Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

xpra attach ssh started asking for password #3295

Closed
kyku opened this issue Oct 7, 2021 · 8 comments
Closed

xpra attach ssh started asking for password #3295

kyku opened this issue Oct 7, 2021 · 8 comments
Labels
client network question Further information is requested

Comments

@kyku
Copy link

kyku commented Oct 7, 2021

Hi,

Since recently, xpra has started requesting me to enter the password to the host I'm trying to attach to. I can log into that host with my public key without any problems. Xpra version is v4.2.2-r0 on both of the hosts.

Here is some log of an attempt:

xpra attach ssh:10.10.0.72:999
2021-10-07 15:36:36,598 Xpra GTK3 X11 client version 4.2.2-r0 64-bit
2021-10-07 15:36:36,630  running on Linux unknown unknown unknown
2021-10-07 15:36:36,631  window manager is 'KWin'
2021-10-07 15:36:37,415 GStreamer version 1.18.5 for Python 3.9.7 64-bit
2021-10-07 15:36:37,473 created unix domain socket '/run/user/1000/xpra/clients/kyku-94850'
2021-10-07 15:36:37,661 No OpenGL_accelerate module loaded: No module named 'OpenGL_accelerate'
2021-10-07 15:36:37,862 OpenGL enabled with NVIDIA GeForce RTX 2070/PCIe/SSE2
2021-10-07 15:36:37,863 Error setting up dbus signals:
2021-10-07 15:36:37,863  No module named 'dbus.mainloop.glib'
2021-10-07 15:36:38,004 Connected (version 2.0, client OpenSSH_8.8)
2021-10-07 15:36:38,042 loaded RSA private key from '/home/kyku/.ssh/id_rsa'
2021-10-07 15:36:38,058 Authentication (publickey) failed.
2021-10-07 15:36:38,059 SSH authentication using key '/home/kyku/.ssh/id_rsa' failed:
2021-10-07 15:36:38,059  Authentication failed.
@totaam totaam added client network question Further information is requested labels Oct 7, 2021
@totaam
Copy link
Collaborator

totaam commented Oct 7, 2021

running on Linux unknown unknown unknown

?

You could try to run with -d ssh to get more ssh details.
Which key is meant to give you access to this host?
My guess is that paramiko can't load the correct one, so you may need to revert to plain old openssh with --ssh=ssh.

@kyku
Copy link
Author

kyku commented Oct 9, 2021
edited by totaam
Loading

I tried connecting with -d ssh and I think it boils down to the following fragment:

2021-10-09 21:55:55,085 trying public key authentication using ['/home/kyku/.ssh/id_ed25519', '/home/kyku/.ssh/id_ecdsa', '/home/kyku/.ssh/id_rsa', '/home/kyku/.ssh/id_dsa']
2021-10-09 21:55:55,085 no keyfile at '/home/kyku/.ssh/id_ed25519'
2021-10-09 21:55:55,085 no keyfile at '/home/kyku/.ssh/id_ecdsa'
2021-10-09 21:55:55,085 trying '/home/kyku/.ssh/id_rsa'
2021-10-09 21:55:55,085 trying to load as RSA
2021-10-09 21:55:55,091 loaded RSA private key from '/home/kyku/.ssh/id_rsa'
2021-10-09 21:55:55,091 auth_publickey using /home/kyku/.ssh/id_rsa as RSA: MD5:a7:8c:75:3e:b9:be:ce:aa:12:b6:9f:35:67:96:ab:e4
2021-10-09 21:55:55,106 Authentication (publickey) failed.
2021-10-09 21:55:55,106 key '/home/kyku/.ssh/id_rsa' rejected
Traceback (most recent call last):
  File "/usr/lib/python3.9/site-packages/xpra/net/ssh.py", line 642, in auth_publickey
    transport.auth_publickey(username, key)
  File "/home/kyku/.local/lib/python3.9/site-packages/paramiko/transport.py", line 1580, in auth_publickey
    return self.auth_handler.wait_for_response(my_event)
  File "/home/kyku/.local/lib/python3.9/site-packages/paramiko/auth_handler.py", line 250, in wait_for_response
    raise e
paramiko.ssh_exception.AuthenticationException: Authentication failed.

But it's not quite clear to me why it rejected the key. As I wrote before, it works well with plain ssh connections and also used to work with Xpra until recently.

@kyku kyku removed their assignment Oct 9, 2021
@totaam
Copy link
Collaborator

totaam commented Oct 10, 2021

But it's not quite clear to me why it rejected the key.

There's no way to tell from the client side.
You should look in your ssh server log to find the answer.

As I wrote before, it works well with plain ssh connections and also used to work with Xpra until recently.

Which version did work and which versions don't?

@kyku
Copy link
Author

kyku commented Oct 11, 2021

@totaam , is it possible run xpra without instaling? I downloaded the git version and would like to do a bissection to find out the wrong revision.

@totaam
Copy link
Collaborator

totaam commented Oct 11, 2021

is it possible run xpra without installing?

You can run the build with ./setup.py install --install=./home then run from there by adjusting PYTHONPATH.

Are you sure that the problem is not with an update to openssh?
https://www.openssh.com/releasenotes.html
This release disables RSA signatures using the SHA-1 hash algorithm by default.

@ogzs
Copy link

ogzs commented Oct 14, 2021

Try with the option: --ssh=ssh
Xpra changed the default ssh client, it's not using openssh by default unless you use that option.

@totaam
Copy link
Collaborator

totaam commented Oct 14, 2021

Xpra changed the default ssh client, it's not using openssh by default unless you use that option.

@ogzs this is not a new thing though, it has been the default for years now: #1646

@kyku
Copy link
Author

kyku commented Nov 3, 2021

Older versions of xpra also require ssh password so I guess this issue must have been introduced by some other change on my system.

@kyku kyku closed this as completed Nov 3, 2021
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
client network question Further information is requested
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@totaam @kyku @ogzs