[opensuse-kde3] sftp url parsing (with included port) broken in 11.3 kde3 - fish OK - howto work around?
Ilya, all, I've run across a strange issue with sftp on 11.3 kde3 after recent updates. Attempting to connect to my server on my LAN with sftp, I get the following error: Unexpected sftp error: 2 - konqueror Error encountered while talking to ssh I don't know what recent update may have caused this (I suspect openssl), but it isn't suse specific. It also broke on Arch. The strange thing with both is 'fish' works fine -- even on a non-standard port. (apparently fish respects ~/.ssh/config) Another data point I have is that sftp still works fine with 11.0. So I guess whatever update 11.3 got that 11.0 didn't is causing the issue. I've checked syslog and nothing gets logged with the failure. It looks like a command line parsing issue. In konqueror, if I enter the url in the following form (as I've done for at least 4 years): sftp://user@host:port/dir1/dir2 sftp gives the error. However in 11.3 if I use the command line and do: sftp -Pport user@host:/dir1/dir2 I connect just fine. So it looks like the string kde3 now sends to ssh isn't working anymore. Ahah!! I just checked another box from 11.3 that uses the default port 22 as the ssh port and I can connect in konqueror in 11.3 via sftp just fine! Bingo. So I guess I need to know where I can try and fix this?? It seems that whatever changed in ssh no longer lets kde3 specify sftp locations as: sftp://user@host:port/dir1/dir2 Any thoughts on how I can work around this problem?? -- David C. Rankin, J.D.,P.E. Rankin Law Firm, PLLC 510 Ochiltree Street Nacogdoches, Texas 75961 Telephone: (936) 715-9333 Facsimile: (936) 715-9339 www.rankinlawfirm.com -- To unsubscribe, e-mail: opensuse-kde3+unsubscribe@opensuse.org For additional commands, e-mail: opensuse-kde3+help@opensuse.org
On 10/07/2010 03:00 PM, David C. Rankin wrote:
I don't know what recent update may have caused this (I suspect openssl), but it isn't suse specific. It also broke on Arch. The strange thing with both is 'fish' works fine -- even on a non-standard port. (apparently fish respects ~/.ssh/config)
I should be clear. I run ssh on high ports 6500+ and have for years (keeps the script kiddies at bay). This bug effects kde3 sftp where ssh (of the remote host) is on a non-standard port (not 22). I have all my places setup with sftp as: sftp://host:port/dir which have worked since the dawn of time in kde3 konqueror, kate, kwrite, etc... Now if you attempt to connect with a remote host on a non-standard port you get the error: Unexpected sftp error: 2 - konqueror Error encountered while talking to ssh However if ssh for the remote host is on port 22, then sftp://host/dir works just fine. stfp still works fine in gnome and kde4 with the host:port format, it is just kde3 that is impacted on 11.3. Also, scp, rsync, etc.. all continue to work fine and all respect the ~/.ssh/config Host/Port pairs. So something changed that breaks kde3's use of the 'sftp://host:port/dir' url format when (port != 22). Let me know if I can send anything else or run further tests that might help. -- David C. Rankin, J.D.,P.E. Rankin Law Firm, PLLC 510 Ochiltree Street Nacogdoches, Texas 75961 Telephone: (936) 715-9333 Facsimile: (936) 715-9339 www.rankinlawfirm.com -- To unsubscribe, e-mail: opensuse-kde3+unsubscribe@opensuse.org For additional commands, e-mail: opensuse-kde3+help@opensuse.org
On 10/07/2010 03:41 PM, David C. Rankin wrote:
I don't know what recent update may have caused this (I suspect openssl),
but it isn't suse specific. It also broke on Arch. The strange thing with both is 'fish' works fine -- even on a non-standard port. (apparently fish respects ~/.ssh/config)
Installed the rebuilt packages from the 11.3 kde3 repo today (release 92) -- same problem. Any guesses? -- David C. Rankin, J.D.,P.E. Rankin Law Firm, PLLC 510 Ochiltree Street Nacogdoches, Texas 75961 Telephone: (936) 715-9333 Facsimile: (936) 715-9339 www.rankinlawfirm.com -- To unsubscribe, e-mail: opensuse-kde3+unsubscribe@opensuse.org For additional commands, e-mail: opensuse-kde3+help@opensuse.org
On 10/07/2010 04:41 PM, David C. Rankin wrote:
On 10/07/2010 03:41 PM, David C. Rankin wrote:
I don't know what recent update may have caused this (I suspect openssl),
but it isn't suse specific. It also broke on Arch. The strange thing with both is 'fish' works fine -- even on a non-standard port. (apparently fish respects ~/.ssh/config)
Installed the rebuilt packages from the 11.3 kde3 repo today (release 92) -- same problem. Any guesses?
Ilya, Robert: I have isolated the issue to a particular ssh host. I have been able to connect with others. I think the issue is a problem with the know_hosts file on the (remote) box. Sorry for the false alarm. I'll confirm what the issue was in a follow up once I have it sorted. -- David C. Rankin, J.D.,P.E. Rankin Law Firm, PLLC 510 Ochiltree Street Nacogdoches, Texas 75961 Telephone: (936) 715-9333 Facsimile: (936) 715-9339 www.rankinlawfirm.com -- To unsubscribe, e-mail: opensuse-kde3+unsubscribe@opensuse.org For additional commands, e-mail: opensuse-kde3+help@opensuse.org
On 10/08/2010 10:17 AM, David C. Rankin wrote:
On 10/07/2010 04:41 PM, David C. Rankin wrote:
On 10/07/2010 03:41 PM, David C. Rankin wrote:
I don't know what recent update may have caused this (I suspect openssl),
but it isn't suse specific. It also broke on Arch. The strange thing with both is 'fish' works fine -- even on a non-standard port. (apparently fish respects ~/.ssh/config)
Installed the rebuilt packages from the 11.3 kde3 repo today (release 92) -- same problem. Any guesses?
Ilya, Robert:
I have isolated the issue to a particular ssh host. I have been able to connect with others. I think the issue is a problem with the know_hosts file on the (remote) box. Sorry for the false alarm. I'll confirm what the issue was in a follow up once I have it sorted.
OK, I need help figuring out why konqueror won't connect to my server. The client (zephyr) server (nirvana). I can ssh from zephyr to nirvana just fine: 10:20 zephyr:~> ssh -v nirvana OpenSSH_5.4p1, OpenSSL 1.0.0 29 Mar 2010 debug1: Reading configuration data /home/david/.ssh/config debug1: Applying options for nirvana debug1: Reading configuration data /etc/ssh/ssh_config debug1: Applying options for * debug1: Connecting to nirvana [192.168.6.17] port 6710. debug1: Connection established. debug1: identity file /home/david/.ssh/id_rsa type -1 debug1: identity file /home/david/.ssh/id_rsa-cert type -1 debug1: identity file /home/david/.ssh/id_dsa type 2 debug1: identity file /home/david/.ssh/id_dsa-cert type -1 debug1: Remote protocol version 2.0, remote software version OpenSSH_5.6 debug1: match: OpenSSH_5.6 pat OpenSSH* debug1: Enabling compatibility mode for protocol 2.0 debug1: Local version string SSH-2.0-OpenSSH_5.4 debug1: SSH2_MSG_KEXINIT sent debug1: SSH2_MSG_KEXINIT received debug1: kex: server->client aes128-ctr hmac-md5 none debug1: kex: client->server aes128-ctr hmac-md5 none debug1: SSH2_MSG_KEX_DH_GEX_REQUEST(1024<1024<8192) sent debug1: expecting SSH2_MSG_KEX_DH_GEX_GROUP debug1: SSH2_MSG_KEX_DH_GEX_INIT sent debug1: expecting SSH2_MSG_KEX_DH_GEX_REPLY debug1: Host '[nirvana]:6710' is known and matches the RSA host key. debug1: Found key in /home/david/.ssh/known_hosts:1 debug1: ssh_rsa_verify: signature correct debug1: SSH2_MSG_NEWKEYS sent debug1: expecting SSH2_MSG_NEWKEYS debug1: SSH2_MSG_NEWKEYS received debug1: Roaming not allowed by server debug1: SSH2_MSG_SERVICE_REQUEST sent debug1: SSH2_MSG_SERVICE_ACCEPT received debug1: Authentications that can continue: publickey,password debug1: Next authentication method: publickey debug1: Trying private key: /home/david/.ssh/id_rsa debug1: Offering public key: /home/david/.ssh/id_dsa debug1: Server accepts key: pkalg ssh-dss blen 433 debug1: read PEM private key done: type DSA debug1: Authentication succeeded (publickey). debug1: channel 0: new [client-session] debug1: Requesting no-more-sessions@openssh.com debug1: Entering interactive session. debug1: Sending environment. debug1: Sending env LANG = en_US.UTF-8 Last login: Fri Oct 8 10:20:03 2010 from zephyr.3111skyline.com So the question is - if I can connect from konsole, why is konqueror refusing to connect? -- David C. Rankin, J.D.,P.E. Rankin Law Firm, PLLC 510 Ochiltree Street Nacogdoches, Texas 75961 Telephone: (936) 715-9333 Facsimile: (936) 715-9339 www.rankinlawfirm.com -- To unsubscribe, e-mail: opensuse-kde3+unsubscribe@opensuse.org For additional commands, e-mail: opensuse-kde3+help@opensuse.org
On 10/08/2010 10:28 AM, David C. Rankin wrote:
On 10/08/2010 10:17 AM, David C. Rankin wrote:
On 10/07/2010 04:41 PM, David C. Rankin wrote:
On 10/07/2010 03:41 PM, David C. Rankin wrote:
I don't know what recent update may have caused this (I suspect openssl),
but it isn't suse specific. It also broke on Arch. The strange thing with both is 'fish' works fine -- even on a non-standard port. (apparently fish respects ~/.ssh/config)
AARGH - nevermind. Some idiot had messed up the localhost line in /etc/hosts ;-) it was 127.0.0.1 host.domain localhost host changed to 127.0.0.1 localhost host and it works again. God knows how long it was like that, or what caused konqueror to start throwing errors when gnome/kde4/etc.. just kept working. I guess k3 is just the only desktop smart enough to check for the inconsistency :p -- David C. Rankin, J.D.,P.E. Rankin Law Firm, PLLC 510 Ochiltree Street Nacogdoches, Texas 75961 Telephone: (936) 715-9333 Facsimile: (936) 715-9339 www.rankinlawfirm.com -- To unsubscribe, e-mail: opensuse-kde3+unsubscribe@opensuse.org For additional commands, e-mail: opensuse-kde3+help@opensuse.org
On 10/07/2010 03:41 PM, David C. Rankin wrote:
On 10/07/2010 03:00 PM, David C. Rankin wrote:
I don't know what recent update may have caused this (I suspect openssl), but it isn't suse specific. It also broke on Arch. The strange thing with both is 'fish' works fine -- even on a non-standard port. (apparently fish respects ~/.ssh/config)
I should be clear. I run ssh on high ports 6500+ and have for years (keeps the script kiddies at bay). This bug effects kde3 sftp where ssh (of the remote host) is on a non-standard port (not 22). I have all my places setup with sftp as:
sftp://host:port/dir
which have worked since the dawn of time in kde3 konqueror, kate, kwrite, etc... Now if you attempt to connect with a remote host on a non-standard port you get the error:
Unexpected sftp error: 2 - konqueror
Error encountered while talking to ssh
However if ssh for the remote host is on port 22, then
sftp://host/dir
works just fine. stfp still works fine in gnome and kde4 with the host:port format, it is just kde3 that is impacted on 11.3. Also, scp, rsync, etc.. all continue to work fine and all respect the ~/.ssh/config Host/Port pairs.
So something changed that breaks kde3's use of the 'sftp://host:port/dir' url format when (port != 22).
Let me know if I can send anything else or run further tests that might help.
It does seem that a problem remains in kdebase/kioslave/sftp that makes sftp to non-standard ports incompatible with openssh 5.6. Researching prior problems created by openssh version changes, I ran across this old gentoo description of the same error: They fixed: ksshprocess.cpp line 101 "ssh-userauth2 successful:" change to: "Authentication succeeded" (to cure the problem with openssh 3.6) It looks like a similar change has been made here that breaks sftp to non-standard ports in konqueror/kwrite/kate/etc... Looking at ksshprocess.cpp, there is an array of accepted responses for success & failed: const char * const KSshProcess::authSuccessMsg[] = { "Authentication succeeded", "ssh-userauth2 successful", "Received SSH_CROSS_AUTHENTICATED packet" }; const char* const KSshProcess::authFailedMsg[] = { "Permission denied (", "Permission denied (", "Authentication failed." }; Two questions: (1) how do I get the response from konqueror's failed sftp to high ports to tell if the response is matching one of the success strings?; and (2) have there been any changes/patches to ksshprocess.cpp in the opensuse KDE:/KDE3/openSUSE_11.3/ srpms? Also, since I was able to connect using i586 packages, this may be an x86_64 only issue. Let me know your thoughts. -- David C. Rankin, J.D.,P.E. Rankin Law Firm, PLLC 510 Ochiltree Street Nacogdoches, Texas 75961 Telephone: (936) 715-9333 Facsimile: (936) 715-9339 www.rankinlawfirm.com -- To unsubscribe, e-mail: opensuse-kde3+unsubscribe@opensuse.org For additional commands, e-mail: opensuse-kde3+help@opensuse.org
On 10/12/2010 01:26 PM, David C. Rankin wrote:
(1) how do I get the response from konqueror's failed sftp to high ports to tell if the response is matching one of the success strings?; and
Forgot to mention - I've tried wireshark, but the encrypted packets are impossible for me to make sense of. -- David C. Rankin, J.D.,P.E. Rankin Law Firm, PLLC 510 Ochiltree Street Nacogdoches, Texas 75961 Telephone: (936) 715-9333 Facsimile: (936) 715-9339 www.rankinlawfirm.com -- To unsubscribe, e-mail: opensuse-kde3+unsubscribe@opensuse.org For additional commands, e-mail: opensuse-kde3+help@opensuse.org
participants (1)
-
David C. Rankin