fails to login using ssh about kevin HOT 10 CLOSED

This works now, I appreciate the help and fixes a lot.

from kevin.

According to the log, it's calling this for the ssh connection:

ssh -q -o UserKnownHostsFile=/var/folders/sh/1rbpyrv946j8wzbd5dyr4r8h0000gq/T/tmpiwcxpgu5 -o StrictHostKeyChecking=yes -p 22 [email protected] -- true

This is run as the same user as kevin is being run.
Does the simplified command work?

ssh -p 22 [email protected] -- true

What address is chantal.local? Is ssh really listening on 22 on that host? Or did you customize the port in the .ssh/config?

from kevin.

chantal.local points to 192.168.107.129, the host is on 192.168.107.1. Running ssh -p 22 [email protected] -- true works (echo $? prints 0). ssh is really running on port 22 on the virtual machine, I've verified it with a port scanner.

The relevant portions of my ~/.ssh/config file is the following:

Host [email protected]
    User chantal
    HostName chantal.local
    IdentityFile ~/.ssh/kevin-keys/id_rsa

from kevin.

I just added -v to the ssh command, this is what I got:

OpenSSH_7.6p1, LibreSSL 2.6.2
debug1: Reading configuration data /Users/realideasman/.ssh/config
debug1: Reading configuration data /etc/ssh/ssh_config
debug1: /etc/ssh/ssh_config line 48: Applying options for *
debug1: Connecting to chantal.local port 22.
debug1: Connection established.
debug1: identity file /Users/realideasman/.ssh/id_ed25519 type 3
debug1: key_load_public: No such file or directory
debug1: identity file /Users/realideasman/.ssh/id_ed25519-cert type -1
debug1: Local version string SSH-2.0-OpenSSH_7.6
debug1: Remote protocol version 2.0, remote software version OpenSSH_7.6
debug1: match: OpenSSH_7.6 pat OpenSSH* compat 0x04000000
debug1: Authenticating to chantal.local:22 as 'chantal'
debug1: SSH2_MSG_KEXINIT sent
debug1: SSH2_MSG_KEXINIT received
debug1: kex: algorithm: curve25519-sha256
debug1: kex: host key algorithm: ecdsa-sha2-nistp256
debug1: kex: server->client cipher: [email protected] MAC: <implicit> compression: none
debug1: kex: client->server cipher: [email protected] MAC: <implicit> compression: none
debug1: expecting SSH2_MSG_KEX_ECDH_REPLY
debug1: Server host key: ecdsa-sha2-nistp256 SHA256:qdSsyPIeGrFRjhGBNIzJTAUSLC7HMhxh5IMPr4gm6oE
No ECDSA host key is known for chantal.local and you have requested strict checking.
Host key verification failed.

from kevin.

Things that I think need fixing:

1. rename ssh_key to something more suiting.
2. fix corner cases when ssh_key is not provided or not a file.
3. make clear why ssh_key is loaded with the contents of the host's public key while it's being parsed by falk.

Most likely all of this needs to be fixed in falk/vm/__init__.py

from kevin.

I fixed 1. and 2., and for 3 i extended the example config file.

from kevin.

I've tried the latest commit: ec0ca21, but it still doesn't work. I needed to patch the changes because the custom vm provider isn't being imported and needs some fixes to make it work.

I can submit a pull request if you'd like to use the one I'm using.

I've been trying to see why ssh is failing to connect. I've been attempting to simulate the commands using os.system. I just cated the UserKnownHosts file before ssh used it to connect to the vm. This is what it was:

[chantal.local]:22 chantal.local,192.168.107.129 ecdsa-sha2-nistp256 SHA256:qdSsyPIeGrFRjhGBNIzJTAUSLC7HMhxh5IMPr4gm6oE

I previously ssh_known_host_key to chantal.local,192.168.107.129 ecdsa-sha2-nistp256 SHA256:qdSsyPIeGrFRjhGBNIzJTAUSLC7HMhxh5IMPr4gm6oE. Is the brackets apart of the syntax standard?

from kevin.

Yes, if you have some fixes to make your usecase work, please submit the patch(es).

The brackets syntax is normal, used for IPv6 and port specifications for a known-host entry.

If you copy the UserKnownHosts-file and invoke ssh manually, can you figure out what needs to be changed in the file so the connection succeeds? My file content always was something like ssh-rsa AAAAB3NzaC1yc2EA..... So the IP address and hostnames before the key content could be the problem.

from kevin.

The IP address and hostnames use a different format: chantal.local,192.168.107.129 ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBD9aWtiDC5HDejesoP+e4/OsOwNzWDzfj0/37XRQ6HGR1L/L4Z8P6d4j5FDa1GungHvQbBfa1m/w+/ceDfdvLms=.

The version of ssh I'm using is: OpenSSH_7.6p1, LibreSSL 2.6.2, which is the default macOS one found at /usr/bin/ssh

This works! In order to make it work, put something like the above in the falk.conf file and change line 123 of kevin/util.py to be key_data = self.key.

from kevin.

I think the issues are now fixed, it supports both formats now (of a known_hosts file and a /etc/ssh/ssh_host_*_key.pub). Please try again.

from kevin.