[Ovmsdev] Initial experience and Nissan Leaf updates (was: Turned off commenting on the OVMS v3 User Guide)
Stephen Casner
casner at acm.org
Fri Apr 20 06:03:20 HKT 2018
Robin,
Thanks for the debug outputs. For the buster case where the
connection immediately closes, there must be something about the DH
handshake that the server can't handle, but the client-side debug
output doesn't indicate what that might be. You can enable some
logging by the server on the USB/async console with the command:
log level debug wolfssh
This causes a lot of blathering that won't be useful, but there may be
a useful hint near the end of it. Maybe that will tell us something
for the squeeze case as well.
You can install your RSA public key as follows, associated with your
normal username (robin, I assume) so you don't have to type "admin@".
Quoting from an earlier message on the topic:
- RSA public keys may be stored under param ssh.keys with the instance
being the associated username. The key format is as generated on a
Linux or Mac system by the command "ssh-keygen -b 2048 -t rsa".
This could be a key you already have or a new one made for this
purpose. Only the one long string of the base64-encoded key should
be stored, not including the "ssh-rsa" at the beginning or the user
ID at the end. The key is stored with a command like this:
config set ssh.keys robin AAAAB3NzaC1yc2EAAAADAQAB...C6p5jcbf4NCnX
-- Steve
On Thu, 19 Apr 2018, Robin O'Leary wrote:
> On Thu, Apr 19, 2018 at 11:23:15AM -0700, Stephen Casner wrote:
> > On Thu, 19 Apr 2018, Robin O'Leary wrote:
> > [snip]
> > > - 'ssh admin at NEWIP' connects, but then immediately closes the connection.
> >
> > As the implementer of the ssh functionality, I'd like to know more
> > about what happened here. Does ssh still immediately close the
> > connection? If so, can you try 'ssh -v admin at NEWIP' and report back
> > the output?
>
> Yes it does, but I've now tried from a few other hosts running different
> OS versions with mixed results:
>
> fail OpenSSH_7.7p1 Debian-2, OpenSSL 1.0.2o 27 Mar 2018
> OK OpenSSH_7.4p1 Raspbian-10+deb9u3, OpenSSL 1.0.2l 25 May 2017
> OK OpenSSH_7.4p1 Debian-10+deb9u2, OpenSSL 1.0.2l 25 May 2017
> OK OpenSSH_6.7p1 Debian-5+deb8u3, OpenSSL 1.0.1t 3 May 2016
> hang OpenSSH_5.9p1 Debian-5, OpenSSL 1.0.1b 26 Apr 2012
>
> > On the v3.0 hardware with limited RAM, the connection closes
> > immediately because the DH handshake fails due to a memory allocation
> > failure. But with v3.1 hardware there is plenty of RAM.
>
> Is there some server-side debug I can turn on?
>
>
> debian 10 (buster) connects but immediately closes:
>
> $ ssh -v admin at chevaline
> OpenSSH_7.7p1 Debian-2, OpenSSL 1.0.2o 27 Mar 2018
> debug1: Reading configuration data /etc/ssh/ssh_config
> debug1: /etc/ssh/ssh_config line 19: Applying options for *
> debug1: Connecting to chevaline [...] port 22.
> debug1: Connection established.
> debug1: key_load_public: No such file or directory
> debug1: identity file /home/robin/.ssh/id_rsa type -1
> debug1: key_load_public: No such file or directory
> debug1: identity file /home/robin/.ssh/id_rsa-cert type -1
> debug1: key_load_public: No such file or directory
> debug1: identity file /home/robin/.ssh/id_dsa type -1
> debug1: key_load_public: No such file or directory
> debug1: identity file /home/robin/.ssh/id_dsa-cert type -1
> debug1: key_load_public: No such file or directory
> debug1: identity file /home/robin/.ssh/id_ecdsa type -1
> debug1: key_load_public: No such file or directory
> debug1: identity file /home/robin/.ssh/id_ecdsa-cert type -1
> debug1: key_load_public: No such file or directory
> debug1: identity file /home/robin/.ssh/id_ed25519 type -1
> debug1: key_load_public: No such file or directory
> debug1: identity file /home/robin/.ssh/id_ed25519-cert type -1
> debug1: key_load_public: No such file or directory
> debug1: identity file /home/robin/.ssh/id_xmss type -1
> debug1: key_load_public: No such file or directory
> debug1: identity file /home/robin/.ssh/id_xmss-cert type -1
> debug1: Local version string SSH-2.0-OpenSSH_7.7p1 Debian-2
> debug1: Remote protocol version 2.0, remote software version wolfSSHv1.1.0
> debug1: no match: wolfSSHv1.1.0
> debug1: Authenticating to chevaline:22 as 'admin'
> debug1: SSH2_MSG_KEXINIT sent
> Connection closed by chevaline port 22
>
> The relevant section of /etc/ssh/ssh_config says:
>
> Host *
> SendEnv LANG LC_*
> HashKnownHosts yes
> GSSAPIAuthentication yes
>
>
> Raspbian 9 (stretch) works OK:
>
> $ ssh -v admin at chevaline
> OpenSSH_7.4p1 Raspbian-10+deb9u3, OpenSSL 1.0.2l 25 May 2017
> debug1: Reading configuration data /etc/ssh/ssh_config
> debug1: /etc/ssh/ssh_config line 19: Applying options for *
> debug1: Connecting to chevaline [...] port 22.
> debug1: Connection established.
> debug1: identity file /home/robin/.ssh/id_rsa type 1
> debug1: key_load_public: No such file or directory
> debug1: identity file /home/robin/.ssh/id_rsa-cert type -1
> debug1: key_load_public: No such file or directory
> debug1: identity file /home/robin/.ssh/id_dsa type -1
> debug1: key_load_public: No such file or directory
> debug1: identity file /home/robin/.ssh/id_dsa-cert type -1
> debug1: key_load_public: No such file or directory
> debug1: identity file /home/robin/.ssh/id_ecdsa type -1
> debug1: key_load_public: No such file or directory
> debug1: identity file /home/robin/.ssh/id_ecdsa-cert type -1
> debug1: key_load_public: No such file or directory
> debug1: identity file /home/robin/.ssh/id_ed25519 type -1
> debug1: key_load_public: No such file or directory
> debug1: identity file /home/robin/.ssh/id_ed25519-cert type -1
> debug1: Enabling compatibility mode for protocol 2.0
> debug1: Local version string SSH-2.0-OpenSSH_7.4p1 Raspbian-10+deb9u3
> debug1: Remote protocol version 2.0, remote software version wolfSSHv1.1.0
> debug1: no match: wolfSSHv1.1.0
> debug1: Authenticating to chevaline:22 as 'admin'
> debug1: SSH2_MSG_KEXINIT sent
> debug1: SSH2_MSG_KEXINIT received
> debug1: kex: algorithm: diffie-hellman-group-exchange-sha256
> debug1: kex: host key algorithm: ssh-rsa
> debug1: kex: server->client cipher: aes128-cbc MAC: hmac-sha2-256 compression: none
> debug1: kex: client->server cipher: aes128-cbc MAC: hmac-sha2-256 compression: none
> debug1: SSH2_MSG_KEX_DH_GEX_REQUEST(2048<8192<8192) sent
> debug1: got SSH2_MSG_KEX_DH_GEX_GROUP
> debug1: SSH2_MSG_KEX_DH_GEX_INIT sent
> debug1: got SSH2_MSG_KEX_DH_GEX_REPLY
> debug1: Server host key: ssh-rsa SHA256:2bW5kEnFXZ+ORn3PB00qJa7jRsKkW8zSTyXTuECvVfo
> The authenticity of host 'chevaline (...)' can't be established.
> RSA key fingerprint is SHA256:2bW5kEnFXZ+ORn3PB00qJa7jRsKkW8zSTyXTuECvVfo.
> Are you sure you want to continue connecting (yes/no)? yes
> Warning: Permanently added 'chevaline' (RSA) to the list of known hosts.
> debug1: rekey after 4294967296 blocks
> debug1: SSH2_MSG_NEWKEYS sent
> debug1: expecting SSH2_MSG_NEWKEYS
> debug1: SSH2_MSG_NEWKEYS received
> debug1: rekey after 4294967296 blocks
> debug1: SSH2_MSG_SERVICE_ACCEPT received
> debug1: Authentications that can continue: publickey,password
> debug1: Next authentication method: publickey
> debug1: Offering RSA public key: /home/robin/.ssh/id_rsa
> debug1: Authentications that can continue: publickey,password
> debug1: Trying private key: /home/robin/.ssh/id_dsa
> debug1: Trying private key: /home/robin/.ssh/id_ecdsa
> debug1: Trying private key: /home/robin/.ssh/id_ed25519
> debug1: Next authentication method: password
> admin at chevaline's password:
> ...
>
>
> debian 9 (stretch) works OK:
>
> $ ssh -v admin at chevaline
> OpenSSH_7.4p1 Debian-10+deb9u2, OpenSSL 1.0.2l 25 May 2017
> debug1: Reading configuration data /etc/ssh/ssh_config
> debug1: /etc/ssh/ssh_config line 19: Applying options for *
> debug1: Connecting to chevaline [...] port 22.
> debug1: Connection established.
> debug1: identity file /home/robin/.ssh/id_rsa type 1
> debug1: key_load_public: No such file or directory
> debug1: identity file /home/robin/.ssh/id_rsa-cert type -1
> debug1: key_load_public: No such file or directory
> debug1: identity file /home/robin/.ssh/id_dsa type -1
> debug1: key_load_public: No such file or directory
> debug1: identity file /home/robin/.ssh/id_dsa-cert type -1
> debug1: key_load_public: No such file or directory
> debug1: identity file /home/robin/.ssh/id_ecdsa type -1
> debug1: key_load_public: No such file or directory
> debug1: identity file /home/robin/.ssh/id_ecdsa-cert type -1
> debug1: key_load_public: No such file or directory
> debug1: identity file /home/robin/.ssh/id_ed25519 type -1
> debug1: key_load_public: No such file or directory
> debug1: identity file /home/robin/.ssh/id_ed25519-cert type -1
> debug1: Enabling compatibility mode for protocol 2.0
> debug1: Local version string SSH-2.0-OpenSSH_7.4p1 Debian-10+deb9u2
> debug1: Remote protocol version 2.0, remote software version wolfSSHv1.1.0
> debug1: no match: wolfSSHv1.1.0
> debug1: Authenticating to chevaline:22 as 'admin'
> debug1: SSH2_MSG_KEXINIT sent
> debug1: SSH2_MSG_KEXINIT received
> debug1: kex: algorithm: diffie-hellman-group-exchange-sha256
> debug1: kex: host key algorithm: ssh-rsa
> debug1: kex: server->client cipher: aes128-cbc MAC: hmac-sha2-256 compression: none
> debug1: kex: client->server cipher: aes128-cbc MAC: hmac-sha2-256 compression: none
> debug1: SSH2_MSG_KEX_DH_GEX_REQUEST(2048<8192<8192) sent
> debug1: got SSH2_MSG_KEX_DH_GEX_GROUP
> debug1: SSH2_MSG_KEX_DH_GEX_INIT sent
> debug1: got SSH2_MSG_KEX_DH_GEX_REPLY
> debug1: Server host key: ssh-rsa SHA256:2bW5kEnFXZ+ORn3PB00qJa7jRsKkW8zSTyXTuECvVfo
> debug1: Host 'chevaline' is known and matches the RSA host key.
> debug1: Found key in /home/robin/.ssh/known_hosts:45
> debug1: rekey after 4294967296 blocks
> debug1: SSH2_MSG_NEWKEYS sent
> debug1: expecting SSH2_MSG_NEWKEYS
> debug1: SSH2_MSG_NEWKEYS received
> debug1: rekey after 4294967296 blocks
> debug1: SSH2_MSG_SERVICE_ACCEPT received
> debug1: Authentications that can continue: publickey,password
> debug1: Next authentication method: publickey
> debug1: Offering RSA public key: /home/robin/.ssh/id_rsa
> debug1: Authentications that can continue: publickey,password
> debug1: Trying private key: /home/robin/.ssh/id_dsa
> debug1: Trying private key: /home/robin/.ssh/id_ecdsa
> debug1: Trying private key: /home/robin/.ssh/id_ed25519
> debug1: Next authentication method: password
> admin at chevaline's password:
> debug1: Authentication succeeded (password).
> ...
>
> debian 8 (jessie) works OK:
>
> $ ssh -v admin at chevaline
> OpenSSH_6.7p1 Debian-5+deb8u3, OpenSSL 1.0.1t 3 May 2016
> debug1: Reading configuration data /etc/ssh/ssh_config
> debug1: /etc/ssh/ssh_config line 19: Applying options for *
> debug1: Connecting to chevaline [...] port 22.
> debug1: Connection established.
> debug1: key_load_public: No such file or directory
> debug1: identity file /home/robin/.ssh/id_rsa type -1
> debug1: key_load_public: No such file or directory
> debug1: identity file /home/robin/.ssh/id_rsa-cert type -1
> debug1: key_load_public: No such file or directory
> debug1: identity file /home/robin/.ssh/id_dsa type -1
> debug1: key_load_public: No such file or directory
> debug1: identity file /home/robin/.ssh/id_dsa-cert type -1
> debug1: key_load_public: No such file or directory
> debug1: identity file /home/robin/.ssh/id_ecdsa type -1
> debug1: key_load_public: No such file or directory
> debug1: identity file /home/robin/.ssh/id_ecdsa-cert type -1
> debug1: key_load_public: No such file or directory
> debug1: identity file /home/robin/.ssh/id_ed25519 type -1
> debug1: key_load_public: No such file or directory
> debug1: identity file /home/robin/.ssh/id_ed25519-cert type -1
> debug1: Enabling compatibility mode for protocol 2.0
> debug1: Local version string SSH-2.0-OpenSSH_6.7p1 Debian-5+deb8u3
> debug1: Remote protocol version 2.0, remote software version wolfSSHv1.1.0
> debug1: no match: wolfSSHv1.1.0
> debug1: SSH2_MSG_KEXINIT sent
> debug1: SSH2_MSG_KEXINIT received
> debug1: kex: server->client aes128-cbc hmac-sha2-256 none
> debug1: kex: client->server aes128-cbc hmac-sha2-256 none
> debug1: SSH2_MSG_KEX_DH_GEX_REQUEST(1024<8192<8192) sent
> debug1: expecting SSH2_MSG_KEX_DH_GEX_GROUP
> debug1: SSH2_MSG_KEX_DH_GEX_INIT sent
> debug1: expecting SSH2_MSG_KEX_DH_GEX_REPLY
> debug1: Server host key: RSA 9b:91:8b:85:00:77:7e:87:a9:5d:60:f6:2a:83:dd:c6
> The authenticity of host 'chevaline (...)' can't be established.
> RSA key fingerprint is 9b:91:8b:85:00:77:7e:87:a9:5d:60:f6:2a:83:dd:c6.
> Are you sure you want to continue connecting (yes/no)? yes
> Warning: Permanently added 'chevaline' (RSA) to the list of known hosts.
> debug1: SSH2_MSG_NEWKEYS sent
> debug1: expecting SSH2_MSG_NEWKEYS
> debug1: SSH2_MSG_NEWKEYS received
> debug1: SSH2_MSG_SERVICE_REQUEST sent
> debug1: SSH2_MSG_SERVICE_ACCEPT received
> debug1: Authentications that can continue: publickey,password
> debug1: Next authentication method: publickey
> debug1: Trying private key: /home/robin/.ssh/id_rsa
> debug1: Trying private key: /home/robin/.ssh/id_dsa
> debug1: Trying private key: /home/robin/.ssh/id_ecdsa
> debug1: Trying private key: /home/robin/.ssh/id_ed25519
> debug1: Next authentication method: password
> admin at chevaline's password:
> ...
>
>
> debian 6 (squeeze) fails in a different way; it just hangs:
>
> $ ssh -v admin at chevaline
> OpenSSH_5.9p1 Debian-5, OpenSSL 1.0.1b 26 Apr 2012
> debug1: Reading configuration data /etc/ssh/ssh_config
> debug1: /etc/ssh/ssh_config line 19: Applying options for *
> debug1: Connecting to chevaline [...] port 22.
> debug1: Connection established.
> debug1: permanently_set_uid: 0/0
> debug1: identity file /home/robin/.ssh/id_rsa type -1
> debug1: identity file /home/robin/.ssh/id_rsa-cert type -1
> debug1: identity file /home/robin/.ssh/id_dsa type -1
> debug1: identity file /home/robin/.ssh/id_dsa-cert type -1
> debug1: identity file /home/robin/.ssh/id_ecdsa type -1
> debug1: identity file /home/robin/.ssh/id_ecdsa-cert type -1
More information about the OvmsDev
mailing list