trzsz-ssh icon indicating copy to clipboard operation
trzsz-ssh copied to clipboard

Published 20 hours ago verified publisher icon trzsz

-R for serveo.net or ssh-j.com on Windows10 and Debian12

Open abakum opened this issue 9 months ago • 14 comments 

#OpenSSH -R with OpenSSH -J works! 
#`ssh -v rn` or `ssh -v -R test:22:10.161.115.160:22 [email protected]`
#`ssh -v rc` or `ssh -v -R test:22:10.161.115.160:22 [email protected]`
# then
#`ssh -v jn` or `ssh -v -J [email protected] root@test`
#`ssh -v jc` or `ssh -v -J [email protected] root@test`

#OpenSSH -R with tssh -J works too!
#`ssh -v rn` or `ssh -v -R test:22:10.161.115.160:22 [email protected]`
#`ssh -v rc` or `ssh -v -R test:22:10.161.115.160:22 [email protected]`
# then
#`tssh -debug jn` or `tssh -debug -J [email protected] root@test`
#`tssh -debug jc` or `tssh -debug -J [email protected] root@test`

#tssh -R start then exit
#how to fix tssh -R?
#`tssh -debug rn` or `tssh -debug -R test:22:10.161.115.160:22 [email protected]`

#tssh -N -R start then hang - BUG?
#`tssh -debug -N rn` or `tssh -debug -N -R test:22:10.161.115.160:22 [email protected]`
#tssh -J fail
#`tssh -debug jn` or `tssh -debug -J [email protected] root@test`
#OpenSSH -J fail
#`ssh -v jn` or `ssh -v -J [email protected] root@test`

#tssh -R start
#`tssh -debug rc` or `tssh -debug -R test:22:10.161.115.160:22 [email protected]`
#but tssh -J fail
#`tssh -debug jc` or `tssh -debug -J [email protected] root@test`
#OpenSSH -J fail too
#`ssh -v jc` or `ssh -v -J [email protected] root@test`
#how to fix tssh -R?
#my %HOMEPATH%\.ssh\config `

Host target User root HostName 10.161.115.160 Host rn RemoteForward test:22 10.161.115.160:22 User test HostName serveo.net PreferredAuthentications keyboard-interactive Host jn ProxyJump [email protected] User root HostName test Host rc RemoteForward test:22 10.161.115.160:22 User test HostName ssh-j.com PreferredAuthentications none Host jc ProxyJump [email protected] User root HostName test `

abakum avatar May 08 '24 07:05 abakum

On Debian12

debug: login to [rn], addr: serveo.net:22
debug: login to [rn] success
debug: forward listen on remote 'test:22' failed: lookup test on 192.168.0.1:53: no such host

debug: login to [rc], addr: ssh-j.com:22
debug: login to [rc] success
debug: forward listen on remote 'test:22' failed: lookup test on 192.168.0.1:53: no such host

On Windows10

debug: login to [rn], addr: serveo.net:22
debug: login to [rn] success
debug: forward listen on remote 'test:22' success

debug: login to [rc], addr: ssh-j.com:22
debug: login to [rc] success
debug: forward listen on remote 'test:22' success

abakum avatar May 08 '24 08:05 abakum

Try ping test on the remote server.

https://github.com/trzsz/trzsz-ssh/blob/69a174ca2fc663e7cda8adfb73e89f8bae5bc937/tssh/forward.go#L230

lonnywong avatar May 08 '24 08:05 lonnywong

That's why golang resolved alias on local PC before send request to bind it on remote host? OpenSSH doesn't do that because everyone works through it. ~Well, okay, but why is the debug different, but Windows and Linux?~

abakum avatar May 08 '24 08:05 abakum

Try ping test on the remote server.

https://github.com/trzsz/trzsz-ssh/blob/69a174ca2fc663e7cda8adfb73e89f8bae5bc937/tssh/forward.go#L230

Remote hosts serveo.net and ssh-j.com is public jumphost. There is no shell access to them.

abakum avatar May 08 '24 08:05 abakum

Well, okay, but why is the debug different, but Windows and Linux?

Are Debian12 and Windows10 local machines? What is the difference in the results of their ping test on local ?

lonnywong avatar May 08 '24 08:05 lonnywong

Debian12 and Windows10 is local machines. test is alias for jumphosts I add to /etc/hosts

51.15.109.222 tc
138.68.79.95 tn

And change ~/.ssh/config

#my ~/.ssh/config
Host target
 User root
 HostName 10.161.115.160
Host rn
 RemoteForward tn:22 10.161.115.160:22
 User tn
 HostName serveo.net
 PreferredAuthentications keyboard-interactive
Host jn
 ProxyJump [email protected]
 User root
 HostName tn
Host rc
 RemoteForward tc:22 10.161.115.160:22
 User tc
 HostName ssh-j.com
 PreferredAuthentications none
Host jc
 ProxyJump [email protected]
 User root
 HostName tc

But the problem remains

abakum avatar May 08 '24 09:05 abakum

openssh resolves domain names locally, but tssh resolves domain names remotely. Using IP directly should avoid the issue.

lonnywong avatar May 08 '24 09:05 lonnywong

d

Try ping test on the remote server.

https://github.com/trzsz/trzsz-ssh/blob/69a174ca2fc663e7cda8adfb73e89f8bae5bc937/tssh/forward.go#L230

On Windows10 test is resolved. All ok with debug message

abakum avatar May 08 '24 09:05 abakum

openssh resolves domain names locally, but tssh resolves domain names remotely. Using IP directly should avoid the issue.

#tssh -R start then exit #how to fix tssh -R?

1koka@debian:~$ tssh -debug rn `

debug: /home/koka/.tssh.conf does not exist debug: open config [/home/koka/.ssh/config] success debug: decode config [/home/koka/.ssh/config] success debug: open config [/etc/ssh/ssh_config] success debug: decode config [/etc/ssh/ssh_config] success debug: extended config [/home/koka/.ssh/password] does not exist debug: new ssh agent client [/tmp/ssh-XXXXklzv0D/agent.31174] success debug: will attempt key: ssh-agent ssh-rsa SHA256:7Q/uIPLtRTP2v7jxnqU5G9FZbEazI2oYv3AEWkWZzHY debug: add auth method: public key authentication debug: add auth method: keyboard interactive authentication debug: add auth method: password authentication debug: add UserKnownHostsFile: /home/koka/.ssh/known_hosts debug: UserKnownHostsFile [/home/koka/.ssh/known_hosts2] does not exist debug: GlobalKnownHostsFile [/etc/ssh/ssh_known_hosts] does not exist debug: GlobalKnownHostsFile [/etc/ssh/ssh_known_hosts2] does not exist debug: user declared ciphers: [[email protected] aes128-ctr aes192-ctr aes256-ctr [email protected] [email protected] aes128-cbc aes192-cbc aes256-cbc] debug: client supported ciphers: [[email protected] aes128-ctr aes192-ctr aes256-ctr [email protected] [email protected] aes128-cbc] debug: login to [rn], addr: serveo.net:22 debug: login to [rn] success debug: forward listen on remote 'tn:22' success debug: send env regexp: (^LANG$)|(^LC_.*$) debug: send env failed: LANG = "ru_RU.UTF-8" debug: no extended config [ExpectCount] for [rn] debug: no extended config [EnableTrzsz] for [rn] debug: no extended config [EnableZmodem] for [rn] debug: no extended config [EnableDragFile] for [rn] 1koka@debian:~$ `

abakum avatar May 08 '24 10:05 abakum

1koka@debian:~$ ssh -v rn `

OpenSSH_9.2p1 Debian-2+deb12u2, OpenSSL 3.0.11 19 Sep 2023 debug1: Reading configuration data /home/koka/.ssh/config debug1: /home/koka/.ssh/config line 31: Applying options for rn debug1: Reading configuration data /etc/ssh/ssh_config debug1: /etc/ssh/ssh_config line 19: include /etc/ssh/ssh_config.d/*.conf matched no files debug1: /etc/ssh/ssh_config line 21: Applying options for * debug1: Connecting to serveo.net [138.68.79.95] port 22. debug1: Connection established. debug1: identity file /home/koka/.ssh/id_rsa type 0 debug1: identity file /home/koka/.ssh/id_rsa-cert type 4 debug1: identity file /home/koka/.ssh/id_ecdsa type -1 debug1: identity file /home/koka/.ssh/id_ecdsa-cert type -1 debug1: identity file /home/koka/.ssh/id_ecdsa_sk type -1 debug1: identity file /home/koka/.ssh/id_ecdsa_sk-cert type -1 debug1: identity file /home/koka/.ssh/id_ed25519 type -1 debug1: identity file /home/koka/.ssh/id_ed25519-cert type -1 debug1: identity file /home/koka/.ssh/id_ed25519_sk type -1 debug1: identity file /home/koka/.ssh/id_ed25519_sk-cert type -1 debug1: identity file /home/koka/.ssh/id_xmss type -1 debug1: identity file /home/koka/.ssh/id_xmss-cert type -1 debug1: identity file /home/koka/.ssh/id_dsa type -1 debug1: identity file /home/koka/.ssh/id_dsa-cert type -1 debug1: Local version string SSH-2.0-OpenSSH_9.2p1 Debian-2+deb12u2 debug1: Remote protocol version 2.0, remote software version Go debug1: compat_banner: no match: Go debug1: Authenticating to serveo.net:22 as 'tn' debug1: load_hostkeys: fopen /home/koka/.ssh/known_hosts2: No such file or directory debug1: load_hostkeys: fopen /etc/ssh/ssh_known_hosts: No such file or directory debug1: load_hostkeys: fopen /etc/ssh/ssh_known_hosts2: No such file or directory debug1: SSH2_MSG_KEXINIT sent debug1: SSH2_MSG_KEXINIT received debug1: kex: algorithm: curve25519-sha256 debug1: kex: host key algorithm: rsa-sha2-512 debug1: kex: server->client cipher: [email protected] MAC: compression: none debug1: kex: client->server cipher: [email protected] MAC: compression: none debug1: expecting SSH2_MSG_KEX_ECDH_REPLY debug1: SSH2_MSG_KEX_ECDH_REPLY received debug1: Server host key: ssh-rsa SHA256:07jcXlJ4SkBnyTmaVnmTpXuBiRx2+Q2adxbttO9gt0M debug1: load_hostkeys: fopen /home/koka/.ssh/known_hosts2: No such file or directory debug1: load_hostkeys: fopen /etc/ssh/ssh_known_hosts: No such file or directory debug1: load_hostkeys: fopen /etc/ssh/ssh_known_hosts2: No such file or directory debug1: Host 'serveo.net' is known and matches the RSA host key. debug1: Found key in /home/koka/.ssh/known_hosts:4 debug1: rekey out after 134217728 blocks debug1: SSH2_MSG_NEWKEYS sent debug1: expecting SSH2_MSG_NEWKEYS debug1: SSH2_MSG_NEWKEYS received debug1: rekey in after 134217728 blocks debug1: get_agent_identities: agent returned 1 keys debug1: Will attempt key: /home/koka/.ssh/id_rsa RSA SHA256:7Q/uIPLtRTP2v7jxnqU5G9FZbEazI2oYv3AEWkWZzHY agent debug1: Will attempt key: /home/koka/.ssh/id_rsa RSA-CERT SHA256:7Q/uIPLtRTP2v7jxnqU5G9FZbEazI2oYv3AEWkWZzHY debug1: Will attempt key: /home/koka/.ssh/id_ecdsa debug1: Will attempt key: /home/koka/.ssh/id_ecdsa_sk debug1: Will attempt key: /home/koka/.ssh/id_ed25519 debug1: Will attempt key: /home/koka/.ssh/id_ed25519_sk debug1: Will attempt key: /home/koka/.ssh/id_xmss debug1: Will attempt key: /home/koka/.ssh/id_dsa debug1: SSH2_MSG_EXT_INFO received debug1: kex_input_ext_info: server-sig-algs=<ssh-ed25519,[email protected],[email protected],ecdsa-sha2-nistp256,ecdsa-sha2-nistp384,ecdsa-sha2-nistp521,rsa-sha2-256,rsa-sha2-512,ssh-rsa,ssh-dss> debug1: SSH2_MSG_SERVICE_ACCEPT received debug1: Authentications that can continue: publickey,keyboard-interactive debug1: Next authentication method: keyboard-interactive Authenticated to serveo.net ([138.68.79.95]:22) using "keyboard-interactive". debug1: Remote connections from tn:22 forwarded to local address 10.161.115.160:22 debug1: channel 0: new session [client-session] (inactive timeout: 0) debug1: Entering interactive session. debug1: pledge: filesystem debug1: Sending environment. debug1: channel 0: setting env LANG = "ru_RU.UTF-8" debug1: remote forward success for: listen tn:22, connect 10.161.115.160:22 Forwarding SSH traffic from tn:22 To connect from a remote host: ssh -J serveo.net user@tn `

abakum avatar May 08 '24 10:05 abakum

openssh resolves domain names locally, but tssh resolves domain names remotely. Using IP directly should avoid the issue.

Thanks! For ssh-j.com it fix, but for serveo.net the problem still remains.

#my ~/.ssh/config ```

Host target User root HostName 10.161.115.160 Host rn RemoteForward 127.0.0.2:22 10.161.115.160:22 User lh HostName serveo.net PreferredAuthentications keyboard-interactive Host jn ProxyJump [email protected] User root HostName 127.0.0.2 Host rc RemoteForward 127.0.0.2:22 10.161.115.160:22 User lh HostName ssh-j.com PreferredAuthentications none Host jc ProxyJump [email protected] User root HostName 127.0.0.2

#OpenSSH -R with OpenSSH -J works! #ssh -v rn or ssh -v -R 127.0.0.2:22:10.161.115.160:22 [email protected] #ssh -v rc or ssh -v -R 127.0.0.2:22:10.161.115.160:22 [email protected] #then #ssh -v jn or ssh -v -J [email protected] [email protected] #ssh -v jc or ssh -v -J [email protected] [email protected]

#OpenSSH -R with tssh -J works too! #ssh -v rn or ssh -v -R 127.0.0.2:22:10.161.115.160:22 [email protected] #ssh -v rc or ssh -v -R 127.0.0.2:22:10.161.115.160:22 [email protected] #then #tssh -debug jn or tssh -debug -J [email protected] [email protected] #tssh -debug jc or tssh -debug -J [email protected] [email protected]

#tssh -R start then exit #how to fix tssh -R? #tssh -debug rn or tssh -debug -R 127.0.0.2:22:10.161.115.160:22 [email protected]

#tssh -N -R start then hang - BUG? #tssh -debug -N rn or tssh -debug -N -R 127.0.0.2:22:10.161.115.160:22 [email protected] #tssh -J fail #tssh -debug jn or tssh -debug -J [email protected] [email protected] #OpenSSH -J fail #ssh -v jn or ssh -v -J [email protected] [email protected]

#tssh -R with OpenSSH -J works! #tssh -debug rc or tssh -debug -R 127.0.0.2:22:10.161.115.160:22 [email protected] #then #tssh -debug jc or tssh -debug -J [email protected] [email protected] #ssh -v jc or ssh -v -J [email protected] [email protected]

</details>

abakum avatar May 08 '24 13:05 abakum

  • tssh --debug, not tssh -debug.
  • tssh -N usually used with -f.

lonnywong avatar May 09 '24 09:05 lonnywong

PR fixed an unexpected exit of tssh rn but still not forwarding in contrast with ssh rn 2024-05-10_15-59-14

abakum avatar May 10 '24 12:05 abakum

That's why golang resolved alias on local PC before send request to bind it on remote host? OpenSSH doesn't do that because everyone works through it.

https://github.com/golang/go/issues/67295

abakum avatar May 10 '24 18:05 abakum

For ssh-j.com it fix, but for serveo.net the problem still remains.

I don't quite understand the issue. Is there any warning message or error message?

lonnywong avatar May 25 '24 23:05 lonnywong

case ssh rn running tssh --debug jn say:

debug: login to [jn] success
debug: no extended config [ExpectCount] for [jn]
...

then all ok

case tssh rn running tssh --debug jn say:

debug: login to [jn], addr: 127.0.0.2:22
proxy [[email protected]] dial tcp [127.0.0.2:22] failed: ssh: rejected: connect failed (Couldn't open remote channel)

Is there access from China to serveo.net and ssh-j.com? Would you rather try it yourself?

abakum avatar May 26 '24 16:05 abakum

Is there access from China to serveo.net and ssh-j.com? Would you rather try it yourself?

I'll give it a try when I'm free. What is your current configuration, and which parts do I need to adjust?

lonnywong avatar May 27 '24 00:05 lonnywong

PR fixed an unexpected exit of tssh rn

Have to read the output of serveo.net first, then do the remote forward. Otherwise serveo.net will close the ssh session.

but still not forwarding in contrast with ssh rn

Can't accept any connection from serveo.net after listen. Maybe it's an issue of golang.org/x/crypto/ssh.

lonnywong avatar May 27 '24 05:05 lonnywong

I agree that this is a question for golang, because everything works with a pair of tssh rc tssh jc! This is a double question for golang. After all on serveo.net running ssh daemon from golang but on ssh-j.com dropbear \8^)

abakum avatar May 27 '24 06:05 abakum