This project is read-only.

Server reject not caught...

May 16, 2012 at 2:29 PM
Edited May 16, 2012 at 2:54 PM

Hi guys,

We're playing around with some security settings here (related to my subsystem post) and I've noticed what might be a problem.

Our server admin has temporarily changed my user to disallow shell and exec persmission. We plan to do this for certain users in ssh daemon to prevent certain access and we just want to see the impacted.

 

Anyway, Normally when I start my VB App:

 - I establist the connection

 - Create a sshClient..CreateShellStream (for use later)

- execute an async command in SshClient.RunCommand

 

Since the security changes were made, the first step runs ok but. the next 2 fail on the server side - they are refused. However, there is no error apparent in the client. No exceptions are thrown and even looking at the variables while in debug it appears that everything  is ok.

 

From the server side, we can see the logs:

$SSH01|16May12 13:30:31.89|50|10.64.145.64:2408: accepted connection from client
$SSH01|16May12 13:30:31.94|50|10.64.145.64:2408: client version string: SSH-2.0 -Renci.SshNet.SshClient.0.0.1
$SSH01|16May12 13:30:32.35|40|10.64.145.64:2408: SSH session established.
$SSH01|16May12 13:30:33.09|40|10.64.145.64:2408: password verified for user aaabbbccc  password authentication successful
$SSH01|16May12 13:30:33.21|20|10.64.145.64:2408: shell request rejected, shell access denied
$SSH01|16May12 13:30:33.28|20|10.64.145.64:2408: exec request rejected, shell a ccess denied
$SSH01|16May12 13:31:40.92|50|10.64.145.64:2408: Disconnect from remote: Connec tion terminated by the client.
$SSH01|16May12 13:31:40.93|40|10.64.145.64:2408: SSH session terminated

On the client side, I dont see any of the rejects.

The CreateShellCommand runs as normal on the client (or so it appears)

This async Runcommand just keeps running.. it does not mark as complete... nor does it time out

 

Any ideas?

 

bits of my code:

 

 

' connect
clientSSH.Connect()


' Create the shell Stream now so we have it available later  
sshShellStream = clientSSH.CreateShellStream(shellName, 80, 24, 800, 600, 10000000)




' run the initial command to pull file lists
tandemCmd = clientSSH.CreateCommand(commandToRun)
TandemCmd.CommandTimeout = TimeSpan.FromSeconds(60)

asynch = tandemCmd.BeginExecute(Nothing, Nothing)

 

 While Not (asynch.IsCompleted)
  ..
  .. < do some stuff>
  .. < this loop never ends>
  ..
  End While

 

 

 

 

 

 

 

 

 

Jun 5, 2012 at 8:54 PM

Hi,

 

It looks like I never expected for this case and should throw some exception in this case.

I thought I do throw an exception if channel cannot be open for some reason, cause this is what happens behind the scene but I might be wrong then.

 

Can you log it as an issue so I don't forget about it and when have more time could take a look at it?

 

Thanks,

Oleg

Jun 7, 2012 at 8:51 PM

 

 

Thanks Oleg, I'll log it now.

 

Cheers,

 

Paul.

Jun 22, 2012 at 6:16 PM

Hi Oleg,

I am Subbu. I am facing a similar issue.

I am trying error injection scenarios. I am using "passwordConnectionInfo" to connect to my server. The following are the steps I followed.

- Enter valid IP, Username and Password credentials for a linux server. The connection was successful and I was able to execute commands on the remote linux server.

- I entered invalid username in the while creating passwordConnectionInfo object. There was no error message recorded in the client side. There were no exceptions thrown. From debug mode I could get only the following error message. 

"IsEndOfData = '((Renci.SshNet.Common.SshData)(((Renci.SshNet.PasswordAuthenticationMethod)(((Renci.SshNet.AuthenticationMethod[])(((Renci.SshNet.ConnectionInfo)(passwordConn)).AuthenticationMethods))[0]))._requestMessage)).IsEndOfData' threw an exception of type 'System...."

-On the Linux server I could see the message "Invalid user roott attempted login from <IPAddress>".

- The Subsequent time when I entered the correct IP,username and password , the connection still dint get through. I think the linux server has changed the RSA keys and blocked my machine from logging in. 

- The execution stops at BaseClient.connect(). None of the statements below this line are getting executed. I am stuck here and I am unable to make any progress. Kindly help me out at your earliest convenience. 

 

Here is my code: 

                //Server Connection               

passwordConn = new PasswordConnectionInfo("10.143.12.297", "root", "myrootpassword");         

       serverConnection = new SshClient(passwordConn);                

                log.Info("The Server connection is:   " + serverConnection.IsConnected);             //Only this msg is printed during error scenarios   

serverConnection.Connect();
                log.Info("The Server connection is:   " + serverConnection.IsConnected);
                //Check Server Connection               

isConnected = serverConnection.IsConnected;               

if (isConnected == true)             

  {                    log.Info("Successfully Connected to Server Rack3-06-Linux using SSH");                }               

else               

{                    log.Error("Failed to connect to Server Rack3-06-Linux using SSH");                }

 

During error injection scenarios, the only error message that is being printed is the one highlighted in Blue color.

 

Paul, 

Can you please share the Bug ID?

Jun 23, 2012 at 11:06 AM

Hi Subbu,

 

I have this in issue 1252.

http://sshnet.codeplex.com/workitem/1252

 

cheers,

 

Paul.

Jun 26, 2012 at 5:50 PM

Hi guys,

 

I know its an issue and I have it logged, unfortunately I don't have much time right now as I buys with other project.

I will fix that as soon as I have some available time.

 

Thanks,

Oleg

Jul 11, 2012 at 7:48 PM

Hi Folks,

Sorry for the delay in my response. Had been on a vacation and came back just today.

Paul,

Thanks for sharing the defect ID.

Oleg,

Did you get a chance to work on this? Please let me know if there are any workarounds.

 

Thanks,

Subbu.

Jul 13, 2012 at 3:56 AM

Hi, 

Sorry, not yet,

unfortunatlly I am very busy with my other project at work that I hardly have any time to look at it :(

As soon as I have some free time I will defeniatly will fix this.

 

Thanks,

Oleg

Aug 1, 2012 at 10:02 PM

Hi Oleg,

 

Please let me know if you got a chance to work on the issue...

 

Thanks,

Subbu

Aug 10, 2012 at 4:21 PM

Hi,

I tried to do some digging into this issue today and I am getting feeling that it either server specific or I am missing some configuration.

So for example, I set up an account on my ubuntu machine that is not allowed to connect using SSH and when I am executing command, it returns but with exit status 1 and for text saying that account is currently not available but does not hung.

May be I didn't configure something correctly or using different version of Linux from what you are.

I guess the easiest way for me to see the problem if you could provide with some test server, which I could try to connect to so I could recreate the problem.

 

Thanks,

Oleg

Sep 10, 2012 at 1:48 PM

See http://sshnet.codeplex.com/workitem/1252