NetworkManager-ssh
NetworkManager-ssh copied to clipboard
danfruehauf
Cannot connect with ssh agent
I'm trying to connect with my SSH agent and I get the following error in the syslog:
NetworkManager[1700]:[1473107735.4072] vpn-connection[0xfb83f0,65c3312c-19f6-4eb3-814d-ced8b08fdb7d,"SSH Tunnel",0]: Saw the service appear; activating connection NetworkManager[1700]: [1473107735.5571] vpn-connection[0xfb83f0,65c3312c-19f6-4eb3-814d-ced8b08fdb7d,"SSH Tunnel",0]: final secrets request failed to provide sufficient secrets
Gonna look into that. Thanks for opening that issue.
@randomstuff What distro are you on?
I'm using the version shipped in Debian testing. I tried the debugging instructions but did not find anything helpful.
Just to verify, all of you guys are having the issue just when using ssh-agent based authentication?
Then another question/request - can anyone please post a debug log? The README has simple instructions on how to do that. Thanks!
``--debug` output:
** Message: nm-ssh-service (version 1.2.0) starting...
** Message: real_need_secrets: connection -------------------------------------
connection
id : "SSH tunnel" (s)
uuid : "88c65655-c085-4438-b0fc-3d97fe8bd193" (s)
interface-name : NULL (sd)
type : "vpn" (s)
permissions : ["user:gcorona:"] (s)
autoconnect : FALSE (s)
autoconnect-priority : 0 (sd)
timestamp : 0 (sd)
read-only : FALSE (sd)
zone : NULL (sd)
master : NULL (sd)
slave-type : NULL (sd)
autoconnect-slaves : ((NMSettingConnectionAutoconnectSlaves) NM_SETTING_CONNECTION_AUTOCONNECT_SLAVES_DEFAULT) (sd)
secondaries : [] (s)
gateway-ping-timeout : 0 (sd)
metered : ((NMMetered) NM_METERED_UNKNOWN) (sd)
lldp : -1 (sd)
ipv6
method : "auto" (s)
dns : [] (s)
dns-search : [] (s)
dns-options : NULL (sd)
dns-priority : 0 (sd)
addresses : ((GPtrArray*) 0x55fdc35acb60) (s)
gateway : NULL (sd)
routes : ((GPtrArray*) 0x55fdc35c7b80) (s)
route-metric : -1 (sd)
ignore-auto-routes : FALSE (sd)
ignore-auto-dns : FALSE (sd)
dhcp-hostname : NULL (sd)
dhcp-send-hostname : TRUE (sd)
never-default : FALSE (sd)
may-fail : TRUE (sd)
dad-timeout : -1 (sd)
dhcp-timeout : 0 (sd)
ip6-privacy : ((NMSettingIP6ConfigPrivacy) NM_SETTING_IP6_CONFIG_PRIVACY_DISABLED) (s)
addr-gen-mode : 1 (sd)
ipv4
method : "auto" (s)
dns : [] (s)
dns-search : [] (s)
dns-options : NULL (sd)
dns-priority : 0 (sd)
addresses : ((GPtrArray*) 0x55fdc35c7ce0) (s)
gateway : NULL (sd)
routes : ((GPtrArray*) 0x7f0100001580) (s)
route-metric : -1 (sd)
ignore-auto-routes : FALSE (sd)
ignore-auto-dns : FALSE (sd)
dhcp-hostname : NULL (sd)
dhcp-send-hostname : TRUE (sd)
never-default : FALSE (sd)
may-fail : TRUE (sd)
dad-timeout : -1 (sd)
dhcp-timeout : 0 (sd)
dhcp-client-id : NULL (sd)
dhcp-fqdn : NULL (sd)
vpn
service-type : "org.freedesktop.NetworkManager.ssh" (s)
user-name : NULL (sd)
persistent : FALSE (sd)
data : ((GHashTable*) 0x55fdc35cf4c0) (s)
secrets : ((GHashTable*) 0x55fdc35cf520) (s)
timeout : 0 (sd)
** Message: real_need_secrets: connection -------------------------------------
connection
id : "SSH tunnel" (s)
uuid : "88c65655-c085-4438-b0fc-3d97fe8bd193" (s)
interface-name : NULL (sd)
type : "vpn" (s)
permissions : ["user:gcorona:"] (s)
autoconnect : FALSE (s)
autoconnect-priority : 0 (sd)
timestamp : 0 (sd)
read-only : FALSE (sd)
zone : NULL (sd)
master : NULL (sd)
slave-type : NULL (sd)
autoconnect-slaves : ((NMSettingConnectionAutoconnectSlaves) NM_SETTING_CONNECTION_AUTOCONNECT_SLAVES_DEFAULT) (sd)
secondaries : [] (s)
gateway-ping-timeout : 0 (sd)
metered : ((NMMetered) NM_METERED_UNKNOWN) (sd)
lldp : -1 (sd)
ipv6
method : "auto" (s)
dns : [] (s)
dns-search : [] (s)
dns-options : NULL (sd)
dns-priority : 0 (sd)
addresses : ((GPtrArray*) 0x55fdc35c7a60) (s)
gateway : NULL (sd)
routes : ((GPtrArray*) 0x55fdc35c7a60) (s)
route-metric : -1 (sd)
ignore-auto-routes : FALSE (sd)
ignore-auto-dns : FALSE (sd)
dhcp-hostname : NULL (sd)
dhcp-send-hostname : TRUE (sd)
never-default : FALSE (sd)
may-fail : TRUE (sd)
dad-timeout : -1 (sd)
dhcp-timeout : 0 (sd)
ip6-privacy : ((NMSettingIP6ConfigPrivacy) NM_SETTING_IP6_CONFIG_PRIVACY_DISABLED) (s)
addr-gen-mode : 1 (sd)
ipv4
method : "auto" (s)
dns : [] (s)
dns-search : [] (s)
dns-options : NULL (sd)
dns-priority : 0 (sd)
addresses : ((GPtrArray*) 0x55fdc35c7ca0) (s)
gateway : NULL (sd)
routes : ((GPtrArray*) 0x55fdc35acb60) (s)
route-metric : -1 (sd)
ignore-auto-routes : FALSE (sd)
ignore-auto-dns : FALSE (sd)
dhcp-hostname : NULL (sd)
dhcp-send-hostname : TRUE (sd)
never-default : FALSE (sd)
may-fail : TRUE (sd)
dad-timeout : -1 (sd)
dhcp-timeout : 0 (sd)
dhcp-client-id : NULL (sd)
dhcp-fqdn : NULL (sd)
vpn
service-type : "org.freedesktop.NetworkManager.ssh" (s)
user-name : "gcorona" (s)
persistent : FALSE (sd)
data : ((GHashTable*) 0x7f0100004ea0) (s)
secrets : ((GHashTable*) 0x7f0100004f00) (s)
timeout : 0 (sd)
** Message: real_need_secrets: connection -------------------------------------
connection
id : "SSH tunnel" (s)
uuid : "88c65655-c085-4438-b0fc-3d97fe8bd193" (s)
interface-name : NULL (sd)
type : "vpn" (s)
permissions : ["user:gcorona:"] (s)
autoconnect : FALSE (s)
autoconnect-priority : 0 (sd)
timestamp : 0 (sd)
read-only : FALSE (sd)
zone : NULL (sd)
master : NULL (sd)
slave-type : NULL (sd)
autoconnect-slaves : ((NMSettingConnectionAutoconnectSlaves) NM_SETTING_CONNECTION_AUTOCONNECT_SLAVES_DEFAULT) (sd)
secondaries : [] (s)
gateway-ping-timeout : 0 (sd)
metered : ((NMMetered) NM_METERED_UNKNOWN) (sd)
lldp : -1 (sd)
ipv6
method : "auto" (s)
dns : [] (s)
dns-search : [] (s)
dns-options : NULL (sd)
dns-priority : 0 (sd)
addresses : ((GPtrArray*) 0x7f0100001520) (s)
gateway : NULL (sd)
routes : ((GPtrArray*) 0x55fdc35c8020) (s)
route-metric : -1 (sd)
ignore-auto-routes : FALSE (sd)
ignore-auto-dns : FALSE (sd)
dhcp-hostname : NULL (sd)
dhcp-send-hostname : TRUE (sd)
never-default : FALSE (sd)
may-fail : TRUE (sd)
dad-timeout : -1 (sd)
dhcp-timeout : 0 (sd)
ip6-privacy : ((NMSettingIP6ConfigPrivacy) NM_SETTING_IP6_CONFIG_PRIVACY_DISABLED) (s)
addr-gen-mode : 1 (sd)
ipv4
method : "auto" (s)
dns : [] (s)
dns-search : [] (s)
dns-options : NULL (sd)
dns-priority : 0 (sd)
addresses : ((GPtrArray*) 0x7f0100001520) (s)
gateway : NULL (sd)
routes : ((GPtrArray*) 0x55fdc35ac840) (s)
route-metric : -1 (sd)
ignore-auto-routes : FALSE (sd)
ignore-auto-dns : FALSE (sd)
dhcp-hostname : NULL (sd)
dhcp-send-hostname : TRUE (sd)
never-default : FALSE (sd)
may-fail : TRUE (sd)
dad-timeout : -1 (sd)
dhcp-timeout : 0 (sd)
dhcp-client-id : NULL (sd)
dhcp-fqdn : NULL (sd)
vpn
service-type : "org.freedesktop.NetworkManager.ssh" (s)
user-name : "gcorona" (s)
persistent : FALSE (sd)
data : ((GHashTable*) 0x55fdc35cf4c0) (s)
secrets : ((GHashTable*) 0x7f0100004860) (s)
timeout : 0 (sd)
Not sure if still needed but here is mine: https://gist.github.com/bonanza123/04900906bdef0e7f1bef2fa372bb7bc0
Yes, my config says "SSH Agent" as auth. type
Promise to have a look at this soon. I'm kind of on the move at the moment and have variable Internet access. It's on top of my TODO list, I promise you all.
@danfruehauf, No problem. In fact, I intended to have a (closer) look myself but didn't find time to investigate it yet.
@randomstuff Give it a shot. I suspect it is incompatibility with (perhaps) a NM passing secrets. A good start would be to look at nm-openvpn - at the last commits. To see if there was a change to the way secrets are being passed.
Looks like an IPv4/IPv6 problem.
When running from an IPv4 only network, I does not work.
From another computer in a IPv4+IPv6 network, it does work. On this computer, switching to IPv6 only prevents the VPN to bring itself up. Adding AddressFamily inet for the SSH gateway fixes the issue. However, ssh-ing the server directly without AddressFamily inet does work.
@randomstuff Finally got to it. Works for me both with or without IPv6.
I'll have to close it, but feel free to reopen it if you can shed more information. But I'll need more information, such as your SSH server address etc.
In addition, I'm planning to have a vagrant machine for testing in this repository, hopefully we can nail down your problem, but as for now I cannot consider it as a bug unless more information is provided. @randomstuff Is that OK with you?
Same thing happens to me on Fedora 25 with NetworkManager-ssh and plasma-nm-ssh
Running
sudo /usr/libexec/nm-ssh-service --debug
... And then activating the VPN from NM plasmoid doesn't seem to do anything to get any additional information.
Each time it presents a window titled "VPN secrets (ssh) - KDE Daemon" with a blank input box:
I'm hitting the exact same initial error final secrets request failed to provide sufficient secrets on Fedora 28 as well. It brings up a secrets dialog, but I'm not sure what secret it's asking for
After updating to Fedora 29 and it seems to work, though I hit #87 setenforce 0 does seem to work around it
I'm still waiting for the selinux policy maintainers to do something about it. Especially because it's a regression. I'll put some more pressure on them with that.