With attachments ! ----- Mail original -----
| De: "SENESI Stéphane" <[email protected]> | À: "Kai Großjohann" <[email protected]> | Cc: [email protected] | Envoyé: Mercredi 8 Octobre 2014 14:35:29 | Objet: Re: Using a 'bastion' - issue when providing password | SO, | ----- Mail original ----- | | De: "Kai Großjohann" <[email protected]> | | | À: "SENESI Stéphane" <[email protected]> | | | Cc: "Michael Albinus" <[email protected]>, [email protected] | | | Envoyé: Mercredi 8 Octobre 2014 12:54:20 | | | Objet: Re: Using a 'bastion' - issue when providing password | | | That's interesting. In the telnet case, the authentication fails: it asks | | you | | for a password. So it could be related to agent forwarding. | | | Hm. Telnet case? From a telnet buffer inside Emacs? That sounds weird: did | | you telnet to localhost? | | yes | | Then you'd lose all your environment, including the connection to the ssh | | agent. | | should I 'eval $(ssh-agent)' or something similar ? | | What happens when you do it from a shell buffer (M-x shell)? | | The same | | But actually, that's not the comparison I was looking for. Suppose you have | | | HostName rt | | | ProxyCommand ssh -vvv bel real@target | | | and you are saying that "ssh rt" hangs but "ssh -vvv bel real@target" | | works. | | Then I was thinking perhaps it's possible to compare the output of "ssh rt" | | with the output of "ssh -vvv bel real@target". (Both of them invoked | | outside | | of Emacs.) | | I did that. See attachments (filenames are self-explanatory) . The main diff | is at line 122 : the working case (not using 'rt') has an additional line : | debug2: channel 0: request pty-req confirm 1 | I tried adding '-t' to the ProxyCommand : the only change is that I get a | message : | Pseudo-terminal will not be allocated because stdin is not a terminal. | Following Michael's advice, I tried adding two '-t' to the ProxyCommad. | W.r.t. the working case, it adds | line 116 : debug2: fd 4 setting O_NONBLOCK | debug2: fd 5 setting O_NONBLOCK | line 130 : debug1: tty_make_modes: no fd or tio | but it hangs before requesting the password | S. | | And perhaps that works to figure out how to make "ssh rt" work from outside | | Emacs. And once that works, perhaps it also works via Tramp. | | | Kai | | | On 8 Oct 2014, at 12:15, SENESI Stéphane wrote: | | | | Hi Kai | | | | | | Answers interspersed : | | | | | | ----- Mail original ----- | | | | | | | De: "Kai Großjohann" [email protected] | | | | | | | À: "SENESI Stéphane" [email protected] | | | | | | | Cc: "Michael Albinus" [email protected] , [email protected] | | | | | | | Envoyé: Mardi 7 Octobre 2014 21:56:39 | | | | | | | Objet: Re: Using a 'bastion' - issue when providing password | | | | | | | I'm hoping that it can be made to work somehow, just need to figure out | | | | | | | how. Get "ssh rt" working outside Emacs, then perhaps it works inside | | | | | | | Emacs, too. | | | | | | | You could try "ssh -vvv rt" for a start, that should show you a number | | | | | | | of debug messages. | | | | | | I did that. It does not work, either: | | | | | | - when the ProxyCommad includes option '-t' : it ends with | | | "Pseudo-terminal | | | will not be allocated because stdin is not a terminal." | | | | | | - when it does not : just hanging | | | | | | | You could try to change the ProxyCommand to add "-vvv" to the ssh | | | | | | | command in there. | | | | | | | You could compare whatever you get from "ssh rt" with what you get when | | | | | | | you type the proxy command manually (use the same "-vvv" in both | | | | cases). | | | | | | I rather compared the outputs of "ssh -vvv" in two cases , on labeled | | | 'working-case' in attachments where the command is issued outside of | | | Emacs, | | | and another called 'telnet-case', from a telnet session in Emacs. There | | | is | | | a | | | significant additional block of debug info in the telnet-case, beginning | | | after " SSH2_MSG_NEWKEYS received" . Upstream of that, there are small | | | differences on two lines of debug info, on the first figures : | | | | | | debug2: dh_gen_key: priv key bits set: 119/256 (working case shows : | | | 138/256) | | | | | | debug2: bits set: 1013/2048 (working case shows : 1040/2048) | | | | | | Are you able to interpret that (or other details in the attachments) ? | | | | | | Best regards, and , again, thanks | | | | | | S | | | | | | | Am I making sense? Does this explain the approach I'm thinking about? | | | | | | | Kai | | | | | | | On 7 Oct 2014, at 11:02, SENESI Stéphane wrote: | | | | | | | > Hello Kai | | | | | | | > | | | | | | | > Thanks for the hint but it does not work : after configuring that | | | | | | | > entry with the suggested ProxyCommand, invoking "ssh rt" just hangs | | | | | | | > (even outside of Emacs). | | | | | | | > | | | | | | | > And, also, in the former setting, changing the value of | | | | | | | > tramp-local-end-of-line from Ctrl-J to Ctrl-M did not succeed either. | | | | | | | > | | | | | | | > I had my network people here issue a ticket to the bastion | | | | | | | > manufacturer user support, but am not fully optimistic about getting | | | | > a | | | | | | | > workable reply ... | | | | | | | > | | | | | | | > So any further idea is still welcome... | | | | | | | > | | | | | | | > Regards | | | | | | | > | | | | | | | > S | | | | | | | > | | | | | | | > ----- Mail original ----- | | | | | | | > | | | | | | | > | De: "Kai Großjohann" [email protected] | | | | | | | > | À: "SENESI Stéphane" [email protected] | | | | | | | > | Cc: "Michael Albinus" [email protected] , [email protected] | | | | | | | > | Envoyé: Lundi 6 Octobre 2014 23:50:17 | | | | | | | > | Objet: Re: Using a 'bastion' - issue when providing password | | | | | | | > | | | | | | | > | I think Michael meant that you create an additional ~/.ssh/config | | | | | | | > entry | | | | | | | > | beyond the "bel" one that you've got already. | | | | | | | > | | | | | | | > | If I recall correctly, you had to do ssh -t bel real@target , and | | | | | | | > bel was an | | | | | | | > | entry in ~/.ssh/config . | | | | | | | > | | | | | | | > | So: create a new entry "rt" in ~/.ssh/config that does ssh -t bel | | | | | | | > real@target | | | | | | | > | behind the scenes :-) | | | | | | | > | | | | | | | > | How to do that? Hmmm. | | | | | | | > | Host rt | | | | | | | > | ProxyCommand ssh -t bel real@target | | | | | | | > | | | | | | | > | Maybe that works, I'm not sure. | | | | | | | > | | | | | | | > | Kai | | | | | | | > | | | | | | | > | On 3 Oct 2014, at 15:50, SENESI Stéphane wrote: | | | | | | | > | | Hi Michael | | | | | | | > | | | | | | | | > | | | | | | | > | | Thanks for taking time for user support during your vacation !! | | | | | | | > | | | | | | | | > | | Three remarks : | | | | | | | > | | | | | | | | > | | | | | | | > | | ----- Mail original ----- | | | | | | | > | | | | | | | | > | | | | | | | > | | | De: "Michael Albinus" [email protected] | | | | | | | > | | | | | | | | > | | | À: "SENESI Stéphane" [email protected] | | | | | | | > | | | | | | | | > | | | Cc: [email protected] | | | | | | | > | | | | | | | | > | | | Envoyé: Vendredi 3 Octobre 2014 13:39:20 | | | | | | | > | | | | | | | | > | | | Objet: Re: Using a 'bastion' - issue when providing password | | | | | | | > | | | | | | | | > | | | | | | | > | | | Hi Stéphane, | | | | | | | > | | | | | | | | > | | | | | | | > | | | I am on vacations just now (btw, in France :-) | | | | | | | > | | | | | | | | > | | Enjoy ! but mind that weather will become rainy from Sunday for | | | | | | | > most parts | | | | | | | > | | of | | | | | | | > | | France | | | | | | | > | | | | | | | | > | | | | | | | > | | | so I cannot check in detail until I return. For the time being | | | | | | | > you might | | | | | | | > | | | try | | | | | | | > | | | | | | | | > | | | to add an entry to ~/.ssh/config for your bastion host, which | | | | | | | > fires the | | | | | | | > | | | | | | | | > | | | needed command. | | | | | | | > | | | | | | | | > | | As far as I understand, these bastion won't accept the user to | | | | | | | > isseu | | | | | | | > | | command, | | | | | | | > | | either directly or not, but only react to one of the two options | | | | > | | I | | | | | | | > quoted | | | | | | | > | | (providing user@hots on first ssh command, or choosing an entry | | | | > | | in | | | | | | | > a | | | | | | | > | | user@host's list | | | | | | | > | | | | | | | | > | | | | | | | > | | | Furthermore, there is a variable tramp-password-end-of-line (or | | | | | | | > so), | | | | | | | > | | | maybe | | | | | | | > | | | | | | | | > | | | you could tweak it somehow. | | | | | | | > | | | | | | | | > | | Do you refer to : | | | | | | | > | | | | | | | | > | | .... | | | | | | | > | | | | | | | | > | | (process-send-string | | | | | | | > | | | | | | | | > | | proc (concat (tramp-read-passwd proc) tramp-local-end-of-line)) | | | | | | | > | | | | | | | | > | | If yes, my value for tramp-local-end-of-line is C-j, which seems | | | | | | | > sensible | | | | | | | > | | .... If not, where is the best place to change it ? | | | | | | | > | | | | | | | | > | | | | | | | > | | Best regards | | | | | | | > | | | | | | | | > | | | | | | | > | | S | | | | | | | > | | | | | | | | > | | | | | | | > | | | Best regards, Michael. | | | | | | | > | | | | | | | | > | | -- | | | | | | | > | | | | | | | | > | | ----- Météo-France ----- | | | | | | | > | | | | | | | | > | | SENESI STEPHANE | | | | | | | > | | | | | | | | > | | CNRM/GMGEC/ASTER | | | | | | | > | | | | | | | | > | | [email protected] | | | | | | | > | | | | | | | | > | | Fixe : +33 561079931 | | | | | | | > | | | | | | | | > | | | | | | | > | | Tramp-devel mailing list | | | | | | | > | | | | | | | | > | | [email protected] | | | | | | | > | | | | | | | | > | | https://lists.gnu.org/mailman/listinfo/tramp-devel | | | | | | | > | | | | | | | | > | | | | | | | > -- | | | | | | | > ----- Météo-France ----- | | | | | | | > SENESI STEPHANE | | | | | | | > CNRM/GMGEC/ASTER | | | | | | | > [email protected] | | | | | | | > Fixe : +33 561079931 | | | | | | -- | | | | | | ----- Météo-France ----- | | | | | | SENESI STEPHANE | | | | | | CNRM/GMGEC/ASTER | | | | | | [email protected] | | | | | | Fixe : +33 561079931 | | | | | | [working-case] | | | | | | [telnet-case] | | | | -- | ----- Météo-France ----- | SENESI STEPHANE | CNRM/GMGEC/ASTER | [email protected] | Fixe : +33 561079931 | _______________________________________________ | Tramp-devel mailing list | [email protected] | https://lists.gnu.org/mailman/listinfo/tramp-devel -- ----- Météo-France ----- SENESI STEPHANE CNRM/GMGEC/ASTER [email protected] Fixe : +33 561079931
ssh_rt_-t
Description: Binary data
ssh_rt_-t_-t
Description: Binary data
ssh_-t_-vvv_real@bastion_real@target
Description: Binary data
_______________________________________________ Tramp-devel mailing list [email protected] https://lists.gnu.org/mailman/listinfo/tramp-devel
