#StackBounty: #ssh #ssh-config How to increase the keepalive time with ssh server?

Bounty: 50

I connect to my device through ssh from my machine.
If I am not active for some relatively short time, it closes the session after sometime.

Connection to 10.X.Y.Z closed by remote host.
Connection to 10.X.Y.Z closed.

Is there a way to increase that session hold on timer?

At the moment, I have put the below settings in my ssh config –

ServerAliveInterval 120
ServerAliveCountMax 720

But it is not helping me.


Get this bounty!!!

#StackBounty: #go #ssh #sftp Difference between NewChannel vs Request in ssh sftp server

Bounty: 50

I’m looking at go sftp server example code

https://github.com/pkg/sftp/blob/master/examples/go-sftp-server/main.go

There are section of code which are unclear to me

_, chans, reqs, err := ssh.NewServerConn(nConn, config)
if err != nil {
    log.Fatal("failed to handshake", err)
}
fmt.Fprintf(debugStream, "SSH server establishedn")

// The incoming Request channel must be serviced.
go ssh.DiscardRequests(reqs)

// Service the incoming Channel channel.
for newChannel := range chans {
    ...
}

First: With ssh.NewServerConn, if NewChannel(chans) represent new request to the channel what is Request reqs. So what is difference between chans and reqs here.

Second: Why is the need to ssh.DiscardRequests(reqs)


Get this bounty!!!

#StackBounty: #ssh #remote-desktop #python #gpu #vnc Sharing my computer with someone to run heavy CPU/GPU compute while I continue to …

Bounty: 300

I’d like to give access to my powerful Windows 10 Pro machine to someone from the outside (who I trust completely) to run Python/PyTorch programs, using the GPU for compute.

The key is that I’d like to continue using the machine while that person runs compute loads on it: as far as I know, that requirement excludes all forms of RDP/VNC, but I’m not sure about that (especially RDP): could you confirm/deny?

I was thinking of running a SSH server. Would that work?


Get this bounty!!!

#StackBounty: #networking #ssh #ufw Curl works, but not pages in a web browser

Bounty: 50

I’m running Ubuntu 20.04.1 LTS on a Linode server and OpenLiteSpeed openlitespeed.org.

I’m getting timeouts for example.com:8088 and example.com:7080, the two OpenLightSpeed admin and config pages, in a browser.

But running
curl 127.0.0.1
gives me the text of the index.html file at root, and
curl http://localhost:8088
gives me the html dump of the OpenLiteSpeed admin page.

So curl works, but I can’t connect to example.com:8088 and example.com:7080 in a browser.

Apache is running, but OpenLightSpeed hasn’t yet been configured to use port 80, since I can’t get to the admin pages.

ufw status shows:

65500                ALLOW        Anywhere                 
443                    ALLOW        Anywhere                 
443/tcp                ALLOW        Anywhere                 
7080/tcp            ALLOW        Anywhere                 
8088/tcp            ALLOW        Anywhere                 
OpenSSH        ALLOW        Anywhere                 
80/tcp                ALLOW        Anywhere                 
65500 (v6)        ALLOW        Anywhere (v6)            
443 (v6)            ALLOW        Anywhere (v6)            
443/tcp (v6)        ALLOW        Anywhere (v6)            
7080/tcp (v6)    ALLOW        Anywhere (v6)            
8088/tcp (v6)    ALLOW        Anywhere (v6)            
OpenSSH (v6)    ALLOW        Anywhere (v6)            
80/tcp (v6)        ALLOW        Anywhere (v6)

Completely disabling ufw makes no difference with the issue.

Any ideas?


Get this bounty!!!

#StackBounty: #linux #ssh #raspberry-pi #tunnel #ngrok ngrok kex_exchange_identification: read: Connection reset by peer

Bounty: 250

I’ve got a raspi (in my robot project) connected to the internet over a 3G connection using a dongle with a simcard. I then use ngrok to expose ssh to a static address so that I can always ssh into it using:

ssh -p 29xxx pi@1.tcp.ngrok.io

That has always worked great for me. Today I wanted to do another test with my robot, but I can’t ssh into the machine through ngrok anymore. It just gives me kex_exchange_identification: Connection closed by remote host

So this is what I did to debug it:

  1. I can ssh into it over the local network fine, so I guess sshd on the pi itself is not the problem.
  2. I checked the ngrok website to see if the pi connected to the ngrok network. It lists the connection saying it was established a couple minutes ago.
  3. I ssh’ed into the pi over the local network, stopped the tunnel and then manually started it to see the logs. It shows me this:
pi@myrobot:~$ ngrok tcp -remote-addr=1.tcp.ngrok.io:29xxx --log=stdout 22
INFO[09-11|09:39:33] no configuration paths supplied
INFO[09-11|09:39:33] using configuration at default config path path=/home/pi/.ngrok2/ngrok.yml                                                                             
INFO[09-11|09:39:33] open config file                         path=/home/pi/.ngrok2/ngrok.yml err=nil                                                                       
t=2020-09-11T09:39:33+0000 lvl=info msg="starting web service" obj=web addr=127.0.0.1:4040                                                                                  
t=2020-09-11T09:39:34+0000 lvl=info msg="tunnel session started" obj=tunnels.session
t=2020-09-11T09:39:34+0000 lvl=info msg="client session established" obj=csess id=1b6463ec0724                                                                              
t=2020-09-11T09:39:34+0000 lvl=info msg="started tunnel" obj=tunnels name=command_line addr=//localhost:22 url=tcp://1.tcp.ngrok.io:29xxx                                   
t=2020-09-11T09:39:38+0000 lvl=warn msg="failed to check for update" obj=updater err="Post https://update.equinox.io/check: context deadline exceeded"                      
  1. I then tried ssh’ing into the pi over the internet again using verbose output (ssh -v -p 29xxx pi@1.tcp.ngrok.io), which gives me the following output:
$ ssh -v -p 29xxx pi@1.tcp.ngrok.io
OpenSSH_8.2p1 Ubuntu-4ubuntu0.1, OpenSSL 1.1.1f  31 Mar 2020
debug1: Reading configuration data /etc/ssh/ssh_config
debug1: /etc/ssh/ssh_config line 19: include /etc/ssh/ssh_config.d/*.conf matched no files
debug1: /etc/ssh/ssh_config line 21: Applying options for *
debug1: Connecting to 1.tcp.ngrok.io [3.13.191.xxx] port 29xxx.
debug1: Connection established.
debug1: identity file /home/kramer65/.ssh/id_rsa type 0
debug1: identity file /home/kramer65/.ssh/id_rsa-cert type -1
debug1: identity file /home/kramer65/.ssh/id_dsa type -1
debug1: identity file /home/kramer65/.ssh/id_dsa-cert type -1
debug1: identity file /home/kramer65/.ssh/id_ecdsa type -1
debug1: identity file /home/kramer65/.ssh/id_ecdsa-cert type -1
debug1: identity file /home/kramer65/.ssh/id_ecdsa_sk type -1
debug1: identity file /home/kramer65/.ssh/id_ecdsa_sk-cert type -1
debug1: identity file /home/kramer65/.ssh/id_ed25519 type -1
debug1: identity file /home/kramer65/.ssh/id_ed25519-cert type -1
debug1: identity file /home/kramer65/.ssh/id_ed25519_sk type -1
debug1: identity file /home/kramer65/.ssh/id_ed25519_sk-cert type -1
debug1: identity file /home/kramer65/.ssh/id_xmss type -1
debug1: identity file /home/kramer65/.ssh/id_xmss-cert type -1
debug1: Local version string SSH-2.0-OpenSSH_8.2p1 Ubuntu-4ubuntu0.1
kex_exchange_identification: Connection closed by remote host

In the terminal on the pi I see nothing happening. But the output above also suggests that it never actually reaches the pi.

Could it be that ngrok doesn’t pass on the connection properly? Is the problem in the pi? or on my laptop locally? All tips are welcome!

[EDIT]

After some more debugging I found the problem has to be with the mobile connection. When I remove the 3G-dongle and connect the pi to the internet over wifi I can perfectly ssh into it using the ngrok address. But when I connect over 3G I cannot. I checked whether the internet over 3G works by ssh’ing into the pi over the wifi network and using curl ip.me to check whether the public ip changes when I connect over 3G (plus, a ping to 8.8.8.8 increases from 10ms to about 40ms).

I also checked the syslog and that doesn’t say the anything about the incoming message (I would expect a Started Session c7 of user pi). Furthermore, when I start the ngrok tunnel over 3G it adds the line below to the output. The rest (including "client session established") is the same though

lvl=warn msg="failed to check for update" obj=updater err="Post https://update.equinox.io/check: context deadline exceeded"

So why would the tunnel fail over 3G? Could it be that my telco closes all kinds of ports or blocks traffic? Any way of debugging this further?


Get this bounty!!!

#StackBounty: #ssh #12.04 ssh intermittent blocking connections

Bounty: 50

I’m having intermittent problems with ssh in an "old" server running Ubuntu 12.04. I am getting this error message ssh_exchange_identification: Connection closed by remote host in most attempts. But from time to time I can connect by using ssh -vvv.

This server (ventus) is part of a cluster whose nodes (ventus2-5) were configured with ssh-keygen to ssh without asking for a password, it was running fine until this week. Now I can ssh from the main node (ventus) to any of ventus2-5 but it is not possible to ssh from the other nodes to ventus.

This is the output of ssh -v from node 5 (ventus5) to the main node (ventus)

meteo@ventus5:~$ ssh -v ventus
OpenSSH_5.9p1 Debian-5ubuntu1.1, OpenSSL 1.0.1 14 Mar 2012
debug1: Reading configuration data /etc/ssh/ssh_config
debug1: /etc/ssh/ssh_config line 19: Applying options for *
debug1: Connecting to ventus [192.168.1.1] port 22.
debug1: Connection established.
debug1: identity file /home/meteo/.ssh/id_rsa type 1
debug1: Checking blacklist file /usr/share/ssh/blacklist.RSA-2048
debug1: Checking blacklist file /etc/ssh/blacklist.RSA-2048
debug1: identity file /home/meteo/.ssh/id_rsa-cert type -1
debug1: identity file /home/meteo/.ssh/id_dsa type -1
debug1: identity file /home/meteo/.ssh/id_dsa-cert type -1
debug1: identity file /home/meteo/.ssh/id_ecdsa type -1
debug1: identity file /home/meteo/.ssh/id_ecdsa-cert type -1
ssh_exchange_identification: Connection closed by remote host

trying ssh -vvv I get the same error most times but from time to time is it possible to connect, both from cluster nodes or external IP (PINAR host trying to connect to ventus)

meteo@PINAR:~$ ssh -vvv ventus
OpenSSH_8.2p1 Ubuntu-4ubuntu0.1, OpenSSL 1.1.1f  31 Mar 2020
debug1: Reading configuration data /etc/ssh/ssh_config
debug1: /etc/ssh/ssh_config line 19: include /etc/ssh/ssh_config.d/*.conf matched no files
debug1: /etc/ssh/ssh_config line 21: Applying options for *
debug2: resolving "ventus" port 22
debug2: ssh_connect_direct
debug1: Connecting to ventus [XXX.XXX.XXX.XXX] port 22.
debug1: Connection established.
debug1: identity file /home/meteo/.ssh/id_rsa type -1
debug1: identity file /home/meteo/.ssh/id_rsa-cert type -1
debug1: identity file /home/meteo/.ssh/id_dsa type -1
debug1: identity file /home/meteo/.ssh/id_dsa-cert type -1
debug1: identity file /home/meteo/.ssh/id_ecdsa type -1
debug1: identity file /home/meteo/.ssh/id_ecdsa-cert type -1
debug1: identity file /home/meteo/.ssh/id_ecdsa_sk type -1
debug1: identity file /home/meteo/.ssh/id_ecdsa_sk-cert type -1
debug1: identity file /home/meteo/.ssh/id_ed25519 type -1
debug1: identity file /home/meteo/.ssh/id_ed25519-cert type -1
debug1: identity file /home/meteo/.ssh/id_ed25519_sk type -1
debug1: identity file /home/meteo/.ssh/id_ed25519_sk-cert type -1
debug1: identity file /home/meteo/.ssh/id_xmss type -1
debug1: identity file /home/meteo/.ssh/id_xmss-cert type -1
debug1: Local version string SSH-2.0-OpenSSH_8.2p1 Ubuntu-4ubuntu0.1
kex_exchange_identification: Connection closed by remote host

from iptables -nL I found this

Chain sshguard (1 references)

DROP       all  --  192.168.1.1          0.0.0.0/0  

Have tried different options for iptables and removed this last line but the problem persists.

Any idea will be very welcome, thanks in advance


Get this bounty!!!

#StackBounty: #bash #ssh #zsh #source Source a file after ssh login drops to prompt

Bounty: 50

One-liner question: How do I automatically source a remote file on remote host after logging in via SSH via a bastion host?

I need to source a file containing a list of aliases + shell user defined functions on a remote host after ssh-ing into it.

The file exists on remote maching in /tmp folder e.g. /tmp/my-rc

Searching other posts and internet I have found

ssh -t user@domain.com 'source /tmp/my-rc; bash -l'

The problem is that I do get a terminal, but none of the aliases are set since it’s a new bash shell’

Thinking, that the source should be done after the shell is attached, tried the below but this also doesn’t work. There is no error, I get the terminal but don’t think the file got sourced (verified by echoing dummy message from /tmp/my-rc file)

ssh -t user@domain.com 'bash -l; source /tmp/my-rc'

Even tried with ‘.’ instead of source, no luck.

Any help.

Note1: Bash or ZSH any shell solution would do.

Note2: The actuall ssh is via a proxy command i.e. a hop over bastion host (Just mentioning if it is relevant at all)

Note3: I don’t have privilage of a profile rc or bashrc or even a home directory on the remote host.


Get this bounty!!!

#StackBounty: #macos #ssh #openssh Set PATH when SSH into MacOS

Bounty: 50

My problem is

$ ssh localhost fswatch          
bash: fswatch: command not found

when without SSH command (i.e. fswatch) works fine.

I found that PATH in SSH session is default Mac’s

$ ssh localhost echo $PATH        
/usr/bin:/bin:/usr/sbin:/sbin

since without SSH

$ echo $PATH
/Users/kyb/bin:/usr/local/bin:/usr/bin:/bin:/usr/sbin:/sbin

I really do not remember how have I set up the PATH, but sure ~/.bashrc and ~/.bash_profile do not edit PATH variable. There is a config file /etc/paths:

$ cat /etc/paths         
/usr/local/bin
/usr/bin
/bin
/usr/sbin
/sbin

Homebrew, npm, pip usually install programs to /usr/local/bin, so all installed programs are there and I can’t access them via ssh localhost command on my MacOS. There is no problem with Linux.

So my question is how to configure OpenSSH to use PATHs from /etc/paths and /etc/paths.d?

I also tried to hack:

$ ssh localhost sh -lc 'echo empty;echo $PATH'

/usr/bin:/bin:/usr/sbin:/sbin
$ ssh localhost bash -lc 'echo empty;echo $PATH'

/usr/bin:/bin:/usr/sbin:/sbin

first line is always empty, don’t you know why?

And my final workaround

$ ssh localhost bash -lc ':; 
    export PATH="$( cat /etc/paths /etc/paths.d/* | tr \\n : )"; 
    echo $PATH; 
    fswatch --version'
/usr/local/bin:/usr/bin:/bin:/usr/sbin:/sbin:/opt/X11/bin:/Applications/VMware Fusion.app/Contents/Public
fswatch 1.14.0
Copyright (C) 2013-2018 Enrico M. Crisostomo <enrico.m.crisostomo@gmail.com>.
License GPLv3+: GNU GPL version 3 or later <http://gnu.org/licenses/gpl.html>.
This is free software: you are free to change and redistribute it.
There is NO WARRANTY, to the extent permitted by law.

Written by Enrico M. Crisostomo.

Here first :; is important because first command is somehow dropped from execution

System: MacOS Mojave 10.14.5
ssh -V: OpenSSH_7.9p1, LibreSSL 2.7.3
bash --version GNU bash, version 5.0.7(1)-release (x86_64-apple-darwin18.5.0)


Get this bounty!!!

#StackBounty: #command-line #networking #ssh Meaning of SSH command with 2 IPs

Bounty: 50

Often I have seen ssh commands like:

ssh user1@user2@<one-ip-address>@<second-ip-address

First I thought this is to ssh through another server. But several questions and examples like How do I SSH to machine A via B in one command? gives better solutions for server through ssh.

So, my question is what kind of scenarios we have to use the above kind of ssh commands. What is the destination of the ssh command?


Get this bounty!!!