Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

any status update on ssh server? #300

Closed
Golab opened this issue Apr 29, 2016 · 47 comments
Closed

any status update on ssh server? #300

Golab opened this issue Apr 29, 2016 · 47 comments

Comments

@Golab
Copy link

Golab commented Apr 29, 2016

Hello I'm wondering if the devs have made any step forward on making ssh server to work?

@russalex
Copy link
Contributor

No big announcements on ssh server yet. We know this is something that many users are waiting on and are looking at it. Stay tuned.

@MadcowD
Copy link

MadcowD commented May 2, 2016

Big requisite to implementing the SSH server is #308

@dreyks
Copy link

dreyks commented May 29, 2016

build 14352
Able to install and start ssh server via service ssh start. But cannot connect to it.
Results of running in debug mode

$ sudo /usr/sbin/sshd -d
debug1: sshd version OpenSSH_6.6.1, OpenSSL 1.0.1f 6 Jan 2014
debug1: key_parse_private2: missing begin marker
debug1: read PEM private key done: type RSA
debug1: private host key: #0 type 1 RSA
debug1: key_parse_private2: missing begin marker
debug1: read PEM private key done: type DSA
debug1: private host key: #1 type 2 DSA
debug1: key_parse_private2: missing begin marker
debug1: read PEM private key done: type ECDSA
debug1: private host key: #2 type 3 ECDSA
debug1: private host key: #3 type 4 ED25519
debug1: rexec_argv[0]='/usr/sbin/sshd'
debug1: rexec_argv[1]='-d'
Set /proc/self/oom_adj from 0 to -17
debug1: Bind to port 22 on 0.0.0.0.
Server listening on 0.0.0.0 port 22.
debug1: Server will not fork when running in debugging mode.
debug1: rexec start in 4 out 4 newsock 4 pipe -1 sock 7
debug1: inetd sockets after dupping: 3, 3
Connection from 127.0.0.1 port 51262 on 127.0.0.1 port 22
debug1: Client protocol version 2.0; client software version JSCH-0.1.52
debug1: no match: JSCH-0.1.52
debug1: Enabling compatibility mode for protocol 2.0
debug1: Local version string SSH-2.0-OpenSSH_6.6.1p1 Ubuntu-2ubuntu2.7
chroot("/var/run/sshd"): Function not implemented [preauth]
debug1: do_cleanup [preauth]
debug1: monitor_read_log: child log fd closed
debug1: do_cleanup
debug1: Killing privsep child 2149
debug1: audit_event: unhandled event 12
$

chroot("/var/run/sshd"): Function not implemented [preauth] Seems like something missing in the kernel

@dreyks
Copy link

dreyks commented May 29, 2016

Actually changing UsePrivilegeSeparation to no in /etc/ssh/sshd_config fixed this issue, and I can fully connect to ssh server 🎆

@leon-pilot
Copy link

leon-pilot commented May 30, 2016

Afff... I get:

$ sudo /usr/sbin/sshd -d
debug1: sshd version OpenSSH_6.6.1, OpenSSL 1.0.1f 6 Jan 2014
debug1: key_parse_private2: missing begin marker
debug1: read PEM private key done: type RSA
debug1: private host key: #0 type 1 RSA
debug1: key_parse_private2: missing begin marker
debug1: read PEM private key done: type DSA
debug1: private host key: #1 type 2 DSA
debug1: key_parse_private2: missing begin marker
debug1: read PEM private key done: type ECDSA
debug1: private host key: #2 type 3 ECDSA
debug1: private host key: #3 type 4 ED25519
debug1: rexec_argv[0]='/usr/sbin/sshd'
debug1: rexec_argv[1]='-d'
Set /proc/self/oom_adj from 0 to -17
debug1: Bind to port 22 on ::.
Server listening on :: port 22.
debug1: Bind to port 22 on 0.0.0.0.
Bind to port 22 on 0.0.0.0 failed: Invalid argument.

Already created the keys with sudo ssh-keygen -A seems I'am lacking some steps...
Probably the binding to IPv6 is the problem... dunno yet.

@Garciat
Copy link

Garciat commented May 30, 2016

I can connect thanks to @dryks suggestion. However, I get: PTY allocation request failed on channel 0 so I get no shell at all.

@xyzith
Copy link

xyzith commented Jun 1, 2016

@leon-pilot
try edit /etc/ssh/sshd_config

#ListenAddress 0.0.0.0 => ListenAddress 0.0.0.0
remove the # sign

@mobluse
Copy link

mobluse commented Jun 3, 2016

I can't login. I did the changes to /etc/ssh/sshd_config that @xyzith and @dreyks suggested. I use the same password as I use with sudo. I also changed to PubkeyAuthentication no.

pi@LENOVO5:~$ sudo service ssh start
 * Starting OpenBSD Secure Shell server sshd                           [ OK ]
pi@LENOVO5:~$ ssh pi@localhost
pi@localhost's password:
Permission denied, please try again.
pi@localhost's password:
Permission denied, please try again.

[Update: It works now with Build 14361.]

@sunilmut
Copy link
Member

sunilmut commented Jun 6, 2016

To answer the original question around support for SSH, there have been some changes checked in to enable PTY, which should unblock SSH. The changes haven't made it yet to the release branch, but should soon. Stay tuned.

@Garciat
Copy link

Garciat commented Jun 8, 2016

As of build 14361, with the right sshd configuration (as seen above), this is now working.

@Golab
Copy link
Author

Golab commented Jun 8, 2016

Which of the settings do you mean?

When did build 14361 get released?

Skickat från min iPhone

8 juni 2016 kl. 21:54 skrev Gabriel Garcia notifications@github.com:

As of build 14361, with the right sshd configuration (as seen above), this is now working.


You are receiving this because you authored the thread.
Reply to this email directly, view it on GitHub, or mute the thread.

@dreyks
Copy link

dreyks commented Jun 8, 2016

today or maybe yesterday. my laptop is rebooting now to install 14361

@Garciat
Copy link

Garciat commented Jun 9, 2016

@Golab

ListenAddress 0.0.0.0
UsePrivilegeSeparation no
PasswordAuthentication yes

@Golab
Copy link
Author

Golab commented Jun 9, 2016

Can I in someway set it up so sshd starts when Windows boots up like auto start?

Skickat från min iPad

9 juni 2016 kl. 14:48 skrev Gabriel Garcia notifications@github.com:

@Golab

ListenAddress 0.0.0.0
UsePrivilegeSeparation no
PasswordAuthentication yes

You are receiving this because you were mentioned.
Reply to this email directly, view it on GitHub, or mute the thread.

@Garciat
Copy link

Garciat commented Jun 9, 2016

I can only connect to the local sshd server when the bash window is open.

You may be able to do something with C:\Windows\System32\bash.exe, like starting /usr/sbin/sshd and waiting on it. I do not have a definitive answer at the moment.

@sunilmut
Copy link
Member

sunilmut commented Jun 9, 2016

@Golab - You can try adding the "bash.exe -c " command to Windows startup to automatically launch post boot.

@throwable-one
Copy link

@russalex could you please somehow change UsePrivilegeSeparation to no by default? OpenSSH does not work out of the box, until you change this option because preauth is not implemented.

@waqarz
Copy link

waqarz commented Jul 17, 2016

@Garciat , @Golab

Configuration:

Made the changes you provided:
ListenAddress 0.0.0.0
UsePrivilegeSeparation no
PasswordAuthentication yes

Build: 14388.0

Behavior

Still no change in behavior, ssh server seems to behave as if password is wrong (it is not :)

waqarz@192.168.1.8's password:
Permission denied, please try again.

Verbose output:

waqarz@192.168.1.8's password:
debug3: packet_send2: adding 48 (len 61 padlen 19 extra_pad 64)
debug2: we sent a password packet, wait for reply
debug3: Received SSH2_MSG_IGNORE
debug1: Authentications that can continue: gssapi-with-mic,password
Permission denied, please try again.

Other observations:
ssh server does print an error trying to start or restart it:

sudo service ssh start
[sudo] password for waqarz:
initctl: Unable to connect to Upstart: Failed to connect to socket /com/ubuntu/upstart: Connection refused

  • Starting OpenBSD Secure Shell server sshd [ OK ]

This is a similar error as trying to start dbus service: #376, any relation?

All in all I am concluding that since @russalex commented its a known issue, it will be fixed eventually.

@Golab
Copy link
Author

Golab commented Jul 17, 2016

I'm wondering how do I setup so sshd starts when the computer boots up?

Skickat från min iPhone

17 juli 2016 kl. 10:48 skrev waqarz notifications@github.com:

@Garciat , @Golab

Configuration:

Made the changes you provided:
ListenAddress 0.0.0.0
UsePrivilegeSeparation no
PasswordAuthentication yes

Build: 14388.0

Behavior

Still no change in behavior, ssh server seems to behave as if password is wrong (it is not :)

waqarz@192.168.1.8's password:
Permission denied, please try again.

Verbose output:

waqarz@192.168.1.8's password:
debug3: packet_send2: adding 48 (len 61 padlen 19 extra_pad 64)
debug2: we sent a password packet, wait for reply
debug3: Received SSH2_MSG_IGNORE
debug1: Authentications that can continue: gssapi-with-mic,password
Permission denied, please try again.

Other observations:
ssh server does print an error trying to start or restart it:

sudo service ssh start
[sudo] password for waqarz:
initctl: Unable to connect to Upstart: Failed to connect to socket /com/ubuntu/upstart: Connection refused

  • Starting OpenBSD Secure Shell server sshd [ OK ]

This is a similar error as trying to start dbus service: #376, any relation?

All in all I am concluding that since @russalex commented its a known issue, it will be fixed eventually.


You are receiving this because you were mentioned.
Reply to this email directly, view it on GitHub, or mute the thread.

@iambryancs
Copy link

@Golab , unfortunately, it looks like Upstart is not working yet or at least on mine. But based on @sunilmut 's suggestion, you can pass a command to bash.exe with the -c option.

So you can do something like:

bash.exe -c "sudo service ssh start"

And then add that to startup. This will ask you for your password though.
If you want to pass the password automatically, you can do like:

bash.exe -c "echo p@$$w0rD | sudo -S service ssh start"

But this is not secure.

@e12e
Copy link

e12e commented Jul 20, 2016

A better alternative is to edit /etc/sudoers, either allowing your user to sudo without password (aka "trust windows to protect your system") or just allow starting the ssh service without a password. For inspiration see eg:

https://help.ubuntu.com/community/Sudoers#Shutting_Down_From_The_Console_Without_A_Password

Please, never recommend passing passwords on the command line - at the very least use an environment variable (but, really - there's a reason we have sudo/sudoers).

@Gocht
Copy link

Gocht commented Aug 9, 2016

Not working for me even changing the port number, here is my /etc/ssh/sshd_config file:

# Package generated configuration file
# See the sshd_config(5) manpage for details

# What ports, IPs and protocols we listen for
Port 9999
# Use these options to restrict which interfaces/protocols sshd will bind to
#ListenAddress ::
ListenAddress 0.0.0.0
Protocol 2
# HostKeys for protocol version 2
HostKey /etc/ssh/ssh_host_rsa_key
HostKey /etc/ssh/ssh_host_dsa_key
HostKey /etc/ssh/ssh_host_ecdsa_key
HostKey /etc/ssh/ssh_host_ed25519_key
#Privilege Separation is turned on for security
UsePrivilegeSeparation no

# Lifetime and size of ephemeral version 1 server key
KeyRegenerationInterval 3600
ServerKeyBits 1024

# Logging
SyslogFacility AUTH
LogLevel INFO

# Authentication:
LoginGraceTime 120
PermitRootLogin without-password
StrictModes yes

RSAAuthentication yes
#PubkeyAuthentication yes
PubkeyAuthentication no
#AuthorizedKeysFile     %h/.ssh/authorized_keys

# Don't read the user's ~/.rhosts and ~/.shosts files
IgnoreRhosts yes
# For this to work you will also need host keys in /etc/ssh_known_hosts
RhostsRSAAuthentication no
# similar for protocol version 2
HostbasedAuthentication no
# Uncomment if you don't trust ~/.ssh/known_hosts for RhostsRSAAuthentication
#IgnoreUserKnownHosts yes

# To enable empty passwords, change to yes (NOT RECOMMENDED)
PermitEmptyPasswords no

# Change to yes to enable challenge-response passwords (beware issues with
# some PAM modules and threads)
ChallengeResponseAuthentication no

# Change to no to disable tunnelled clear text passwords
PasswordAuthentication yes

# Kerberos options
#KerberosAuthentication no
#KerberosGetAFSToken no
#KerberosOrLocalPasswd yes
#KerberosTicketCleanup yes

# GSSAPI options
#GSSAPIAuthentication no
#GSSAPICleanupCredentials yes

X11Forwarding yes
X11DisplayOffset 10
PrintMotd no
PrintLastLog yes
TCPKeepAlive yes
#UseLogin no

#MaxStartups 10:30:60
#Banner /etc/issue.net

# Allow client to pass locale environment variables
AcceptEnv LANG LC_*

Subsystem sftp /usr/lib/openssh/sftp-server

# Set this to 'yes' to enable PAM authentication, account processing,
# and session processing. If this is enabled, PAM authentication will
# be allowed through the ChallengeResponseAuthentication and
# PasswordAuthentication.  Depending on your PAM configuration,
# PAM authentication via ChallengeResponseAuthentication may bypass
# the setting of "PermitRootLogin without-password".
# If you just want the PAM account and session checks to run without
# PAM authentication, then enable this but set PasswordAuthentication
# and ChallengeResponseAuthentication to 'no'.
UsePAM yes

My build is 14393.10

@aseering
Copy link
Contributor

aseering commented Aug 9, 2016

Could you describe precisely how it's failing?

Could you try ssh'ing into your machine with "ssh -vvv user@host" and post the output? That will provide details on what the client thinks is going on.

@Gocht
Copy link

Gocht commented Aug 9, 2016

@aseering This is what I get:

OpenSSH_6.6.1, OpenSSL 1.0.1f 6 Jan 2014
debug1: Reading configuration data /etc/ssh/ssh_config
debug1: /etc/ssh/ssh_config line 19: Applying options for *
debug2: ssh_connect: needpriv 0
debug1: Connecting to 127.0.0.1 [127.0.0.1] port 9999.
debug1: connect to address 127.0.0.1 port 9999: Connection refused
ssh: connect to host 127.0.0.1 port 9999: Connection refused

The same if I try with the port 22.

Network Error: Connection refused If I try from windows using PuTTY
Thanks for your time.

@aseering
Copy link
Contributor

aseering commented Aug 9, 2016

Hm... If you run ps ax inside a Bash shell, do you see the sshd process running?

(Also, just making sure: I just noticed that your configuration file is set to listen on port 9999; are you specifying that port on the client when you try to connect?)

If sshd is not starting, you could try running sudo /usr/bin/sshd -D manually and observing the output. I would expect it to print out an error and exit; that error will probably help explain what's going wrong.

If it is running, then it sounds like the server is listening, and the client is sending, but the packets aren't getting through. That sounds like a network or firewall issue of some sort. That's going to be very specific to your setup, but I'd suggest starting by taking a close look at any firewalls (even the regular Windows firewall) that you might be running.

@Gocht
Copy link

Gocht commented Aug 10, 2016

@aseering Hi, when I run ps ax I get:

  PID TTY      STAT   TIME COMMAND
    1 ?        Ss     0:00 /init
    2 ?        Ss     0:00 /bin/bash
   31 ?        R      0:00 ps ax

I tried what you suggest and I run: sudo service ssh start and now with ps ax I get:


  PID TTY      STAT   TIME COMMAND
    1 ?        Ss     0:00 /init
    2 ?        Ss     0:00 /bin/bash
   60 ?        Ss     0:00 /usr/sbin/sshd
   63 ?        R      0:00 ps ax

And now I am able to connect to ssh into WSL from windows and from the same bash console.

The problem now is that the service is not started when I close and open Bash console. Is there any way to make it start when Bash console is opened? I have installed MySQL and is the same problem, service is not started when Bash console is opened.

I guess I will install more services such as mongoDB, etc. It would be nice if there is a way to make then start witn bash console start.

One more detail, for some reason I am not able to connect via ssh to WSL from Intellij Idea (Installed in Windows) to add a remote interpreter for a Django project.

@poma
Copy link

poma commented Aug 10, 2016

If you have troubles running OpenSSH server check out dropbear

sudo apt-get install dropbear
sudo dropbear
...
ssh localhost

It's simple and lightweight

@aseering
Copy link
Contributor

@Gocht -- I've posted here about how to launch sshd at startup and keep it running without a (visible) terminal window open. If you want to run sshd on demand, you can follow all but the last instruction.

http://wsl-forum.qztc.io/viewtopic.php?f=6&t=10

@dreyks
Copy link

dreyks commented Aug 10, 2016

For some weird reason my script reports that it cannot find C:\Windows\System32\bash.exe while it surely is there...

@Gocht
Copy link

Gocht commented Aug 10, 2016

@aseering I have some doubts about your post.

First, this is what I get when I run sudo dpkg-reconfigure openssh-server:

initctl: Impossible connect with Upstar: Failed to connect to socket /com/ubuntu/upstart: Connection refusaed
runlevel:/var/run/utmp: Does not exist file or directory
invoke-rc.d: policy-rc.d denied execution of restart.
  • I get messages in spanish, I've translated it, maybe that's not the exact text you would get.

Previoulsly to execute the command above I started ssh service with sudo service ssh start, if I try with sudo /usr/bin/sshd -D I get:

sudo: /usr/bin/sshd: command not found

Second, where should live the file autostartssh.vbs?

Since I don't know how to allow traffic in port 22 I have disable (for testing) the complete firewall.


I have installed openssh for windows (only client) and now I am able to connect to ubuntu ssh server via windows' command tool, but I can't do this via Intelliij Idea, it get loading and always trying to connect.

@poma
Copy link

poma commented Aug 10, 2016

sudo /usr/bin/sshd -D

It's /usr/sbin/sshd

this is what I get when I run...

It's ok to get some errors there. The only thing you need from this command is key generation on the first run.

@Gocht
Copy link

Gocht commented Aug 10, 2016

/usr/sbin/sshd worked, any idea about sudo dpkg-reconfigure openssh-server?

@poma
Copy link

poma commented Aug 10, 2016

Told you those errors are fine. It probably already generated your keys. Move on to the next steps.

@aseering
Copy link
Contributor

@Gocht -- as @poma says, those errors should not affect functionality.

Also, feel free to post your questions about my forum-post on the forum :-) There are lots of redundant threads in this bugtracker about setting up ssh; I'm trying to gather them in one place so that everyone can find answers to these sorts of questions.

@Gocht
Copy link

Gocht commented Aug 11, 2016

@aseering @poma Thanks! I think now my problem is more related to Intellij Idea.

I started to try ssh in WSL to connect a remote debugger from windows to a python interpreter in WSL via Intellij Idea. Now ssh is running in WSL and I can connect to ubuntu WSL via PuTTY or windows console, but I can not via Intellij Idea, I think now I have to do some extra research.

@dreyks
Copy link

dreyks commented Aug 11, 2016

What error do you get in IntelliJ? I use rubymine's and webstorm's remote interpreters (ruby and node respectively) and everything seems to
work fine

@Gocht
Copy link

Gocht commented Aug 11, 2016

@dreyks I will describe what I am doing:

  • Start Bash on Windows
  • Start SSH service in Bash console
  • Connect from PuTTY (executable .exe in Windows 10) to SSH into WSL just to test
    At this point PuTTY connects successfully
  • Start Intellij, create a new project, try to add a new Project SDK, a remote one.
    In the 'Configure Remote Python Interpreter' dialog I fill variables to connect:
    Host: 127.0.0.1
    Port: 22
    Password: ...
    And when I try to change de Python interpreter path, I can see my WSL folders and select de interpreter from my virtualenv in WSL, so I think it is connecting right.

But then when I hit OK, it shows a message 'connecting to 127.0.0.1...' and never connect, I have wait hours...

@Ehekatl
Copy link

Ehekatl commented Aug 12, 2016

sshd works on localhost, but can't connect by public ip, disable firewall didn't help either, any help here ?

@dreyks
Copy link

dreyks commented Aug 12, 2016

make sure you have Listen 0.0.0.0 in your /etc/ssh/sshd_config

@Gocht
Copy link

Gocht commented Aug 13, 2016

@dreyks Yes, ListenAddress 0.0.0.0

@computergeek125
Copy link

I don't remember having to change the ListenAddress on my system, but I do remember that I had to disable the SSH Proxy in the Windows Firewall and add a new rule to allow TCP traffic on port 22. I don't use my SSH server on my PC much, so I don't know if this has broken since I last tried it.

@galvesribeiro
Copy link

Just to leave my note here... The current build (14936) start successfully the SSH server with sudo service ssh start however, when trying to make any SSH client to connect to it, windows crash with blue screen and reboot...

@dreyks
Copy link

dreyks commented Oct 10, 2016

this is already fixed in 14942

@sunilmut
Copy link
Member

Thanks @dreyks for chiming in. Once validated, it will be helpful if we can close this issue out on build 14942.

@galvesribeiro
Copy link

Just confirmed. After update to build 1492 and made the changes on the SSH settings files as suggested here, it worked perfectly without crash. Thanks to everyone! :)

@sunilmut
Copy link
Member

Thanks @galvesribeiro for validating. Closing the issue out.

@MathiasMagnus
Copy link

+1

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Projects
None yet
Development

No branches or pull requests