssh-userauth K rhoyerboat", 18, 4294967295) return value: -1 open("/mnt/factotum/rpc", 2) return value: 12 brk_(0x00011de8) return value: 0 pwrite(12, "start proto=pass service=ssh server=192.168.1.10 user=rhoyerboat", 57, 4294967295) return value: 57 pread(12, 0x0000ed6c, 4096, 4294967295) return value: 2 data: "ok" pwrite(12, "read ", 5, 4294967295) return value: 5 pread(12, 0x0000ed6c, 4096, 4294967295) return value: 21 data: "ok rhoyerboat XXXX12345" close(12) return value: 0 pwrite(7, "ssh-userauth k rhoyerboat XXXX12345", 33, 4294967295) return value: -1 errstr(0xdfffdbe0, 128, 128) return value: 0 data: "Authentication failed" errstr(0xdfffdbe0, 128, 128) return value: 0 data: "(null)" pwrite(2, "auth Authentication failed ", 27, 4294967295) auth Authentication failed return value: 27 pwrite(11, "rawoff", 6, 4294967295) return value: 6 close(11) return value: 0 close(4) return value: 0 pwrite(0, "close", 5, 4294967295) return value: -1 close(0) return value: 0 close(0) return value: -1 close(10) return value: 0 close(0) return value: -1 close(7) return value: 0 pwrite(0, "kill", 4, 4294967295) return value: -1 close(0) return value: -1 open("#c/pid", 0) return value: 0 pread(0, 0xdfffdec0, 20, 4294967295) return value: 12 data: " 7628 " close(0) return value: 0 7628: breakpoint _exits+0x5 INTB $0x40 /* sshd -d logs */ Connection from 192.168.1.9 port 41598 debug1: HPN Disabled: 0, HPN Buffer Size: 87380 debug1: Client protocol version 2.0; client software version Plan9 SSH: Server;Ltype: Version;Remote: 192.168.1.9-41598;Protocol: 2.0;Client: Plan9 debug1: no match: Plan9 debug1: Enabling compatibility mode for protocol 2.0 debug1: Local version string SSH-2.0-OpenSSH_5.8p1-hpn13v10 debug1: permanently_set_uid: 22/22 debug1: MYFLAG IS 1 debug1: list_hostkey_types: ssh-rsa,ssh-dss,ecdsa-sha2-nistp256 debug1: SSH2_MSG_KEXINIT sent debug1: SSH2_MSG_KEXINIT received debug1: AUTH STATE IS 0 debug1: REQUESTED ENC.NAME is 'aes128-cbc' debug1: kex: client->server aes128-cbc hmac-sha1 none SSH: Server;Ltype: Kex;Remote: 192.168.1.9-41598;Enc: aes128-cbc;MAC: hmac-sha1;Comp: none debug1: REQUESTED ENC.NAME is 'aes128-cbc' debug1: kex: server->client aes128-cbc hmac-sha1 none debug1: expecting SSH2_MSG_KEXDH_INIT debug1: SSH2_MSG_NEWKEYS sent debug1: expecting SSH2_MSG_NEWKEYS debug1: SSH2_MSG_NEWKEYS received debug1: KEX done debug1: userauth-request for user rhoyerboat service ssh-connection method password SSH: Server;Ltype: Authname;Remote: 192.168.1.9-41598;Name: rhoyerboat debug1: attempt 0 failures 0 debug1: Config token is loglevel debug1: Config token is permitrootlogin debug1: Config token is rsaauthentication debug1: Config token is pubkeyauthentication debug1: Config token is authorizedkeysfile debug1: Config token is passwordauthentication debug1: Config token is usepam debug1: Config token is printmotd debug1: Config token is printlastlog debug1: Config token is subsystem debug1: PAM: initializing for rhoyerboat debug1: PAM: setting PAM_RHOST to 192.168.1.9 debug1: PAM: setting PAM_TTY to ssh Read from socket failed: Connection reset by peer debug1: do_cleanup debug1: do_cleanup debug1: PAM: cleanup On Thu, Mar 29, 2012 at 8:10 PM, wrote: > Thanks to the support of Coraid, I am pleased to announce > that a native SSHv2 implementation is now available in > contrib. It's available in: > > contrib/blstuart/ssh > > You'll also need the backported p9p factotum in: > > contrib/quanstro/root/sys/src/cmd/auth/factotum > > Although not strictly necessary it's also helpful to add ssh > to the protocols cs understands: > > { "ssh", iplookup, iptrans, 1 }, > > There's a man page that will hopefully help to get anyone > started who wants to play with it. > > No doubt, there are still some rough edges. But we've been > using it at Coraid for a while now so at least a few of the > rough edges should be polished. Also there are some parts > of the code that are a little ugly, and I plan to clean them up. > But lest it live in a perpetual state of "just one more thing I > need to clean up" here it is. > > Good luck and enjoy, > BLS > > > --14dae9340dd513849a04be4e5345 Content-Type: text/html; charset=ISO-8859-1 Content-Transfer-Encoding: quoted-printable
On Apr 2, 8:31 pm, lyn...@orthanc.ca (Lyndon Nerenberg) wrote:> On 2012-04-02, at 7:27 PM, Lyndon Nerenberg wrote:
>
> = > I haven't tried genning up a CPU kernel with the new factotum yet.=
>
> Sorry, I meant to say "with Richard's patched origin= al factotum."
(if there is a double-post in play or in an individua= ls mailbox pardon me, i tried using comp.os.plan9 on the web and I am not s= ure where "reply" sent the message")


I haven't tried building a new pccpuf kernel yet either, but on= rebooting with factotum and ssh binaries built from=A0 from blstuart/ssh a= nd on miller/factotum I get to "auth Authentication failed"

I think I might have something configured wrong, and not a bug, so please l= ook? any thoughts/suggestions/other debugging tools?

Here is some ou= tput from acid -l truss on my plan9 client, and the sshd -d logs from my ge= ntoo sshd host


/*acid -l truss /bin/ssh */
acid: new()
acid: truss()
fd2p= ath(0, 0xdfffdeb0, 64)
=A0=A0=A0 return value: 0
=A0=A0=A0 data: &quo= t;/dev/cons"
brk_(0x0000fd60)
=A0=A0=A0 return value: 0
stat(= "/net/ssh", 0x0000ede4, 115)
=A0=A0=A0 return value: -1
rfork(0x00000038)
=A0=A0=A0 return value: = 7629
await(0xdfffdcec, 511, 511)
=A0=A0=A0 return value: 38
=A0=A0= =A0 data: "7629 0 10 10 'sshtun 7629: threadmain'"
rfo= rk(0x00000074)
=A0=A0=A0 return value: 7632
notify(0x0000405c)
=A0=A0=A0 return value: 0
open("/net/cs"= , 2)
=A0=A0=A0 return value: 4
pwrite(4, "ssh!192.168.1.10!22&qu= ot;, 19, 4294967295)
=A0=A0=A0 return value: 19
seek(0x0000e754, 4, 0= , 0)
=A0=A0=A0 return value: 0
pread(4, 0xdfffdcb0, 127, 4294967295)
=A0=A0=A0 return value: 30
=A0= =A0=A0 data: "/net/ssh/clone 192.168.1.10!22"
open("/net/= ssh/clone", 2)
=A0=A0=A0 return value: 7
pread(7, 0xdfffd880, 25= 5, 4294967295)
=A0=A0=A0 return value: 1
=A0=A0=A0 data: "0"
pwrite(7, &qu= ot;connect 192.168.1.10!22", 23, 4294967295)
=A0=A0=A0 return value= : 23
open("/net/ssh/0/data", 2)
=A0=A0=A0 return value: 10<= br>close(4)
=A0=A0=A0 return value: 0
errstr(0xdfffda08, 128, 128)
=A0=A0=A0 return value: 0
=A0=A0=A0 data= : "'/net/ssh' dns: file does not exist"
seek(0x0000e75= 4, 7, 0, 0)
=A0=A0=A0 return value: 0
pread(7, 0xdfffdf1c, 10, 429496= 7295)
=A0=A0=A0 return value: 1
=A0=A0=A0 data: "0"
open("/dev/cons", 2)
=A0=A0= =A0 return value: 4
open("/dev/consctl", 1)
=A0=A0=A0 retur= n value: 11
pwrite(11, "rawon", 5, 4294967295)
=A0=A0=A0 re= turn value: 5
pwrite(7, "ssh-userauth K rhoyerboat", 18, 42949= 67295)
=A0=A0=A0 return value: -1
open("/mnt/factotum/rpc", 2)
=A0= =A0=A0 return value: 12
brk_(0x00011de8)
=A0=A0=A0 return value: 0pwrite(12, "start proto=3Dpass service=3Dssh server=3D192.168.1.10 us= er=3Drhoyerboat", 57, 4294967295)
=A0=A0=A0 return value: 57
pread(12, 0x0000ed6c, 4096, 4294967295)
= =A0=A0=A0 return value: 2
=A0=A0=A0 data: "ok"
pwrite(12, &= quot;read ", 5, 4294967295)
=A0=A0=A0 return value: 5
pread(12, = 0x0000ed6c, 4096, 4294967295)
=A0=A0=A0 return value: 21
=A0=A0=A0 data: "ok rhoyerboat XXXX12345= "
close(12)
=A0=A0=A0 return value: 0
pwrite(7, "ssh-use= rauth k rhoyerboat XXXX12345", 33, 4294967295)
=A0=A0=A0 return val= ue: -1
errstr(0xdfffdbe0, 128, 128)
=A0=A0=A0 return value: 0
=A0=A0=A0 data: "Authentication failed&qu= ot;
errstr(0xdfffdbe0, 128, 128)
=A0=A0=A0 return value: 0
=A0=A0= =A0 data: "(null)"
pwrite(2, "auth Authentication failed<= br>", 27, 4294967295)
auth Authentication failed
=A0=A0=A0 return value: 27
pwrite(11, &quo= t;rawoff", 6, 4294967295)
=A0=A0=A0 return value: 6
close(11)=A0=A0=A0 return value: 0
close(4)
=A0=A0=A0 return value: 0
pwri= te(0, "close", 5, 4294967295)
=A0=A0=A0 return value: -1
close(0)
=A0=A0=A0 return value: 0
clos= e(0)
=A0=A0=A0 return value: -1
close(10)
=A0=A0=A0 return value: = 0
close(0)
=A0=A0=A0 return value: -1
close(7)
=A0=A0=A0 return= value: 0
pwrite(0, "kill", 4, 4294967295)
=A0=A0=A0 return value: -1
close(0)
=A0=A0=A0 return value: -1
ope= n("#c/pid", 0)
=A0=A0=A0 return value: 0
pread(0, 0xdfffdec= 0, 20, 4294967295)
=A0=A0=A0 return value: 12
=A0=A0=A0 data: "= =A0=A0=A0=A0=A0=A0 7628 "
close(0)
=A0=A0=A0 return value: 0
7628: breakpoint=A0=A0=A0 _exits+0x5=A0=A0=A0 = INTB=A0=A0=A0 $0x40


/* sshd -d logs */

Connection from 19= 2.168.1.9 port 41598
debug1: HPN Disabled: 0, HPN Buffer Size: 87380
= debug1: Client protocol version 2.0; client software version Plan9
SSH: Server;Ltype: Version;Remote: 192.168.1.9-41598;Protocol: 2.0;Client: = Plan9
debug1: no match: Plan9
debug1: Enabling compatibility mode for= protocol 2.0
debug1: Local version string SSH-2.0-OpenSSH_5.8p1-hpn13v1= 0
debug1: permanently_set_uid: 22/22
debug1: MYFLAG IS 1
debug1: list_h= ostkey_types: ssh-rsa,ssh-dss,ecdsa-sha2-nistp256
debug1: SSH2_MSG_KEXIN= IT sent
debug1: SSH2_MSG_KEXINIT received
debug1: AUTH STATE IS 0
debug1: REQUESTED ENC.NAME is 'aes128-cbc'
debug1: kex: client->server aes128-cbc hmac= -sha1 none
SSH: Server;Ltype: Kex;Remote: 192.168.1.9-41598;Enc: aes128-= cbc;MAC: hmac-sha1;Comp: none
debug1: REQUESTED ENC.NAME is 'aes128-cbc'
debug1: kex: server->client aes128-cbc hmac= -sha1 none
debug1: expecting SSH2_MSG_KEXDH_INIT
debug1: SSH2_MSG_NEW= KEYS sent
debug1: expecting SSH2_MSG_NEWKEYS
debug1: SSH2_MSG_NEWKEYS received
debug1: KEX done
debug1: userauth-r= equest for user rhoyerboat service ssh-connection method password
SSH: S= erver;Ltype: Authname;Remote: 192.168.1.9-41598;Name: rhoyerboat
debug1:= attempt 0 failures 0
debug1: Config token is loglevel
debug1: Config token is permitrootlogin=
debug1: Config token is rsaauthentication
debug1: Config token is pu= bkeyauthentication
debug1: Config token is authorizedkeysfile
debug1:= Config token is passwordauthentication
debug1: Config token is usepam
debug1: Config token is printmotd
debu= g1: Config token is printlastlog
debug1: Config token is subsystem
de= bug1: PAM: initializing for rhoyerboat
debug1: PAM: setting PAM_RHOST to= 192.168.1.9
debug1: PAM: setting PAM_TTY to ssh
Read from socket failed: Connection = reset by peer
debug1: do_cleanup
debug1: do_cleanup
debug1: PAM: c= leanup

On Thu, Mar 29, 2012 at 8:10 PM, = <blstuart@bellsouth.net> wrote:
Thanks to the support of Coraid, I am please= d to announce
that a native SSHv2 implementation is now available in
contrib. =A0It's available in:

contrib/blstuart/ssh

You'll also need the backported p9p factotum in:

contrib/quanstro/root/sys/src/cmd/auth/factotum

Although not strictly necessary it's also helpful to add ssh
to the protocols cs understands:

=A0 =A0 =A0 =A0{ "ssh", =A0 =A0 =A0 =A0iplookup, =A0 =A0 =A0 ipt= rans, =A0 =A0 =A0 =A01 },

There's a man page that will hopefully help to get anyone
started who wants to play with it.

No doubt, there are still some rough edges. =A0But we've been
using it at Coraid for a while now so at least a few of the
rough edges should be polished. =A0Also there are some parts
of the code that are a little ugly, and I plan to clean them up.
But lest it live in a perpetual state of "just one more thing I
need to clean up" here it is.

Good luck and enjoy,
BLS



--14dae9340dd513849a04be4e5345--