[opensuse] mc in 13.2: no "shell link"
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Hi, in 13.1, the file menu in 'mc' (midnight commander) has this appearance: Left File Command Optio ┌───────────────────────┐──────.[^]>┐ │ File listing │ │S│Modify │ │ Quick view C-x q│ │R│1 17:20│ │ Info C-x i│e│K│9 13:19│ │ Tree │e│K│8 2006│ ├───────────────────────┤e│K│6 2007│ │ Listing mode... │r│K│9 2012│ │ Sort order... │t│K│8 2006│ │ Filter... │e│K│1 2010│ │ Encoding... M-e │e│K│2 2012│ ├───────────────────────┤r│K│8 2006│ │ FTP link... │l│K│8 2006│ │ Shell link... │a│K│4 2007│ <=== │ SFTP link... │t│K│3 2006│ │ SMB link... │a│K│1 2013│ │ Panelize │x│K│1 21:56│ ├───────────────────────┤a│K│3 2014│ │ Rescan C-r │t│K│3 2006│ └───────────────────────┘e│K│2 2011│ │/.bi~nt│K│ 2006││/.bi~nt│K│3 2006│ │/.bl~sh│K│ 2006││/.bl~sh│K│8 2006│ while in 13.2 it has this other appearance: Left File Command Options Right ┌───────────────────────┐ ~ ──────────.[^]>┐ │ File listing │Name │Si│Modify t│ │ Quick view C-x q│. │IR│23 12:45│ │ Info C-x i│cache │~B│ 9 22:34│ │ Tree │config│~B│ 9 20:39│ ├───────────────────────┤dbus │25│23 12:50│ │ Listing mode... │fonts │ 6│23 12:45│ │ Sort order... │gk~lm2│87│ 9 20:49│ │ Filter... │gs~.10│33│23 12:50│ │ Encoding... M-e │local │19│23 12:50│ ├───────────────────────┤mo~lla│39│ 9 20:39│ │ FTP link... │ssh │25│ 9 18:03│ │ SFTP link... │esktop│ 6│23 12:50│ │ SMB link... │oc~nts│19│30 02:43│ │ Panelize │ow~ads│ 6│23 12:50│ ├───────────────────────┤usic │ 6│23 12:50│ │ Rescan C-r │ic~res│ 6│23 12:50│ └───────────────────────┘ublic │ 6│23 12:50│ │/Tem~tes│ 6│23 12:50││/Tem~tes│ 6│23 12:50│ │/Videos │~B│ 9 20:12││/Videos │~B│ 9 20:12│ Notice that the "Shell link..." entry is missing. Why? It is a fresh install with all "patch" updates, running under vmplayer, for testing. ssh on the same terminal works. - -- Cheers Carlos E. R. (from 13.1 x86_64 "Bottle" at Telcontar) -----BEGIN PGP SIGNATURE----- Version: GnuPG v2.0.22 (GNU/Linux) iEYEARECAAYFAlSHcfgACgkQtTMYHG2NR9WgHgCfdv1elEDWnZaGQsT15v3MdlKg qXMAn1+8FV3OPlLWnuAyGp5W+g7mFXg9 =K9Gy -----END PGP SIGNATURE----- -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org
On 12/9/2014 2:04 PM, Carlos E. R. wrote:
Hi,
in 13.1, the file menu in 'mc' (midnight commander) has this appearance:
Left File Command Optio ┌───────────────────────┐──────.[^]>┐ │ File listing │ │S│Modify │ │ Quick view C-x q│ │R│1 17:20│ │ Info C-x i│e│K│9 13:19│ │ Tree │e│K│8 2006│ ├───────────────────────┤e│K│6 2007│ │ Listing mode... │r│K│9 2012│ │ Sort order... │t│K│8 2006│ │ Filter... │e│K│1 2010│ │ Encoding... M-e │e│K│2 2012│ ├───────────────────────┤r│K│8 2006│ │ FTP link... │l│K│8 2006│ │ Shell link... │a│K│4 2007│ <=== │ SFTP link... │t│K│3 2006│ │ SMB link... │a│K│1 2013│ │ Panelize │x│K│1 21:56│ ├───────────────────────┤a│K│3 2014│ │ Rescan C-r │t│K│3 2006│ └───────────────────────┘e│K│2 2011│ │/.bi~nt│K│ 2006││/.bi~nt│K│3 2006│ │/.bl~sh│K│ 2006││/.bl~sh│K│8 2006│
while in 13.2 it has this other appearance:
Left File Command Options Right ┌───────────────────────┐ ~ ──────────.[^]>┐ │ File listing │Name │Si│Modify t│ │ Quick view C-x q│. │IR│23 12:45│ │ Info C-x i│cache │~B│ 9 22:34│ │ Tree │config│~B│ 9 20:39│ ├───────────────────────┤dbus │25│23 12:50│ │ Listing mode... │fonts │ 6│23 12:45│ │ Sort order... │gk~lm2│87│ 9 20:49│ │ Filter... │gs~.10│33│23 12:50│ │ Encoding... M-e │local │19│23 12:50│ ├───────────────────────┤mo~lla│39│ 9 20:39│ │ FTP link... │ssh │25│ 9 18:03│ │ SFTP link... │esktop│ 6│23 12:50│ │ SMB link... │oc~nts│19│30 02:43│ │ Panelize │ow~ads│ 6│23 12:50│ ├───────────────────────┤usic │ 6│23 12:50│ │ Rescan C-r │ic~res│ 6│23 12:50│ └───────────────────────┘ublic │ 6│23 12:50│ │/Tem~tes│ 6│23 12:50││/Tem~tes│ 6│23 12:50│ │/Videos │~B│ 9 20:12││/Videos │~B│ 9 20:12│
Notice that the "Shell link..." entry is missing. Why?
It is a fresh install with all "patch" updates, running under vmplayer, for testing. ssh on the same terminal works.
Sftp is still there. As I understand it, shell link was simply a fish connection. In Dolphin you can still access a remote file system by typing in a url like fish://user@machine/directory and that seems to work but it is not materially different than sftp://user@machine/directory One appears to use ki0_fish.so and the other uses kio_sftp.so Maybe it is just reducing the number of redundancies. There appears to be a gnome module name libsftp.so but I don't see a gnome libfish.so. -- _____________________________________ ---This space for rent--- -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org
On 2014-12-10 02:41, John Andersen wrote:
On 12/9/2014 2:04 PM, Carlos E. R. wrote:
Sftp is still there. As I understand it, shell link was simply a fish connection.
sftp refers to secure ftp, and shell link refers to ssh. Not the same thing. I can not make a connection on sftp, unless I start the correct daemon on destination, whereas sshd is always running on all my machines. Re dolphin, gnome, etc... please remember that 'mc' is a terminal app. I need confirmation if I'm the only one experiencing this, or it is a generalized issue and possible bug, prior to reporting. -- Cheers / Saludos, Carlos E. R. (from 13.1 x86_64 "Bottle" at Telcontar)
On 12/9/2014 7:44 PM, Carlos E. R. wrote:
On 2014-12-10 02:41, John Andersen wrote:
On 12/9/2014 2:04 PM, Carlos E. R. wrote:
Sftp is still there. As I understand it, shell link was simply a fish connection. sftp refers to secure ftp, and shell link refers to ssh. Not the same thing. Two sources suggest that shell link uses fish. http://www.roman-online.net/content/open-shell-link-midnight-commander https://dev.openwrt.org/ticket/8902
SFTP is in fact ssh: https://kb.iu.edu/d/akqg sftp is a dead on duplicate of the fish protocol. http://en.wikipedia.org/wiki/Files_transferred_over_shell_protocol
I can not make a connection on sftp, unless I start the correct daemon on destination, whereas sshd is always running on all my machines.
Since sftp is file transfer over ssh, if you have sshd running, you already have sftp support.
Re dolphin, gnome, etc... please remember that 'mc' is a terminal app.
That was already quite clear. This isn't my first rodeo Carlos.
I need confirmation if I'm the only one experiencing this, or it is a generalized issue and possible bug, prior to reporting.
I confirm that shell link does not appear on mc running in my OS 13.2. -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org
On 2014-12-10 05:12, John M Andersen wrote:
SFTP is in fact ssh:
No. The wikipedia is dead, so I can not show you the links, but there are two different aceptions for that word. One is ssh, the other is an ftp variant. The one on mc is the later meaning, also called ftps on some places. And it simply does not work. The man page says: +++—-—-—-—-—-—-—-—-—-—-—-—-—-—-—- Currently the Midnight Commander is packaged with some Virtual File Systems (VFS): the local file system, used for accessing the regular Unix file system; the ftpfs, used to manipulate files on remote systems with the FTP protocol; the tarfs, used to manipulate tar and compressed tar files; the undelfs, used to recover deleted files on ext2 file systems (the default file system for Linux systems), fish (for manipulating files over shell connections such as rsh and ssh). If the code was compiled with sftpfs (for manipulating files over *SFTP* connections). If the code was compiled with smbfs support, you can manipulate files on remote systems with the SMB (CIFS) protocol. —-—-—-—-—-—-—-—-—-—-—-—-—-—-—-++- See? sftpfs = SFTP.
Since sftp is file transfer over ssh, if you have sshd running, you already have sftp support.
It is not. Of course I have the sshd daemon running. I can connect from any machine but this sftp in 13.2, which is NOT ssh (nor fish). It is the same word, but not the same thing. It means probably that the packager disabled ssh. :-( -- Cheers / Saludos, Carlos E. R. (from 13.1 x86_64 "Bottle" at Telcontar)
On 9 Dec 2014, robin.listas@telefonica.net wrote:
On 2014-12-10 05:12, John M Andersen wrote:
SFTP is in fact ssh:
No. The wikipedia is dead, so I can not show you the links, but there are two different aceptions for that word. One is ssh, the other is an ftp variant. The one on mc is the later meaning, also called ftps on some places.
And it simply does not work.
You need to have: ,---- | Subsystem sftp /usr/lib/ssh/sftp-server `---- uncommented in your /etc/ssh/sshd_config. I have tested it out with the mc in Tumbleweed and it works. Charles -- "MSDOS didn't get as bad as it is overnight -- it took over ten years of careful development." (By dmeggins@aix1.uottawa.ca)
On 2014-12-10 06:04, Charles Philip Chan wrote:
On 9 Dec 2014, robin.listas@ wrote:
You need to have:
,---- | Subsystem sftp /usr/lib/ssh/sftp-server `----
uncommented in your /etc/ssh/sshd_config. I have tested it out with the mc in Tumbleweed and it works.
As a matter of fact, I do have that line not-commented, but I can not use sftp in mc in any system, 13.1 or 13.2 The same entry, tested in 13.1, works in ssh, but not in sftp. -- Cheers / Saludos, Carlos E. R. (from 13.1 x86_64 "Bottle" at Telcontar)
Hi Carlos:
As a matter of fact, I do have that line not-commented, but I can not use sftp in mc in any system, 13.1 or 13.2
The same entry, tested in 13.1, works in ssh, but not in sftp.
Strange, it works for me in the latest Tumbleweed. Do you see anything strange in /var/log/messages? Also, did you enter the url correctly in the form of: ,---- | sftp://[user]@[host]:[port][directory] `---- ? Charles -- "We all know Linux is great...it does infinite loops in 5 seconds." (Linus Torvalds about the superiority of Linux on the Amsterdam Linux Symposium)
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On 12/09/2014 09:35 PM, Charles Philip Chan wrote:
Hi Carlos:
As a matter of fact, I do have that line not-commented, but I can not use sftp in mc in any system, 13.1 or 13.2
The same entry, tested in 13.1, works in ssh, but not in sftp.
Strange, it works for me in the latest Tumbleweed. Do you see anything strange in /var/log/messages? Also, did you enter the url correctly in the form of:
,---- | sftp://[user]@[host]:[port][directory] `----
?
Charles
On my machine, when I click sftp-link it pops up a window, and that window works fine when I enter simply user@host (And, since I have my public key pushed to that host, it never asks for password) I don't have to put the sftp:// part in, and Carlos did put that in, (shown in another posting) and it failed. Maybe try without all that decoration? - -- After all is said and done, more is said than done. -----BEGIN PGP SIGNATURE----- Version: GnuPG v2 iEYEARECAAYFAlSH3PUACgkQv7M3G5+2DLL3aQCdFXJBpNChYoLy938tb+YCpRIJ aH4AoJKIDR1MeZvY0oT+szZl80JEal96 =oMB5 -----END PGP SIGNATURE----- -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org
On 2014-12-10 06:41, John Andersen wrote:
On 12/09/2014 09:35 PM, Charles Philip Chan wrote:
On my machine, when I click sftp-link it pops up a window, and that window works fine when I enter simply user@host
(And, since I have my public key pushed to that host, it never asks for password) I don't have to put the sftp:// part in, and Carlos did put that in, (shown in another posting) and it failed. Maybe try without all that decoration?
I have tried all those combinations trying to make it work. The one I tried first, and the one that works on "shell link" is plain "user@host" It even fails on 13.2 --> 13.2 using "user@localhost". And 13.2 is a brand new install, fully patched. Tried both xfce and mate. It is a vmplayer guest, for testing. I forgot to send this on the past "night". Sending now. Ah, "ftp" in mc works. Also, ssh in a terminal, not mc, works. And "scp" in a terminal also works: cer@oS-13-2:~> scp cer@telcontar.valinor:hello . Password: hello 100% 12 0.0KB/s 00:00 cer@oS-13-2:~> I have tried caja, thunar, and nautilus. None appear to support fish, but only caja clearly says so. I don't have dolphin installed, and I can't, a virtual system is not intended to have everything, and kde is not one of them. Already gnome, mate and xfce is enough. -- Cheers / Saludos, Carlos E. R. (from 13.1 x86_64 "Bottle" at Telcontar)
Le 10/12/2014 16:12, Carlos E. R. a écrit :
I have tried caja, thunar,
sftp works in thunar, but not fish and nautilus. None appear to support fish,
but only caja clearly says so. I don't have dolphin
dolphin have a split view like mc, very handy. I use it every days to transfer photos to my online server (fish) installed, and I
can't, a virtual system is not intended to have everything, and kde is not one of them. Already gnome, mate and xfce is enough.
don't know what overhear is needed for dolphin, but making a snapshot and installing dolphin should give you the answer jdd -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org
On 2014-12-10 16:44, jdd wrote:
Le 10/12/2014 16:12, Carlos E. R. a écrit :
I have tried caja, thunar,
sftp works in thunar, but not fish
Ah? Yes, right, it does, just tried. And caja does, too. Actually, they share the credentials, I did not have to enter them again. Caja is interesting, it has a double panel view.
dolphin have a split view like mc, very handy. I use it every days to transfer photos to my online server (fish)
Yes, like caja. A bit too simple compared to mc, though. There was a graphical tools somewhere similar to mc, but a bit limited, last time I tried. What was it...? Ah, krusader, I think. I also have a note about "tkdesk". (installing krusader wants to install 50 packages more) I'll try it on my main system again.
don't know what overhear is needed for dolphin, but making a snapshot and installing dolphin should give you the answer
It is of course possible, but instead of a light test system I get a heavy system. Not my intention :-) -- Cheers / Saludos, Carlos E. R. (from 13.1 x86_64 "Bottle" at Telcontar)
On Wed, Dec 10, 2014 at 6:11 PM, Carlos E. R. <robin.listas@telefonica.net> wrote:
On 2014-12-10 16:44, jdd wrote:
Le 10/12/2014 16:12, Carlos E. R. a écrit :
I have tried caja, thunar,
sftp works in thunar, but not fish
(installing krusader wants to install 50 packages more)
I'll try it on my main system again.
don't know what overhear is needed for dolphin, but making a snapshot and installing dolphin should give you the answer
It is of course possible, but instead of a light test system I get a heavy system. Not my intention :-)
I've just try on my 13.2 to another computer with 13.1 The results: ssh, sftp from command line work fine (from 13.2 to 13.1) mc - the same error as Carlos'. fish in krusader (KDE3) - works fine. sftp in krusader - also fine. sftp in mc from 13.1 to 13.2 - same error. Now, why it indicates "/sftp://host"? I would expect "sftp://host"? Where the first slash came from? -- Mark Goldstein -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org
Le 10/12/2014 17:27, Mark Goldstein a écrit :
Now, why it indicates "/sftp://host"? I would expect "sftp://host"? Where the first slash came from?
could be the problem, because it asks for the passwd and should not if it had connexion problem. a way to fix this without recompiling? jdd -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org
On 2014-12-10 17:46, jdd wrote:
Le 10/12/2014 17:27, Mark Goldstein a écrit :
Now, why it indicates "/sftp://host"? I would expect "sftp://host"? Where the first slash came from?
Yes, I thought the same.
could be the problem, because it asks for the passwd and should not if it had connexion problem.
There is connection, the server side logs it. I think it says the client aborted: "Received disconnect from 127.0.0.1: 11: Normal Shutdown [preauth]" -- Cheers / Saludos, Carlos E. R. (from 13.1 x86_64 "Bottle" at Telcontar)
On Wed, Dec 10, 2014 at 7:29 PM, Carlos E. R. <robin.listas@telefonica.net> wrote: ...
There is connection, the server side logs it. I think it says the client aborted: "Received disconnect from 127.0.0.1: 11: Normal Shutdown [preauth]"
Perfect timing, I've just sent the same observation. :-) -- Mark Goldstein -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org
On Wed, Dec 10, 2014 at 7:32 PM, Mark Goldstein <goldstein.mark@gmail.com> wrote:
On Wed, Dec 10, 2014 at 7:29 PM, Carlos E. R. <robin.listas@telefonica.net> wrote: ...
And now sshd run in debug mode: debug1: SSH2_MSG_KEXINIT sent [preauth] debug1: SSH2_MSG_KEXINIT received [preauth] debug1: kex: client->server aes128-ctr hmac-sha1 none [preauth] debug1: kex: server->client aes128-ctr hmac-sha1 none [preauth] debug1: expecting SSH2_MSG_KEXDH_INIT [preauth] debug1: SSH2_MSG_NEWKEYS sent [preauth] debug1: expecting SSH2_MSG_NEWKEYS [preauth] debug1: SSH2_MSG_NEWKEYS received [preauth] debug1: KEX done [preauth] debug1: userauth-request for user XXXXX service ssh-connection method none [preauth] debug1: attempt 0 failures 0 [preauth] debug1: PAM: initializing for "XXXXX" debug1: PAM: setting PAM_RHOST to "YYYYY" debug1: PAM: setting PAM_TTY to "ssh" debug1: userauth-request for user XXXXX service ssh-connection method password [preauth] debug1: attempt 1 failures 0 [preauth] Connection closed by ZZ.ZZ.ZZ.ZZ [preauth] debug1: do_cleanup [preauth] debug1: monitor_read_log: child log fd closed debug1: do_cleanup debug1: PAM: cleanup debug1: Killing privsep child 2031 ZZ.ZZ.ZZ.ZZ is the machine where mc/sftp runs. So no clue on destinaltion side. -- Mark Goldstein -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org
On 2014-12-10 18:47, Mark Goldstein wrote:
On Wed, Dec 10, 2014 at 7:32 PM, Mark Goldstein
debug1: userauth-request for user XXXXX service ssh-connection method password [preauth] debug1: attempt 1 failures 0 [preauth] <============ Connection closed by ZZ.ZZ.ZZ.ZZ [preauth] debug1: do_cleanup [preauth] debug1: monitor_read_log: child log fd closed debug1: do_cleanup debug1: PAM: cleanup debug1: Killing privsep child 2031
ZZ.ZZ.ZZ.ZZ is the machine where mc/sftp runs. So no clue on destinaltion side.
No, I think it is the client which aborts. The server says 1 attempt, 0 failures... -- Cheers / Saludos, Carlos E. R. (from 13.1 x86_64 "Bottle" at Telcontar)
On December 10, 2014 10:16:21 AM PST, "Carlos E. R." <robin.listas@telefonica.net> wrote:
On 2014-12-10 18:47, Mark Goldstein wrote:
On Wed, Dec 10, 2014 at 7:32 PM, Mark Goldstein
debug1: userauth-request for user XXXXX service ssh-connection method password [preauth] debug1: attempt 1 failures 0 [preauth] <============ Connection closed by ZZ.ZZ.ZZ.ZZ [preauth] debug1: do_cleanup [preauth] debug1: monitor_read_log: child log fd closed debug1: do_cleanup debug1: PAM: cleanup debug1: Killing privsep child 2031
ZZ.ZZ.ZZ.ZZ is the machine where mc/sftp runs. So no clue on destinaltion side.
No, I think it is the client which aborts. The server says 1 attempt, 0 failures...
Does the client side ever ask for a password? Does the client side and server side support ssh2 as mandatory or at least preferred? -- Sent from my Android phone with K-9 Mail. Please excuse my brevity. -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org
On 2014-12-10 19:23, John Andersen wrote:
On December 10, 2014 10:16:21 AM PST, "Carlos E. R." <> wrote:
On 2014-12-10 18:47, Mark Goldstein wrote:
On Wed, Dec 10, 2014 at 7:32 PM, Mark Goldstein
debug1: userauth-request for user XXXXX service ssh-connection method password [preauth] debug1: attempt 1 failures 0 [preauth] <============ Connection closed by ZZ.ZZ.ZZ.ZZ [preauth] debug1: do_cleanup [preauth] debug1: monitor_read_log: child log fd closed debug1: do_cleanup debug1: PAM: cleanup debug1: Killing privsep child 2031
ZZ.ZZ.ZZ.ZZ is the machine where mc/sftp runs. So no clue on destinaltion side.
No, I think it is the client which aborts. The server says 1 attempt, 0 failures...
Does the client side ever ask for a password?
Yes.
Does the client side and server side support ssh2 as mandatory or at least preferred?
I have no idea. The client is 'mc', default installed, how do I find out? The error the client says is «Cannot chdir to "/sftp://cer@telcontar.valinor"», or similar. And, as posted elsewhere, CLI: scp works. -- Cheers / Saludos, Carlos E. R. (from 13.1 x86_64 "Bottle" at Telcontar)
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On 12/10/2014 10:29 AM, Carlos E. R. wrote:
On 2014-12-10 19:23, John Andersen wrote:
On December 10, 2014 10:16:21 AM PST, "Carlos E. R." <> wrote:
On 2014-12-10 18:47, Mark Goldstein wrote:
On Wed, Dec 10, 2014 at 7:32 PM, Mark Goldstein
debug1: userauth-request for user XXXXX service ssh-connection method password [preauth] debug1: attempt 1 failures 0 [preauth] <============ Connection closed by ZZ.ZZ.ZZ.ZZ [preauth] debug1: do_cleanup [preauth] debug1: monitor_read_log: child log fd closed debug1: do_cleanup debug1: PAM: cleanup debug1: Killing privsep child 2031
ZZ.ZZ.ZZ.ZZ is the machine where mc/sftp runs. So no clue on destinaltion side.
No, I think it is the client which aborts. The server says 1 attempt, 0 failures...
Does the client side ever ask for a password?
Yes.
Does the client side and server side support ssh2 as mandatory or at least preferred?
I have no idea. The client is 'mc', default installed, how do I find out?
The error the client says is «Cannot chdir to "/sftp://cer@telcontar.valinor"», or similar.
And, as posted elsewhere, CLI: scp works.
Well, since sftp is ssh, you have to check your ssh_config on the client side to see if it will allow or default to protocol 2. Anytime we are talking about SFTP-Link the settings most important will be in the normal ssh settings files. - ------- By the way Carlos, I've done some testing again this morning, and I am not convinced there is anything wrong with mc, BUT..... There may be something wrong with sftp handling on 13.2 server side...or client side (haven' figured out which. Reason: Using only sftp-link OS13.2 -----> OS10.2 works fine OS13.2 -----> OpenBSD5.6 Works fine OS13.2 -----> NetBSD6.1.6 Works fine 0S13.2 -----> OS13.2 (localhost) FAIL as you indicate above. <----- OS10.2 -----> OS13.2 (shell-link aka Fish) Works fine OpenBSD5.5 ----> OS13.2 Shell-link aka Fish) works fine The change log for MC shows a bunch of deletions of fish related things. - -- After all is said and done, more is said than done. -----BEGIN PGP SIGNATURE----- Version: GnuPG v2 iEYEARECAAYFAlSIqkcACgkQv7M3G5+2DLKHuACfQKy/pBcSyn18wt7bHyVrtJXI zmcAnjS9OIHrnyj9IVRsgRojAMVnHxm1 =w7Iy -----END PGP SIGNATURE----- -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org
On 2014-12-10 21:17, John Andersen wrote:
On 12/10/2014 10:29 AM, Carlos E. R. wrote:
Well, since sftp is ssh, you have to check your ssh_config on the client side to see if it will allow or default to protocol 2. Anytime we are talking about SFTP-Link the settings most important will be in the normal ssh settings files.
Well, they are the default distribution files, I haven't changed anything on the client. I only do a change on the server: #CER increase tries, or we get: # Received disconnect from 192.168.1.129: 2: Too many authentication failures for cer MaxAuthTries 12 On the client file, I see: Protocol 2
The change log for MC shows a bunch of deletions of fish related things.
Yes, fish has been disabled intentionally. Oh, I see the cause has been identified. -- Cheers / Saludos, Carlos E. R. (from 13.1 x86_64 "Bottle" at Telcontar)
On Wed, Dec 10, 2014 at 8:16 PM, Carlos E. R. <robin.listas@telefonica.net> wrote:
On 2014-12-10 18:47, Mark Goldstein wrote:
On Wed, Dec 10, 2014 at 7:32 PM, Mark Goldstein
debug1: userauth-request for user XXXXX service ssh-connection method password [preauth] debug1: attempt 1 failures 0 [preauth] <============ Connection closed by ZZ.ZZ.ZZ.ZZ [preauth] debug1: do_cleanup [preauth] debug1: monitor_read_log: child log fd closed debug1: do_cleanup debug1: PAM: cleanup debug1: Killing privsep child 2031
ZZ.ZZ.ZZ.ZZ is the machine where mc/sftp runs. So no clue on destinaltion side.
No, I think it is the client which aborts. The server says 1 attempt, 0 failures...
Yep... It looks like the problem is "connection method password'... When I ran sshd with higher level of debugging, I see that daemon complains that "password" is incorrect connection method and moves to the next one. When I do the same from command line or from fish filesystem, the connection methid requested is "keyboard-interactive/pam" -- Mark Goldstein -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org
В Wed, 10 Dec 2014 19:47:08 +0200 Mark Goldstein <goldstein.mark@gmail.com> пишет:
On Wed, Dec 10, 2014 at 7:32 PM, Mark Goldstein <goldstein.mark@gmail.com> wrote:
On Wed, Dec 10, 2014 at 7:29 PM, Carlos E. R. <robin.listas@telefonica.net> wrote: ...
And now sshd run in debug mode:
debug1: SSH2_MSG_KEXINIT sent [preauth] debug1: SSH2_MSG_KEXINIT received [preauth] debug1: kex: client->server aes128-ctr hmac-sha1 none [preauth] debug1: kex: server->client aes128-ctr hmac-sha1 none [preauth] debug1: expecting SSH2_MSG_KEXDH_INIT [preauth] debug1: SSH2_MSG_NEWKEYS sent [preauth] debug1: expecting SSH2_MSG_NEWKEYS [preauth] debug1: SSH2_MSG_NEWKEYS received [preauth] debug1: KEX done [preauth] debug1: userauth-request for user XXXXX service ssh-connection method none [preauth] debug1: attempt 0 failures 0 [preauth] debug1: PAM: initializing for "XXXXX" debug1: PAM: setting PAM_RHOST to "YYYYY" debug1: PAM: setting PAM_TTY to "ssh" debug1: userauth-request for user XXXXX service ssh-connection method password [preauth] debug1: attempt 1 failures 0 [preauth] Connection closed by ZZ.ZZ.ZZ.ZZ [preauth] debug1: do_cleanup [preauth] debug1: monitor_read_log: child log fd closed debug1: do_cleanup debug1: PAM: cleanup debug1: Killing privsep child 2031
ZZ.ZZ.ZZ.ZZ is the machine where mc/sftp runs. So no clue on destinaltion side.
Does allowing PasswordAuthentication on server side make a difference? -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org
On Wed, Dec 10, 2014 at 8:37 PM, Andrei Borzenkov <arvidjaar@gmail.com> wrote:
В Wed, 10 Dec 2014 19:47:08 +0200 Mark Goldstein <goldstein.mark@gmail.com> пишет:
On Wed, Dec 10, 2014 at 7:32 PM, Mark Goldstein <goldstein.mark@gmail.com> wrote:
On Wed, Dec 10, 2014 at 7:29 PM, Carlos E. R. <robin.listas@telefonica.net> wrote: ...
And now sshd run in debug mode:
debug1: SSH2_MSG_KEXINIT sent [preauth] debug1: SSH2_MSG_KEXINIT received [preauth] debug1: kex: client->server aes128-ctr hmac-sha1 none [preauth] debug1: kex: server->client aes128-ctr hmac-sha1 none [preauth] debug1: expecting SSH2_MSG_KEXDH_INIT [preauth] debug1: SSH2_MSG_NEWKEYS sent [preauth] debug1: expecting SSH2_MSG_NEWKEYS [preauth] debug1: SSH2_MSG_NEWKEYS received [preauth] debug1: KEX done [preauth] debug1: userauth-request for user XXXXX service ssh-connection method none [preauth] debug1: attempt 0 failures 0 [preauth] debug1: PAM: initializing for "XXXXX" debug1: PAM: setting PAM_RHOST to "YYYYY" debug1: PAM: setting PAM_TTY to "ssh" debug1: userauth-request for user XXXXX service ssh-connection method password [preauth] debug1: attempt 1 failures 0 [preauth] Connection closed by ZZ.ZZ.ZZ.ZZ [preauth] debug1: do_cleanup [preauth] debug1: monitor_read_log: child log fd closed debug1: do_cleanup debug1: PAM: cleanup debug1: Killing privsep child 2031
ZZ.ZZ.ZZ.ZZ is the machine where mc/sftp runs. So no clue on destinaltion side.
Does allowing PasswordAuthentication on server side make a difference?
Andrei, you are absolutely right. With "PasswordAuthentication yes' it works! I know that this setting is not recommended for security reason, but for some reason mc sftp uses it. Thanks a lot! -- Mark Goldstein -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org
В Wed, 10 Dec 2014 21:02:18 +0200 Mark Goldstein <goldstein.mark@gmail.com> пишет:
Andrei, you are absolutely right. With "PasswordAuthentication yes' it works! I know that this setting is not recommended for security reason, but for some reason mc sftp uses it.
Because PasswordAuthentication can easily be scripted and ChallengeReponse not (easily). Does it work with public key? -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org
On Wed, Dec 10, 2014 at 9:08 PM, Andrei Borzenkov <arvidjaar@gmail.com> wrote:
В Wed, 10 Dec 2014 21:02:18 +0200 Mark Goldstein <goldstein.mark@gmail.com> пишет:
Andrei, you are absolutely right. With "PasswordAuthentication yes' it works! I know that this setting is not recommended for security reason, but for some reason mc sftp uses it.
Because PasswordAuthentication can easily be scripted and ChallengeReponse not (easily). Does it work with public key?
I will try it later and update (I've planned to set it up anyway, but have not done it yet). -- Mark Goldstein -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org
On 12/10/2014 11:08 AM, Andrei Borzenkov wrote:
В Wed, 10 Dec 2014 21:02:18 +0200 Mark Goldstein <goldstein.mark@gmail.com> пишет:
Andrei, you are absolutely right. With "PasswordAuthentication yes' it works! I know that this setting is not recommended for security reason, but for some reason mc sftp uses it.
Because PasswordAuthentication can easily be scripted and ChallengeReponse not (easily). Does it work with public key?
With my setup, sftp does work with public key, once I upload my client's pub key to authorized keys on the server. -- After all is said and done, more is said than done. -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org
On 12/10/2014 12:20 PM, John Andersen wrote:
On 12/10/2014 11:08 AM, Andrei Borzenkov wrote:
В Wed, 10 Dec 2014 21:02:18 +0200 Mark Goldstein <goldstein.mark@gmail.com> пишет:
Andrei, you are absolutely right. With "PasswordAuthentication yes' it works! I know that this setting is not recommended for security reason, but for some reason mc sftp uses it.
Because PasswordAuthentication can easily be scripted and ChallengeReponse not (easily). Does it work with public key?
With my setup, sftp does work with public key, once I upload my client's pub key to authorized keys on the server.
I take it back. SFTP-link does not appear to attempt publickey, it always attempts to use password, and therefore requires the server to accept passwordauthentication. -- After all is said and done, more is said than done. -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org
В Wed, 10 Dec 2014 14:24:21 -0800 John Andersen <jsamyth@gmail.com> пишет:
On 12/10/2014 12:20 PM, John Andersen wrote:
On 12/10/2014 11:08 AM, Andrei Borzenkov wrote:
В Wed, 10 Dec 2014 21:02:18 +0200 Mark Goldstein <goldstein.mark@gmail.com> пишет:
Andrei, you are absolutely right. With "PasswordAuthentication yes' it works! I know that this setting is not recommended for security reason, but for some reason mc sftp uses it.
Because PasswordAuthentication can easily be scripted and ChallengeReponse not (easily). Does it work with public key?
With my setup, sftp does work with public key, once I upload my client's pub key to authorized keys on the server.
I take it back. SFTP-link does not appear to attempt publickey, it always attempts to use password, and therefore requires the server to accept passwordauthentication.
https://www.midnight-commander.org/ticket/3238 -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org
On 12/10/2014 07:29 PM, Andrei Borzenkov wrote:
В Wed, 10 Dec 2014 14:24:21 -0800 John Andersen <jsamyth@gmail.com> пишет:
On 12/10/2014 12:20 PM, John Andersen wrote:
On 12/10/2014 11:08 AM, Andrei Borzenkov wrote:
В Wed, 10 Dec 2014 21:02:18 +0200 Mark Goldstein <goldstein.mark@gmail.com> пишет:
Andrei, you are absolutely right. With "PasswordAuthentication yes' it works! I know that this setting is not recommended for security reason, but for some reason mc sftp uses it.
Because PasswordAuthentication can easily be scripted and ChallengeReponse not (easily). Does it work with public key?
With my setup, sftp does work with public key, once I upload my client's pub key to authorized keys on the server.
I take it back. SFTP-link does not appear to attempt publickey, it always attempts to use password, and therefore requires the server to accept passwordauthentication.
I piled on. Maybe you guys who use MC a lot should so as well. If FISH is broken and sftp is going to be the best approach the it needs to offer secure methods. -- After all is said and done, more is said than done. -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org
On 2014-12-11 05:36, John Andersen wrote:
On 12/10/2014 07:29 PM, Andrei Borzenkov wrote:
I piled on. Maybe you guys who use MC a lot should so as well. If FISH is broken and sftp is going to be the best approach the it needs to offer secure methods.
I don't understand something. I have: PasswordAuthentication no for years. Yet I can login on ssh using password (outside of mc), using password. I do not have keypair (or whatever the proper name is), setup. And on mc (13.1) I can login via fish (which uses ssh), using password. So, to what exactly applies that PasswordAuthentication setting? I have it to "no", yet I can login via ssh using password. And I want to keep it that way, being able to use the password, at least on local network. So, are there, perhaps, different types of password login via ssh, and this config applies to one of them, perhaps an older method that mc's sftp uses? -- Cheers / Saludos, Carlos E. R. (from 13.1 x86_64 "Bottle" at Telcontar)
On 12/10/2014 8:53 PM, Carlos E. R. wrote:
So, to what exactly applies that PasswordAuthentication setting?
I have it to "no", yet I can login via ssh using password. And I want to keep it that way, being able to use the password, at least on local network.
So, are there, perhaps, different types of password login via ssh, and this config applies to one of them, perhaps an older method that mc's sftp uses?
You are definitely right about this Carlos. Setting that to NO does not prevent login with a password. Setting it to NO only seems to block some things like sftp. -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org
Le 11/12/2014 08:34, John M Andersen a écrit :
Setting that to NO does not prevent login with a password. Setting it to NO only seems to block some things like sftp.
by the way, setting it to yes do *not* allow mc sftp to work... (work for plain sftp) jdd -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org
On December 11, 2014 1:05:08 AM PST, jdd <jdd@dodin.org> wrote:
Le 11/12/2014 08:34, John M Andersen a écrit :
Setting that to NO does not prevent login with a password. Setting it to NO only seems to block some things like sftp.
by the way, setting it to yes do *not* allow mc sftp to work... (work for plain sftp)
jdd
It definitely did for me. And turning it off reintroduced the failure. Are you sure you restarted your sshd after the change? -- Sent from my Android phone with K-9 Mail. Please excuse my brevity. -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org
Le 11/12/2014 10:18, John Andersen a écrit :
On December 11, 2014 1:05:08 AM PST, jdd <jdd@dodin.org> wrote:
Le 11/12/2014 08:34, John M Andersen a écrit :
Setting that to NO does not prevent login with a password. Setting it to NO only seems to block some things like sftp.
by the way, setting it to yes do *not* allow mc sftp to work... (work for plain sftp)
jdd
It definitely did for me. And turning it off reintroduced the failure.
Are you sure you restarted your sshd after the change?
I didn't change anything, it's like this since ages (on the server side) jdd -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org
Le 11/12/2014 10:18, John Andersen a écrit : I didn't change anything, it's like this since ages (on the server side) just for completion, the option is yes for ssh_config, but no in sshd_config is this the reason? sftp in terminal works, not in mpc jdd -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org
On December 11, 2014 1:25:25 AM PST, jdd <jdd@dodin.org> wrote:
Le 11/12/2014 10:18, John Andersen a écrit :
I didn't change anything, it's like this since ages (on the server side)
just for completion, the option is yes for ssh_config, but no in sshd_config
is this the reason?
sftp in terminal works, not in mpc
jdd
The sshd_config on the server is what you need to change. Your server need to allow tunneled passwords. -- Sent from my Android phone with K-9 Mail. Please excuse my brevity. -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org
Le 11/12/2014 10:34, John Andersen a écrit :
The sshd_config on the server is what you need to change. Your server need to allow tunneled passwords.
but it works by hand (sftp in a terminal). It works with fish/Dolphin. I will stay like this, thanks jdd -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org
On 2014-12-11 11:47, jdd wrote:
Le 11/12/2014 10:34, John Andersen a écrit :
The sshd_config on the server is what you need to change. Your server need to allow tunneled passwords.
but it works by hand (sftp in a terminal). It works with fish/Dolphin.
Because it uses other type of password entry. -- Cheers / Saludos, Carlos E. R. (from 13.1 x86_64 "Bottle" at Telcontar)
On 12/11/2014 02:47 AM, jdd wrote:
Le 11/12/2014 10:34, John Andersen a écrit :
The sshd_config on the server is what you need to change. Your server need to allow tunneled passwords.
but it works by hand (sftp in a terminal). It works with fish/Dolphin.
I will stay like this, thanks jdd
As will I. Although I see no difference with that tunneled passwords set on or off, (except in MC) I have no intention of leaving it on. I don't use MC, and find it a tad obtuse, it seems to date from an era of obtuse tools like vi and emacs. I've spent more time using MC in the last two days drilling this problem with Carlos than I've spent in the last 10 years actually using MC. Dolphin works and (passwordless if you have pushed your public key to the server). That's why I suggested those who use MC pile onto that bug report posted above. -- After all is said and done, more is said than done. -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org
Le 11/12/2014 20:40, John Andersen a écrit :
Dolphin works and (passwordless if you have pushed your public key to the server). That's why I suggested those who use MC pile onto that bug report posted above.
I use mc a lot when I have to work on the server through ssh, but not from the client where I have all the power I want jdd -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org
On 2014-12-11 20:40, John Andersen wrote:
On 12/11/2014 02:47 AM, jdd wrote:
Although I see no difference with that tunneled passwords set on or off, (except in MC) I have no intention of leaving it on. I don't use MC, and find it a tad obtuse, it seems to date from an era of obtuse tools like vi and emacs.
Well, mc (Midnight Commander) emulates a very successful MsDOS, payware, application: Norton Commander. It is not related at all to vi or emacs, the interface was designed to be easy to use by plain users (of yesteryear), while both vi and emacs seem to be designed for programmers and are complicated to learn to use. These commander tools were good because you did not have to remember and type commands, specially NC, at a time there were no GUIs and ram was scarce. The reason to use 'mc' today is that it is very fast, and uses little display space, running in an xterm (I have dozens of them opened at a time). It has a ton of features that lack in a single GUI app. The only thing it doesn't have is graphics. It is quite useful during installs, rescue ops, and remote ops. Of course, not every body likes it :-) -- Cheers / Saludos, Carlos E. R. (from 13.1 x86_64 "Bottle" at Telcontar)
On 12/11/2014 03:19 PM, Carlos E. R. wrote:
On 2014-12-11 20:40, John Andersen wrote:
On 12/11/2014 02:47 AM, jdd wrote:
Although I see no difference with that tunneled passwords set on or off, (except in MC) I have no intention of leaving it on. I don't use MC, and find it a tad obtuse, it seems to date from an era of obtuse tools like vi and emacs.
Well, mc (Midnight Commander) emulates a very successful MsDOS, payware, application: Norton Commander. It is not related at all to vi or emacs, the interface was designed to be easy to use by plain users (of yesteryear), while both vi and emacs seem to be designed for programmers and are complicated to learn to use.
These commander tools were good because you did not have to remember and type commands, specially NC, at a time there were no GUIs and ram was scarce.
The reason to use 'mc' today is that it is very fast, and uses little display space, running in an xterm (I have dozens of them opened at a time). It has a ton of features that lack in a single GUI app. The only thing it doesn't have is graphics.
It is quite useful during installs, rescue ops, and remote ops.
Of course, not every body likes it :-)
I used Midnite Commander 30 years ago on CPM, but I've totally forgotten how to use it, and I don't think it's as user friendly as you indicate--I looked at it recently and it snowed me. --doug -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org
On 2014-12-11 21:26, Doug wrote:
On 12/11/2014 03:19 PM, Carlos E. R. wrote:
I used Midnite Commander 30 years ago on CPM, but I've totally forgotten how to use it, and I don't think it's as user friendly as you indicate--I looked at it recently and it snowed me.
It was user friendly when there were no guis. Norton Commander and similar tools (xtree, pc tools) were the predecessors of the current file browsers like dolphin, nautilus, thunar... or w. explorer. All we had when the those text tools appeared was the bare command line, nothing graphical or with menus. You had to type a command to do things like move, rename, copy: remember the command and type everything correctly. Today Midnight Commander is, in some respects, as powerful as a gui, much faster, without graphics, limited mouse action. It has some limitations and some advantages. For instance: customizable menus, running actions on files or groups of them, which you can customize. Or typing terminal commands. All tools have their place. Let me see, mc can, for instance, compress a whole directory, open a compressed archive, look inside an rpm package, look inside a cd iso image without being root (to loop mount it), do a text search (grep) inside a bunch of files and directories, do operations on the found list (including editing the files). Create/edit hard/symlinks, calculate directory sizes, chown, chmod, rename. Compare files or directories (quick or full compare). Also, it is customizable. The closest GUI is, I think, krusader. -- Cheers / Saludos, Carlos E. R. (from 13.1 x86_64 "Bottle" at Telcontar)
Le 12/12/2014 03:53, Carlos E. R. a écrit :
The closest GUI is, I think, krusader.
Dolphion can do the same, including splitting the windows. Do you remember the acronym of the such explorers that use to panes? Thjere is all a phylosopy? I know they have (had?) a web page but I can't find it again jdd -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org
On 2014-12-12 09:07, jdd wrote:
Le 12/12/2014 03:53, Carlos E. R. a écrit :
The closest GUI is, I think, krusader.
Dolphion can do the same, including splitting the windows.
You mean dolphin?
Do you remember the acronym of the such explorers that use to panes? Thjere is all a phylosopy? I know they have (had?) a web page but I can't find it again
Dunno. I just tested Dolphin, and I see it can open rpms, although it doesn't display all the info that 'mc' displays. But it does not open isos (mc does). Krusader can, but that is not a surprise, as it is an mc clone. -- Cheers / Saludos, Carlos E. R. (from 13.1 x86_64 "Bottle" at Telcontar)
Le 12/12/2014 03:53, Carlos E. R. a écrit :
The closest GUI is, I think, krusader.
Dolphion can do the same, including splitting the windows. Do you remember the acronym of the such explorers that use to panes? Thjere is all a phylosopy? I know they have (had?) a web page but I can't find it again sorry for the typos (I just awake :-)) - I found the acronym: OFM http://en.wikipedia.org/wiki/File_manager#Orthodox_file_managers there are many jdd -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org
On 2014-12-12 09:24, jdd wrote:
Le 12/12/2014 03:53, Carlos E. R. a écrit :
sorry for the typos (I just awake :-)) - I found the acronym: OFM
http://en.wikipedia.org/wiki/File_manager#Orthodox_file_managers
Curious! :-) I don't remember "PathMinder", though. Interesting... there appears to be a version of 'mc' for windows! -- Cheers / Saludos, Carlos E. R. (from 13.1 x86_64 "Bottle" at Telcontar)
On Fri, Dec 12, 2014 at 2:23 PM, Carlos E. R. <robin.listas@telefonica.net> wrote:
On 2014-12-12 09:24, jdd wrote:
Le 12/12/2014 03:53, Carlos E. R. a écrit :
sorry for the typos (I just awake :-)) - I found the acronym: OFM
http://en.wikipedia.org/wiki/File_manager#Orthodox_file_managers
Curious! :-)
I don't remember "PathMinder", though.
Interesting... there appears to be a version of 'mc' for windows!
Do you mean "Total Commander" or native mc? I once used native mc on Windows under Cygwin. (I needed sftp access from windows to Unix servers and while putty/psftp was often failing, mc under cygwin worked very well). TC is good, I use it in M$ Windows and Android. But mc has some unique features. (e.g. when I need to compare interactively versions of a number of files in different directories (like different releases), I put these directories in two panels and use tkdiff %f %D/%f. Just moving the cursor to next file and re-selecting the last command does the job). Will try public key with MC during weekend. -- Mark Goldstein -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org
Hello, On Fri, 12 Dec 2014, Mark Goldstein wrote:
On Fri, Dec 12, 2014 at 2:23 PM, Carlos E. R. <robin.listas@telefonica.net> wrote:
Interesting... there appears to be a version of 'mc' for windows!
Do you mean "Total Commander" or native mc?
Native I guess. I think I remember using mc and wget when I still used Win95 somewhen early in the naughties (before '03 or so)... I compiled wget myself (natively with a M$ compiler) but a precompiled mc, IIRC. -dnh -- Urgently looking for a signature -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org
On 2014-12-12 17:28, Mark Goldstein wrote:
On Fri, Dec 12, 2014 at 2:23 PM, Carlos E. R.
. (I needed sftp access
from windows to Unix servers and while putty/psftp was often failing, mc under cygwin worked very well). TC is good, I use it in M$ Windows and Android.
I use one I don't remember the name unless I boot Windows in my laptop. Ah, yes, WinSCP. Quite useful. Double panel.
But mc has some unique features. (e.g. when I need to compare interactively versions of a number of files in different directories (like different releases), I put these directories in two panels and use tkdiff %f %D/%f. Just moving the cursor to next file and re-selecting the last command does the job).
tkdiff? Ah, two panel diff editor? I prefer "meld", intuitive and powerful. And... "tkdiff %f %D/%f" So you open both files on a single command. I like that, I wanted to do that with meld and others. Do you place it in a shortcut, or type it?
Will try public key with MC during weekend.
Ok, you tell us the results :-) -- Cheers / Saludos, Carlos E. R. (from 13.1 x86_64 "Bottle" at Telcontar)
On Fri, Dec 12, 2014 at 10:04 PM, Carlos E. R. <robin.listas@telefonica.net> wrote:
On 2014-12-12 17:28, Mark Goldstein wrote:
On Fri, Dec 12, 2014 at 2:23 PM, Carlos E. R.
. (I needed sftp access
from windows to Unix servers and while putty/psftp was often failing, mc under cygwin worked very well). TC is good, I use it in M$ Windows and Android.
I use one I don't remember the name unless I boot Windows in my laptop. Ah, yes, WinSCP. Quite useful. Double panel.
Ah, I know and use this one for scp into virtual machines, for example.
tkdiff?
Ah, two panel diff editor? I prefer "meld", intuitive and powerful.
Will check it, thanks.
And... "tkdiff %f %D/%f" So you open both files on a single command. I like that, I wanted to do that with meld and others. Do you place it in a shortcut, or type it?
You can do it either way (it is just an example - put on command line highlighted file on current panel (%f) then directory on the opposite panel (%D), / and the same file name. %F is file highlighted on other panel. (Another usefull one is %T - list of selected files....))
Will try public key with MC during weekend.
Ok, you tell us the results :-)
OK, looks like it works. I had to look into the code to figure it out... Let's say our priv/public key are in standard id_rsa and id_rsa.pub files in ~/.ssh (and of course copied to the destination host with ssh-copy-id) 1) It turned out that mc uses file ~/.ssh/config for sftp configurations. 2) This file should contain sections per destination host. I eventually wrote the following: Host DestHostName User Username # Not sure it is needed, current user name will be used if omitted PasswordAuthentication FALSE PubkeyAuthentication TRUE IdentityFile id_rsa That's it, I've got connected. -- Mark Goldstein -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org
On Fri, Dec 12, 2014 at 10:46 PM, Mark Goldstein <goldstein.mark@gmail.com> wrote:
On Fri, Dec 12, 2014 at 10:04 PM, Carlos E. R. <robin.listas@telefonica.net> wrote:
Ok, you tell us the results :-)
OK, looks like it works. I had to look into the code to figure it out...
Let's say our priv/public key are in standard id_rsa and id_rsa.pub files in ~/.ssh (and of course copied to the destination host with ssh-copy-id)
1) It turned out that mc uses file ~/.ssh/config for sftp configurations.
2) This file should contain sections per destination host. I eventually wrote the following:
Host DestHostName User Username # Not sure it is needed, current user name will be used if omitted PasswordAuthentication FALSE PubkeyAuthentication TRUE IdentityFile id_rsa
Some clarifications. ~/.ssh/config is common for ssh client and its syntax is a bit different... Host could contain a number of names (e.g. name and IP address, separated by whitespace), or * meaning all hosts. But it looks like mc does not like more than one name. I did not try * User mane is only needed if user name on remote host is different from local user name. Correct values for Boolean keys are not FALSE and TRUE (though mc implementation understands them) but "yes" or "no" IdentityFile should contain path to the file, e.g. ~/.ssh/id_rsa So the section should look like that: Host hostname PasswordAuthentication no PubkeyAuthentication yes IdentityFile ~/.ssh/id_rsa -- Mark Goldstein -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On 12/11/2014 12:19 PM, Carlos E. R. wrote:
On 2014-12-11 20:40, John Andersen wrote:
On 12/11/2014 02:47 AM, jdd wrote:
Although I see no difference with that tunneled passwords set on or off, (except in MC) I have no intention of leaving it on. I don't use MC, and find it a tad obtuse, it seems to date from an era of obtuse tools like vi and emacs.
Well, mc (Midnight Commander) emulates a very successful MsDOS, payware, application: Norton Commander. It is not related at all to vi or emacs, the interface was designed to be easy to use by plain users (of yesteryear), while both vi and emacs seem to be designed for programmers and are complicated to learn to use.
These commander tools were good because you did not have to remember and type commands, specially NC, at a time there were no GUIs and ram was scarce.
The reason to use 'mc' today is that it is very fast, and uses little display space, running in an xterm (I have dozens of them opened at a time). It has a ton of features that lack in a single GUI app. The only thing it doesn't have is graphics.
It is quite useful during installs, rescue ops, and remote ops.
Of course, not every body likes it :-)
Well, lots of choices people can make. I'm more interested in this issue because of the apparent mis-documentation of the actual purpose and effect of PasswordAuthentication = no in /etc/ssh/sshd_config. We have discovered that PasswordAuthentication = no is NOT sufficient to disable password authentication (except for mc) Comments (at least) should be changed to indicate that usePAM = no is also required to prevent ssh login with passwords. OpenSUSE seems to default to usePAM = yes which still allows password logins, (and sftp logins for everything except MC). There is a trap there for the unwary and, because the authentication methods are scattered all over sshd_config you have to read very carefully and understand. see answer 10 here: http://superuser.com/a/374234 It would appear that usePam = yes is slightly more secure than PasswordAuthentication = yes because pam triggers/falls back to keyboard interactive (challenge response) which is harder to script than regular PasswordAuthentication, where the tunnel is established and a loging with BOTH the account and the password are sent as one command. So the settings that opensuse defaults to appear to be reasonably correct, if not a little confusing (at least to me). - -- After all is said and done, more is said than done. -----BEGIN PGP SIGNATURE----- Version: GnuPG v2 iEYEARECAAYFAlSKG54ACgkQv7M3G5+2DLJo2wCfaK6ZDjdxV6Y1ziZAV/1Y1L4T gZQAn1hlvETWczOSidL6xXUqOi/IkyyU =JWSb -----END PGP SIGNATURE----- -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org
On 2014-12-11 08:34, John M Andersen wrote:
On 12/10/2014 8:53 PM, Carlos E. R. wrote:
So, are there, perhaps, different types of password login via ssh, and this config applies to one of them, perhaps an older method that mc's sftp uses?
You are definitely right about this Carlos.
Setting that to NO does not prevent login with a password. Setting it to NO only seems to block some things like sftp.
I think it may be what arvidjaar calls "keyboard-interactive". mc does not support it (in sftp at least). mc-sftp needs "tunneled clear text passwords", in the ssh config parlance. Maybe the other one is ChallengeResponseAuthentication or keyboard-interactive. I don't have this clear. -- Cheers / Saludos, Carlos E. R. (from 13.1 x86_64 "Bottle" at Telcontar)
В Thu, 11 Dec 2014 16:24:39 +0100 "Carlos E. R." <robin.listas@telefonica.net> пишет:
On 2014-12-11 08:34, John M Andersen wrote:
On 12/10/2014 8:53 PM, Carlos E. R. wrote:
So, are there, perhaps, different types of password login via ssh, and this config applies to one of them, perhaps an older method that mc's sftp uses?
You are definitely right about this Carlos.
Setting that to NO does not prevent login with a password. Setting it to NO only seems to block some things like sftp.
I think it may be what arvidjaar calls "keyboard-interactive". mc does not support it (in sftp at least).
mc-sftp needs "tunneled clear text passwords", in the ssh config parlance. Maybe the other one is ChallengeResponseAuthentication or keyboard-interactive.
Yes. PasswordAuthentication enables one of ssh authentication protocols (password). Another protocol is ChallengeResponse (keyboard-interactive). This can be configured to use virtually any authentication tokens; in combination with UsePAM and PAM default configuration it simply requests user password.
I don't have this clear.
On 2014-12-11 17:27, Andrei Borzenkov wrote:
В Thu, 11 Dec 2014 16:24:39 +0100 "Carlos E. R." <> пишет:
Yes. PasswordAuthentication enables one of ssh authentication protocols (password). Another protocol is ChallengeResponse (keyboard-interactive). This can be configured to use virtually any authentication tokens; in combination with UsePAM and PAM default configuration it simply requests user password.
I see. And, guessing, "password" is scriptable while keyboard-interactive is not. Maybe, as 'mc' has to call "something" to start sftp, it uses techniques akin to scripting. I don't know how easy would be for 'mc' to support keyboard-interactive instead. Then that is what we have to request upstream? -- Cheers / Saludos, Carlos E. R. (from 13.1 x86_64 "Bottle" at Telcontar)
В Thu, 11 Dec 2014 17:51:58 +0100 "Carlos E. R." <robin.listas@telefonica.net> пишет:
On 2014-12-11 17:27, Andrei Borzenkov wrote:
В Thu, 11 Dec 2014 16:24:39 +0100 "Carlos E. R." <> пишет:
Yes. PasswordAuthentication enables one of ssh authentication protocols (password). Another protocol is ChallengeResponse (keyboard-interactive). This can be configured to use virtually any authentication tokens; in combination with UsePAM and PAM default configuration it simply requests user password.
I see.
And, guessing, "password" is scriptable while keyboard-interactive is not. Maybe, as 'mc' has to call "something" to start sftp, it uses techniques akin to scripting.
"password" sends user passsword directly in athentication request; it is expected that password was obtained by SSH client from user, but SSH server has no idea about it. It makes it trivial to automate. "keyboard-interactive" relays challenges from SSH server to user and relays user responses back to SSH server (there is also provision for translating strings). So at least in theory it is unknown when and what had been requested. In practice I guess 99% of Linux systems out there are pretty much predictable ...
I don't know how easy would be for 'mc' to support keyboard-interactive instead. Then that is what we have to request upstream?
Yes. MC is based on libssh2 which offers library function for this so MC needs to "just" provide callback to display challenge and read response.
Le 11/12/2014 18:20, Andrei Borzenkov a écrit :
"password" sends user passsword directly in athentication request; it is expected that password was obtained by SSH client from user, but SSH server has no idea about it. It makes it trivial to automate.
I guess it's also trivial to implement delays in case of error that makes script unusable for random guess :-? jdd -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org
From briefly looking at mc sources, it should support both agent and key authentications, but apparently you need to configure key in mc, it does not use default key(s) from ~/.ssh. It does *not* support keyboard-interactive and that is really a bug. Отправлено с iPhone
11 дек. 2014 г., в 7:36, John Andersen <jsamyth@gmail.com> написал(а):
On 12/10/2014 07:29 PM, Andrei Borzenkov wrote: В Wed, 10 Dec 2014 14:24:21 -0800 John Andersen <jsamyth@gmail.com> пишет:
On 12/10/2014 12:20 PM, John Andersen wrote:
On 12/10/2014 11:08 AM, Andrei Borzenkov wrote: В Wed, 10 Dec 2014 21:02:18 +0200 Mark Goldstein <goldstein.mark@gmail.com> пишет:
Andrei, you are absolutely right. With "PasswordAuthentication yes' it works! I know that this setting is not recommended for security reason, but for some reason mc sftp uses it.
Because PasswordAuthentication can easily be scripted and ChallengeReponse not (easily). Does it work with public key? With my setup, sftp does work with public key, once I upload my client's pub key to authorized keys on the server.
I take it back. SFTP-link does not appear to attempt publickey, it always attempts to use password, and therefore requires the server to accept passwordauthentication.
I piled on. Maybe you guys who use MC a lot should so as well. If FISH is broken and sftp is going to be the best approach the it needs to offer secure methods.
-- After all is said and done, more is said than done. -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org
-- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org
On 2014-12-10 20:02, Mark Goldstein wrote:
On Wed, Dec 10, 2014 at 8:37 PM, Andrei Borzenkov <> wrote:
Does allowing PasswordAuthentication on server side make a difference?
Andrei, you are absolutely right. With "PasswordAuthentication yes' it works!
Same here! Setting that on the server (/etc/ssh/sshd_config) works.
I know that this setting is not recommended for security reason, but for some reason mc sftp uses it.
:-( -- Cheers / Saludos, Carlos E. R. (from 13.1 x86_64 "Bottle" at Telcontar)
On 12/10/2014 10:37 AM, Andrei Borzenkov wrote:
В Wed, 10 Dec 2014 19:47:08 +0200 Mark Goldstein <goldstein.mark@gmail.com> пишет:
On Wed, Dec 10, 2014 at 7:32 PM, Mark Goldstein <goldstein.mark@gmail.com> wrote:
On Wed, Dec 10, 2014 at 7:29 PM, Carlos E. R. <robin.listas@telefonica.net> wrote: ...
And now sshd run in debug mode:
debug1: SSH2_MSG_KEXINIT sent [preauth] debug1: SSH2_MSG_KEXINIT received [preauth] debug1: kex: client->server aes128-ctr hmac-sha1 none [preauth] debug1: kex: server->client aes128-ctr hmac-sha1 none [preauth] debug1: expecting SSH2_MSG_KEXDH_INIT [preauth] debug1: SSH2_MSG_NEWKEYS sent [preauth] debug1: expecting SSH2_MSG_NEWKEYS [preauth] debug1: SSH2_MSG_NEWKEYS received [preauth] debug1: KEX done [preauth] debug1: userauth-request for user XXXXX service ssh-connection method none [preauth] debug1: attempt 0 failures 0 [preauth] debug1: PAM: initializing for "XXXXX" debug1: PAM: setting PAM_RHOST to "YYYYY" debug1: PAM: setting PAM_TTY to "ssh" debug1: userauth-request for user XXXXX service ssh-connection method password [preauth] debug1: attempt 1 failures 0 [preauth] Connection closed by ZZ.ZZ.ZZ.ZZ [preauth] debug1: do_cleanup [preauth] debug1: monitor_read_log: child log fd closed debug1: do_cleanup debug1: PAM: cleanup debug1: Killing privsep child 2031
ZZ.ZZ.ZZ.ZZ is the machine where mc/sftp runs. So no clue on destinaltion side.
Does allowing PasswordAuthentication on server side make a difference?
Yes, this solves the problem. But as you point out in a later post, this is undesirable. -- After all is said and done, more is said than done. -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org
Hello, On Wed, 10 Dec 2014, Carlos E. R. wrote:
On 2014-12-10 17:46, jdd wrote:
Le 10/12/2014 17:27, Mark Goldstein a écrit :
Now, why it indicates "/sftp://host"? I would expect "sftp://host"? Where the first slash came from?
Yes, I thought the same.
That's just the usual mc-way for a VFS. Compare e.g. mc foo.tar/utar:// About that sftp-problem: No idea ATM, I get a "Cannot chdir to /sftp://localhost/", even though sshd is running and a plain sftp outside of mc works. Anyway: data loss when using fish aka "shell link" is just plain inacceptable, eh? BTW: Updates for 12.3 and 13.1 should be on the way HTH, -dnh -- We use Linux for all our mission-critical applications. Having the source code means that we are not held hostage by anyone's support department. -- Russell Nelson, President of Crynwr Software -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org
On 2014-12-10 21:08, David Haller wrote:
Hello,
On Wed, 10 Dec 2014, Carlos E. R. wrote:
About that sftp-problem: No idea ATM, I get a "Cannot chdir to /sftp://localhost/", even though sshd is running and a plain sftp outside of mc works.
The cause has been identified already.
Anyway: data loss when using fish aka "shell link" is just plain inacceptable, eh?
Of course. But I still have to read that bugzilla to know of the circumstances. If it is on file move, then I have experimented crashes, and once I suspected data loss, but I thought it was me. -- Cheers / Saludos, Carlos E. R. (from 13.1 x86_64 "Bottle" at Telcontar)
On Wed, Dec 10, 2014 at 6:46 PM, jdd <jdd@dodin.org> wrote:
Le 10/12/2014 17:27, Mark Goldstein a écrit :
Now, why it indicates "/sftp://host"? I would expect "sftp://host"? Where the first slash came from?
could be the problem, because it asks for the passwd and should not if it had connexion problem.
a way to fix this without recompiling?
Not sure this is the real reason. When this failed attempt is made (from mc sftp) I see on the other side the following message in syslog: sshd[8264]: Received disconnect from xx.xx.xx.xx: 11: Normal Shutdown [preauth] where xx.xx.xx.xx is IP address of the machine from which I tried mc/sftp. But when I just connect with sftp from command line I see PAM messages about opening the session for the user. -- Mark Goldstein -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org
Le 10/12/2014 17:11, Carlos E. R. a écrit :
Caja is interesting, it has a double panel view.
I see that. However, caja do run here only with the --sync option
Yes, like caja. A bit too simple compared to mc, though.
There was a graphical tools somewhere similar to mc, but a bit limited, last time I tried. What was it...? Ah, krusader, I think.
yes, krusader. I wanted to use it for it's mirror capability, but I never could figure is what direction he made the sync :-( I also have a
note about "tkdesk".
back to the past :-)))
It is of course possible, but instead of a light test system I get a heavy system. Not my intention :-)
is mate lighter than kde? I'm not sure jdd -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org
On 2014-12-10 17:37, jdd wrote:
Le 10/12/2014 17:11, Carlos E. R. a écrit :
yes, krusader. I wanted to use it for it's mirror capability, but I never could figure is what direction he made the sync :-(
For sync I use either the terminal, sync, or unison, for automatic bidirectional sync.
I also have a note about "tkdesk".
back to the past :-)))
I haven't looked yet if it is still installable. I only saw a mention in my notes. I don't remember how it looked.
It is of course possible, but instead of a light test system I get a heavy system. Not my intention :-)
is mate lighter than kde? I'm not sure
It is, if you already have XFCE installed. That's was the initial system. Mate was an afterthought. Both are based on GTK, so they share libraries and some components. Gnome is probably also installed, although not intentionally. I haven't checked if it runs. -- Cheers / Saludos, Carlos E. R. (from 13.1 x86_64 "Bottle" at Telcontar)
Le 10/12/2014 18:51, Carlos E. R. a écrit :
For sync I use either the terminal, sync, or unison, for automatic bidirectional sync.
unison killed both the original and the backup for me in one special case, so I don't trust it anymore (I don't trust bidirectional rsync, aka true mirror)
I also have a note about "tkdesk".
back to the past :-)))
I haven't looked yet if it is still installable. I only saw a mention in my notes. I don't remember how it looked.
last news is 10 years old, the source do not compile right away, I didn't explore more :-) http://tkdesk.sourceforge.net/news.html
It is, if you already have XFCE installed. That's was the initial system. Mate was an afterthought. Both are based on GTK, so they share libraries and some components. Gnome is probably also installed, although not intentionally. I haven't checked if it runs.
I was thinking of Mate as Gnome2, not so light jdd -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org
* Carlos E. R. <robin.listas@telefonica.net> [12-10-14 11:11]: [...]
There was a graphical tools somewhere similar to mc, but a bit limited, last time I tried. What was it...? Ah, krusader, I think. I also have a note about "tkdesk".
(installing krusader wants to install 50 packages more)
Yes, kde based. I use krusader and find it fits my needs/wants much better than dolphin and fish, smb, ftp, and sftp are supported while ssh, sh and scp are not. -- (paka)Patrick Shanahan Plainfield, Indiana, USA @ptilopteri http://en.opensuse.org openSUSE Community Member facebook/ptilopteri http://wahoo.no-ip.org Photo Album: http://wahoo.no-ip.org/gallery2 Registered Linux User #207535 @ http://linuxcounter.net -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org
On 2014-12-10 17:37, Patrick Shanahan wrote:
* Carlos E. R. <robin.listas@telefonica.net> [12-10-14 11:11]: [...]
There was a graphical tools somewhere similar to mc, but a bit limited, last time I tried. What was it...? Ah, krusader, I think. I also have a note about "tkdesk".
(installing krusader wants to install 50 packages more)
Yes, kde based.
I use krusader and find it fits my needs/wants much better than dolphin and fish, smb, ftp, and sftp are supported while ssh, sh and scp are not.
Yes, I can use it on my main system, but not in my virtual (vmplayer) test systems. I try to keep them small. 'mc' is wonderful for installation of systems, transfer files and scripts from one system to another, even if the graphical system is broken. But if the fish functionality is removed because of some problem (I still have to read the bugzilla and find out why), and sftp fails to work (and I'm not the only person that can't make it work), then 'mc' loses a lot of its functionality. I still have normal ftp, but it is less secure (important when connecting to the laptop over wifi), and needs installing an ftp server and fiddling with the firewall. -- Cheers / Saludos, Carlos E. R. (from 13.1 x86_64 "Bottle" at Telcontar)
Le 10/12/2014 19:04, Carlos E. R. a écrit :
test systems. I try to keep them small. 'mc' is wonderful for installation of systems, transfer files and scripts from one system to another, even if the graphical system is broken.
mc is one of the things I install first everywhere, but I don'tn use it fir file sharing. I have always X on at least one side :-) jdd -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org
On 2014-12-10 20:58, jdd wrote:
Le 10/12/2014 19:04, Carlos E. R. a écrit :
test systems. I try to keep them small. 'mc' is wonderful for installation of systems, transfer files and scripts from one system to another, even if the graphical system is broken.
mc is one of the things I install first everywhere, but I don'tn use it fir file sharing. I have always X on at least one side :-)
It is very fast and simply to copy files or entire trees with it across machines. Or rather, was. -- Cheers / Saludos, Carlos E. R. (from 13.1 x86_64 "Bottle" at Telcontar)
On 2014-12-10 06:35, Charles Philip Chan wrote:
Hi Carlos:
As a matter of fact, I do have that line not-commented, but I can not use sftp in mc in any system, 13.1 or 13.2
The same entry, tested in 13.1, works in ssh, but not in sftp.
Strange, it works for me in the latest Tumbleweed. Do you see anything strange in /var/log/messages? Also, did you enter the url correctly in the form of:
,---- | sftp://[user]@[host]:[port][directory] `----
"user@host" should suffice, but I also tried "sftp://user@host" or "sftp://user@host/" or "user@host/". Even fails with localhost. The answer is always the same, that it can not change to that directory. The host machine logs this: <4.6> 2014-12-10 06:39:42 Telcontar sshd 26652 - - Received disconnect from 127.0.0.1: 11: Normal Shutdown [preauth] -- Cheers / Saludos, Carlos E. R. (from 13.1 x86_64 "Bottle" at Telcontar)
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On 12/09/2014 08:41 PM, Carlos E. R. wrote:
On 2014-12-10 05:12, John M Andersen wrote:
SFTP is in fact ssh:
No. The wikipedia is dead, so I can not show you the links, but there are two different aceptions for that word. One is ssh, the other is an ftp variant. The one on mc is the later meaning, also called ftps on some places.
And it simply does not work.
I can verify that sftp in MC does in fact work, and connects via ssh on OpenSuse 13.2 If it becomes very important to you can send you via private email screen shots from both MC running on my machine connecting to a server, showing the port the connection arrives on, the running process, etc. But I expect you to take my word, as I have absolutely no reason to lie to you.
The man page says:
- ------clipped
See? sftpfs = SFTP.
Since sftp is file transfer over ssh, if you have sshd running, you already have sftp support.
It is not.
It is. (we are beginning to sound like children there... ;-) You probably do not have sftp turned on in your /etc/ssh/sshd_config on your target. - --------snip of sshd_config in a very old server # override default of no subsystems Subsystem sftp /usr/lib64/ssh/sftp-server
Of course I have the sshd daemon running. I can connect from any machine but this sftp in 13.2, which is NOT ssh (nor fish). It is the same word, but not the same thing.
It means probably that the packager disabled ssh. :-(
It means you did not turn on sftp in the target. - -- After all is said and done, more is said than done. -----BEGIN PGP SIGNATURE----- Version: GnuPG v2 iEYEARECAAYFAlSH1RAACgkQv7M3G5+2DLLZmwCghy9ZvzEMF8P4DndmK/hgh/Dy a/cAoIrWVLz/VHC/NrEVvMNUG9axfMbT =O5vI -----END PGP SIGNATURE----- -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org
On 2014-12-10 06:07, John Andersen wrote:
On 12/09/2014 08:41 PM, Carlos E. R. wrote:
I can verify that sftp in MC does in fact work, and connects via ssh on OpenSuse 13.2
If it becomes very important to you can send you via private email screen shots from both MC running on my machine connecting to a server, showing the port the connection arrives on, the running process, etc.
But I expect you to take my word, as I have absolutely no reason to lie to you.
Ok, but take my word that it does not work here, in any computer I tried, in any direction (13.1 --> 13.2, 13.2 --> 13.1) I can not paste photos today, I'm about to go to sleep. But ascii paste should suffice Left File Command Options Right ┌<─ ~ ───────────────────.[^]>┐┌<─ ~ ───────────────────.[^]>┐ │.n Name │Size │Modify time││.n Name │Size │Modify time│ │/.. │--DIR│ov 23 12:45││/.. │--DIR│ov 23 12:45│ │/.cache │ 127│ec 10 05:33││/.cache │ 127│ec 10 05:33│ │/.c 5:23│ │/.d ┌──────────────── SFTP to machine ────────────────┐ 2:50│ │/.f │ Enter machine name (F1 for details): │ 2:45│ │/.g │ cer@telcontar.valinor [^] │ 0:49│ │/.g ├─────────────────────────────────────────────────┤ 2:50│ │/.l │ [< OK >] [ Cancel ] │ 2:50│ │/.m └─────────────────────────────────────────────────┘ 0:39│ │/.s 8:03│ │/Desktop │ 6│ov 23 12:50││/Desktop │ 6│ov 23 12:50│ │/Documents │ 19│ov 30 02:43││/Documents │ 19│ov 30 02:43│ │/Downloads │ 6│ov 23 12:50││/Downloads │ 6│ov 23 12:50│ │/Music │ 6│ov 23 12:50││/Music │ 6│ov 23 12:50│ ├─────────────────────────────┤├─────────────────────────────┤ │UP--DIR ││UP--DIR │ └───────── 1790M/3064M (58%) ─┘└───────── 1790M/3064M (58%) ─┘ Hint: % macros work even on the command line. cer@oS-13-2:~> [^] 1Help 2Menu 3View 4Edit 5Copy 6Re~ov 7Mkdir 8De~te and I get, on iptraf iptraf-ng 1.1.4 ┌ TCP Connections (Source Host:Port) ───────────── Packets ──── Bytes Flag Iface ───┐ │┌192.168.74.112:36662 = 11 1539 --A- eno1 │ │└192.168.1.14:22 = 12 2799 -PA- eno1 │ │ │ │ │ │ │ │ │ │ │ │ │ │ │ │ │ │ │ │ │ │ │ └ TCP: 1 entries ────────────────────────────────────────────────────── Active ─┘ ┌────────────────────────────────────────────────────────────────────────────────────┐ │ UDP (63 bytes) from 192.168.74.112:48378 to 192.168.74.2:53 on eno1 │ │ UDP (63 bytes) from 192.168.74.112:48378 to 192.168.74.2:53 on eno1 │ │ UDP (93 bytes) from 192.168.74.2:53 to 192.168.74.112:48378 on eno1 │ │ UDP (104 bytes) from 192.168.74.2:53 to 192.168.74.112:48378 on eno1 │ │ │ │ │ Packets captured: 36 │ TCP flow rate: 0.00 kbps Up/Dn/PgUp/PgDn-scroll M-more TCP info W-chg actv win S-sort TCP X-exit then mc prompts for a password, and I get back: Left File Command Options Right ┌<─ ~ ───────────────────.[^]>┐┌<─ ~ ───────────────────.[^]>┐ │.n Name │Size │Modify time││.n Name │Size │Modify time│ │/.. │--DIR│ov 23 12:45││/.. │--DIR│ov 23 12:45│ │/.cache │ 127│ec 10 05:33││/.cache │ 127│ec 10 05:33│ │/.co :23│ │/.db ┌───────────────────── Error ─────────────────────┐ :50│ │/.fo │ │ :45│ │/.gk │ Cannot chdir to "/sftp://cer@telcontar.valinor" │ :49│ │/.gs │ │ :50│ │/.lo └─────────────────────────────────────────────────┘ :50│ │/.mo :39│ │/.ssh │ 25│ec 9 18:03││/.ssh │ 25│ec 9 18:03│ │/Desktop │ 6│ov 23 12:50││/Desktop │ 6│ov 23 12:50│ │/Documents │ 19│ov 30 02:43││/Documents │ 19│ov 30 02:43│ │/Downloads │ 6│ov 23 12:50││/Downloads │ 6│ov 23 12:50│ │/Music │ 6│ov 23 12:50││/Music │ 6│ov 23 12:50│ ├─────────────────────────────┤├─────────────────────────────┤ │UP--DIR ││UP--DIR │ └───────── 1790M/3064M (58%) ─┘└───────── 1790M/3064M (58%) ─┘ Hint: You can do anonymous FTP with mc by typing 'cd ftp://mac cer@oS-13-2:~> [^] 1Help 2Menu 3View 4Edit 5Copy 6Re~ov 7Mkdir 8De~te (the message box in the middle is in red) and iptraf shows this activity, which as you see, has not changed on port 22 - meaning it did not do anything on the network after entering the password. iptraf-ng 1.1.4 ┌ TCP Connections (Source Host:Port) ───────────── Packets ──── Bytes Flag Iface ───┐ │┌192.168.74.112:36662 = 16 1891 CLOS eno1 │ │└192.168.1.14:22 = 17 3091 CLOS eno1 │ │┌192.168.74.112:741 > 18 1752 --A- eno1 │ │└192.168.1.14:2049 > 18 1854 -PA- eno1 │ │ │ On the host, I see: <4.6> 2014-12-10 06:20:46 Telcontar sshd 25663 - - Received disconnect from 192.168.1.14: 11: Normal Shutdown [preauth] On the same terminal, ssh works: cer@oS-13-2:~> mc cer@oS-13-2:~> ssh cer@telcontar.valinor Password: Last login: Tue Dec 9 18:03:21 2014 from telcontar.valinor Have a lot of fun... No matter whether th' constitution follows th' flag or not, th' supreme court follows th' iliction returns. -- Mr. Dooley cer@Telcontar:~>
You probably do not have sftp turned on in your /etc/ssh/sshd_config on your target.
--------snip of sshd_config in a very old server # override default of no subsystems Subsystem sftp /usr/lib64/ssh/sftp-server
It is enabled. Has been so for ages.
It means probably that the packager disabled ssh. :-(
It means you did not turn on sftp in the target.
I mean the missing shell menu entry in mc. I can use mc in 12.3 or 13.1 with the same hardware, using the shell menu entry, and it works. The sftp entry doesn't work in any. Has been so for ages. -- Cheers / Saludos, Carlos E. R. (from 13.1 x86_64 "Bottle" at Telcontar)
You probably do not have sftp turned on in your /etc/ssh/sshd_config on your target.
I just installed mc to test, the sftp link do *not* works to my 13.1 server, when the exact same config in dolphin works... so either mc have a problem or dolphin and mc do not share the same sftp definition :-( jdd -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org
On Wed, Dec 10, 2014 at 7:41 AM, Carlos E. R. <robin.listas@telefonica.net> wrote:
On 2014-12-10 05:12, John M Andersen wrote:
SFTP is in fact ssh:
No. The wikipedia is dead, so I can not show you the links, but there are two different aceptions for that word. One is ssh, the other is an ftp variant. The one on mc is the later meaning, also called ftps on some places.
Please do not add to confusion. FTPS (FTP over SSL) has absolutely nothing to do with SFTP (SSH FTP subsystem). -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org
On 2014-12-10 06:58, Andrei Borzenkov wrote:
On Wed, Dec 10, 2014 at 7:41 AM, Carlos E. R. <robin.listas@telefonica.net> wrote:
On 2014-12-10 05:12, John M Andersen wrote:
SFTP is in fact ssh:
No. The wikipedia is dead, so I can not show you the links, but there are two different aceptions for that word. One is ssh, the other is an ftp variant. The one on mc is the later meaning, also called ftps on some places.
Please do not add to confusion. FTPS (FTP over SSL) has absolutely nothing to do with SFTP (SSH FTP subsystem).
That was clarified early enough in the thread. I recognized my error. -- Cheers / Saludos, Carlos E. R. (from 13.1 x86_64 "Bottle" at Telcontar)
On 2014-12-10 05:12, John M Andersen wrote:
On 12/9/2014 7:44 PM, Carlos E. R. wrote:
SFTP is in fact ssh: https://kb.iu.edu/d/akqg
Ok, it is using ssh, but not the normal ssh. On 13.1, shell link succeeds, sftp plain fails. sftp: <4.6> 2014-12-10 05:53:24 Telcontar sshd 24429 - - Received disconnect from 127.0.0.1: 11: Normal Shutdown [preauth] ( Cannot chdir to "/sftp://localhost" ) shell: <4.6> 2014-12-10 05:53:52 Telcontar sshd 24455 - - Postponed keyboard-interactive for cer from 127.0.0.1 port 51003 ssh2 [preauth] <4.6> 2014-12-10 05:53:55 Telcontar sshd 24455 - - Postponed keyboard-interactive/pam for cer from 127.0.0.1 port 51003 ssh2 [preauth] <4.6> 2014-12-10 05:53:55 Telcontar sshd 24455 - - Accepted keyboard-interactive/pam for cer from 127.0.0.1 port 51003 ssh2 <3.6> 2014-12-10 05:53:55 Telcontar systemd 1 - - Starting Session 2941 of user cer. <4.6> 2014-12-10 05:53:55 Telcontar systemd-logind 1038 - - New session 2941 of user cer. -- Cheers / Saludos, Carlos E. R. (from 13.1 x86_64 "Bottle" at Telcontar)
* Carlos E. R. <robin.listas@telefonica.net> [12-09-14 22:44]:
On 2014-12-10 02:41, John Andersen wrote:
On 12/9/2014 2:04 PM, Carlos E. R. wrote:
Sftp is still there. As I understand it, shell link was simply a fish connection.
sftp refers to secure ftp, and shell link refers to ssh. Not the same thing.
I can not make a connection on sftp, unless I start the correct daemon on destination, whereas sshd is always running on all my machines.
Re dolphin, gnome, etc... please remember that 'mc' is a terminal app.
I need confirmation if I'm the only one experiencing this, or it is a generalized issue and possible bug, prior to reporting.
I see the same on Tw, must be a bug. -- (paka)Patrick Shanahan Plainfield, Indiana, USA @ptilopteri http://en.opensuse.org openSUSE Community Member facebook/ptilopteri http://wahoo.no-ip.org Photo Album: http://wahoo.no-ip.org/gallery2 Registered Linux User #207535 @ http://linuxcounter.net -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org
On 12/09/2014 09:19 PM, Patrick Shanahan wrote:
* Carlos E. R. <robin.listas@telefonica.net> [12-09-14 22:44]:
On 2014-12-10 02:41, John Andersen wrote:
On 12/9/2014 2:04 PM, Carlos E. R. wrote:
Sftp is still there. As I understand it, shell link was simply a fish connection.
sftp refers to secure ftp, and shell link refers to ssh. Not the same thing.
I can not make a connection on sftp, unless I start the correct daemon on destination, whereas sshd is always running on all my machines.
Re dolphin, gnome, etc... please remember that 'mc' is a terminal app.
I need confirmation if I'm the only one experiencing this, or it is a generalized issue and possible bug, prior to reporting.
I see the same on Tw, must be a bug.
Nope, not a bug. It works for two of us, and fails for two of us. So its officially still a mystery. ;-? I can get shell-link working (from an older machine) and I can get sftp-link to work to servers that have sftp turned on in sshd_config. I've tried two different target servers, one a really old linux, and one is netbsd. All these combinations work for me. -- After all is said and done, more is said than done.? -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org
On 2014-12-10 06:24, John Andersen wrote:
On 12/09/2014 09:19 PM, Patrick Shanahan wrote:
I see the same on Tw, must be a bug.
Nope, not a bug. It works for two of us, and fails for two of us. So its officially still a mystery. ;-?
The bug is the missing shell link entry in the menu. -- Cheers / Saludos, Carlos E. R. (from 13.1 x86_64 "Bottle" at Telcontar)
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On 12/09/2014 09:34 PM, Carlos E. R. wrote:
On 2014-12-10 06:24, John Andersen wrote:
On 12/09/2014 09:19 PM, Patrick Shanahan wrote:
I see the same on Tw, must be a bug.
Nope, not a bug. It works for two of us, and fails for two of us. So its officially still a mystery. ;-?
The bug is the missing shell link entry in the menu.
I saw many commits on the mc project with regard to fish (which is what shell-link uses). It might be that it is broken some how and was left off. My openbsd still has shell-link (and it works of course). But shell-Link is missing on my 13.2 - -- After all is said and done, more is said than done. -----BEGIN PGP SIGNATURE----- Version: GnuPG v2 iEYEARECAAYFAlSH3CMACgkQv7M3G5+2DLJ37wCfZCBwahpODCARVPpCyS1Z2bT2 r14An2KbBAGl6yRa9OZd5dorMUyeb2Ni =drNr -----END PGP SIGNATURE----- -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org
On 2014-12-10 06:37, John Andersen wrote:
On 12/09/2014 09:34 PM, Carlos E. R. wrote:
My openbsd still has shell-link (and it works of course). But shell-Link is missing on my 13.2
I'll write a bugzilla in the morning about that. -- Cheers / Saludos, Carlos E. R. (from 13.1 x86_64 "Bottle" at Telcontar)
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On 12/09/2014 09:44 PM, Carlos E. R. wrote:
On 2014-12-10 06:37, John Andersen wrote:
On 12/09/2014 09:34 PM, Carlos E. R. wrote:
My openbsd still has shell-link (and it works of course). But shell-Link is missing on my 13.2
I'll write a bugzilla in the morning about that.
mc -v on openbsd says Version 4.8.12 and lists among the Virtual File Types Virtual File Systems: cpiofs, tarfs, sfs, extfs, ftpfs, fish But on 13.2 the version is 4.8.13 and Virtual File Systems: cpiofs, tarfs, sfs, extfs, ftpfs, sftpfs, smbfs You note that fish is missing. It might have been a compile time option. - -- After all is said and done, more is said than done. -----BEGIN PGP SIGNATURE----- Version: GnuPG v2 iEYEARECAAYFAlSH3zsACgkQv7M3G5+2DLKPaQCcDmj68gijhWMs8pQcgYNoH+Xx sD0AoIuyVWflaa4ydDnnyAAqQxZ4xGQ3 =Fw8N -----END PGP SIGNATURE----- -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org
On 12/09/2014 07:41 PM, John Andersen wrote:
Sftp is still there. As I understand it, shell link was simply a fish connection.
In Dolphin you can still access a remote file system by typing in a url like fish://user@machine/directory and that seems to work but it is not materially different than sftp://user@machine/directory
One appears to use ki0_fish.so and the other uses kio_sftp.so Maybe it is just reducing the number of redundancies.
There appears to be a gnome module name libsftp.so but I don't see a gnome libfish.so.
Just be aware, in a lot cases kio_fish is a wrapper to and underlying scp or other native file transfer calls, while kio_sftp is a complete file transfer implementation. If your kio_fish is a wrapper, then kio_sftp is generally preferred due to kio_fish being vulnerable to bugs in whatever 3rd party file transfer it is using. -- David C. Rankin, J.D.,P.E. -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org
Hello, On Tue, 09 Dec 2014, Carlos E. R. wrote:
Notice that the "Shell link..." entry is missing. Why?
See https://bugzilla.novell.com/show_bug.cgi?id=856501 The fish-VFS is broken. Totally. So, I've disabled fish. Data loss is a "no no", eh? And yes, I could reproduce the data-loss (source file deleted, no matter of what happened to the target file (e.g. never written)). (Right now, I'm trying to also push 4.8.13 to <= 13.1, *gah* I've all forgotten about that. *fsck*!!). So, I call on you guys that have an interest in the fish feature, there's a preliminary patch that _might_ work, but will need lots of testing. I can build a RPM in the OBS for you with that patch and fish enabled. Myself, I use plain scp ;) So YOU have to do the testing! I'll make that package available if enough[tm] (few) testers pipe up. Else, heck, branch the package and build it yourself. There's already about a dozen branches (besides my devel branch) in the OBS. Maybe one of them builds with fish enabled already, just look at the "link diff". -dnh, mc maintainer PS: Don't rely on me staying. Because of systemd. I'm still on 12.1. As an init, systemd, why not. What is has become: no way! I'm off to Gentoo / Slackware / LFS / *BSD ... But for now, I build stuff (e.g. openss[lh] and seamonkey) for 12.1. And hope for systemd to collapse and vanish again as it should. -- "All mushrooms are edible. However, some of them only once" -- Ino!~ -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On 2014-12-10 12:26, David Haller wrote:
So, I call on you guys that have an interest in the fish feature, there's a preliminary patch that _might_ work, but will need lots of testing. I can build a RPM in the OBS for you with that patch and fish enabled. Myself, I use plain scp ;) So YOU have to do the testing!
Ok, I can test, but I don't know what to test. :-? I'd also like to use sftp, if that's what we are supposed to use, but it simply fails to run, and nobody knows why. Only that it works for some people. Otherwise, I will have to use plain ftp. It is a nuisance. It is also unsafe, but well, it is usually local network. - -- Cheers / Saludos, Carlos E. R. (from 13.1 x86_64 "Bottle" at Telcontar) -----BEGIN PGP SIGNATURE----- Version: GnuPG v2.0.22 (GNU/Linux) iEYEARECAAYFAlSIWlIACgkQtTMYHG2NR9V+hwCgkKDrxOBaNYi8/OeaeH0NM5JK n8UAni2RmGd9aqiNgGs2kMlyM+hl+UI1 =4D7O -----END PGP SIGNATURE----- -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org
On 12/10/2014 03:26 AM, David Haller wrote:
So, I call on you guys that have an interest in the fish feature, there's a preliminary patch that _might_ work, but will need lots of testing.
The only reason to prefer fish is due to historical reasons and the fact that it is still used in older releases and various BSDs. If its broken, I want to stay 11 feed away from it. I think we would all be happy with sftp-link IF IT WORKED, but as Carlos has discovered it it hit or miss whether sftp-link works. For me selecting sftp-link and using something like jsa@screenio:/home/jsa works (to older version of opensuse), as well as to various BSD machines but using something like jsa@localhost:/home/jsa will fail every time if the machine is opensuse 13.2 (acts exactly the same with Ip addresses, FQDNs, etc) And it fails the same way when users on a different machine try to connect to Opensuse with sftp-link. (I tried from kubuntu, which offeres the sftp-link feature). This suggests to me that the problem is not MC, but some portion of ssh-sftp in opensuse 13.2, or the way sftp-link is handling the connection, and the default opwnsuse 13.2 sshd_config setup which disables passwordauthentication. As others have pointed out, you have to set your sshd to allow tunneled clear text passwords to get sftp-link to work. (in /etc//ssh/sshd_config: snip: # To disable tunneled clear text passwords, change to no here! PasswordAuthentication yes The password will be in the ssh tunnel, (encrypted), but simply allowing this type of authentication opens you up to script kiddie attacks. So most people would like to see sftp-link first try publickey login and only fall back to password if that fails. (Not: I thought this worked with public key, But I now believe I was wrong). -- After all is said and done, more is said than done. -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org
On 10 Dec 2014, jsamyth@gmail.com wrote:
The password will be in the ssh tunnel, (encrypted), but simply allowing this type of authentication opens you up to script kiddie attacks. So most people would like to see sftp-link first try publickey login and only fall back to password if that fails.
Yes, this why it worked for me- I have "PasswordAuthentication" set to "yes". To minimize the script kiddie problem, I have: 1. Moved my sshd to a non-default port. 2. I do not allow root login and use the "AllowUsers" directive. 3. I also use fail2ban. Charles -- Microsoft is not the answer. Microsoft is the question. NO (or Linux) is the answer. (Taken from a .signature from someone from the UK, source unknown)
Hello all and JFTR, [CC'ed to opensuse-de] @opensuse-de: Übersetzung usw. gibt's auf Nachfrage On Tue, 09 Dec 2014, Carlos E. R. wrote: [..]
Notice that the "Shell link..." entry is missing. Why?
The update I pushed which disables fish aka "Shell link" has, according to http://software.opensuse.org/package/mc, arrived at all (still) supported distro-versions (i.e. are 12.3 and 13.1) by now (look at the "official update" versions!, they're all at 4.8.13 for oS_12.3-oS_Factory). If you (on 12.3/13.1) want to check why I disabled fish, test this before you install the update: $ mkdir /tmp/foo $ chmod a-w /tmp/foo $ cp whatever foo_to_be_moved_but_will_be_deleted $ mc . . - start your sshd allowing password based login locally (that's another problem with ssh/sftp in mc which can be ignored for this) - In mc now choose shell-link/fish to connect to localhost, change to localhost:/tmp/foo as target (and stay local with the "source"). - Now, as source, select the file foo_to_be_moved_but_will_be_deleted. - Then "Move" the file from "local" to "shell-link/fish" via F6. You'll get an error (no write permission), as expected. BUT YOUR SOURCE foo_to_be_moved_but_will_be_deleted WILL BE GONE TOO as if the "move" had succeeded! NOT good, eh? The passing of the error back from the VFS is broken. Fixing that is rather complex. And, ISTR, that's not the only problem of the fish-vfs. So, what's the prudent path for a maintainer (and not a C-guru at that) to take? Indefinitely wait for upstream? Or, as a kind of "stop-gap" measure disable fish? There is an upstream bug pending, I intend to again reproduce above and push the matter. If you can reproduce too, join in the "fun". Oh, and if anyone is willing and able to dig into the fish-code, you're more than welcome and upstream will probably accept any sane solution. Until then, use sftp, if that works for you (apparently it does so only passwd-based, even though the code hints at supporting key-based too). -dnh PS@Mark: sorry, still unable to reproduce your sftp workaround, but that is probably due to my local configuration. I still get no connect if it's not passwd-based. Ho hum, *blushing* I think I should check my "server-side" key-setup ... Currently, I use plain CLI ssh/scp to do what I need, with no TUI (as mc) or GUI involved. -- Never be afraid to try something new. Remember, amateurs built the ark; professionals built the Titanic. -- Anonymous -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On 2014-12-19 02:45, David Haller wrote: ...
- Then "Move" the file from "local" to "shell-link/fish" via F6. You'll get an error (no write permission), as expected. BUT YOUR SOURCE foo_to_be_moved_but_will_be_deleted WILL BE GONE TOO as if the "move" had succeeded! NOT good, eh?
Would it not be possible to just disable "move" functionality (and keep the rest)? I don't remember using move remotely, I use copy (maybe I was suspicious and refrained from "move"). - -- Cheers / Saludos, Carlos E. R. (from 13.1 x86_64 "Bottle" at Telcontar) -----BEGIN PGP SIGNATURE----- Version: GnuPG v2.0.22 (GNU/Linux) iEYEARECAAYFAlSTlSsACgkQtTMYHG2NR9VY1gCfbOvSfyQbBddOUAj00pQn14qy P10AoI2OemjI0Ccox3TZhves+l/JwqGE =+dEs -----END PGP SIGNATURE----- -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org
Hello Carlos, On Fri, 19 Dec 2014, Carlos E. R. wrote:
On 2014-12-19 02:45, David Haller wrote:
- Then "Move" the file from "local" to "shell-link/fish" via F6. You'll get an error (no write permission), as expected. BUT YOUR SOURCE foo_to_be_moved_but_will_be_deleted WILL BE GONE TOO as if the "move" had succeeded! NOT good, eh?
Would it not be possible to just disable "move" functionality (and keep the rest)?
Abstract: No. Sorry. That sounds like a good idea at first, BUT, as far as I gather from the very crude and weird fish protocol (piping shell(!) commands and data over the same ssh/rsh connection *shudder*), it's implemented as copy && remove, as usual. Now, if an error occurs on copy (e.g. EPERM, ENOSPC) remotely, and the failure is not properly propagated back through the chain of remote script -> fish-proto -> local-fish-impl -> mc-vfs -> mc-ui, AND IT ISN'T, your source file will be removed even if the copy failed. And it's a hell to debug. As far as I gather, I could not disable the "move from local to remote" function without basically disabling all file-transfer (mainly copy) anyway. Don't let yourself be mislead by the "mv" helper etc. in the src/vfs/fish directory, I think that stuff is for moving stuff remotely, i.e. just like "ssh user@host mv foo bar" would do. Did I mention already, that I think the (mc-)fish(-protocol) is broken (by design)? [parens because I've no idea how e.g. dolphin implements it's "fish://"-stuff] So, until further notice, I stand by my decision to disable fish aka "shell link". Use the sftp-vfs, or some other client like scp or whatnot. A three xterm setup like this [mc-local] [mc-remote] [mc-local] [mc-remote] [mc-local] [mc-remote] [mc-local] [mc-remote] [mc-local] [mc-remote] [mc-local] [mc-remote] [cmdline for scp/sftp¹] ¹ native ssh scp/sftp command line clients is not *that* bad (esp. if you switch both mc's to one column ...), eh? Gah, and the sftp-vfs still does only work with keys here. I'll have to recheck my setup... -dnh PS: SFTP etc. generally seems to be difficult ... gftp has some stuff for that, but it's also rather crude, but hey, you get a GUI ;) No idea about the ususal filemanagers like konqi, nautilus, dolphin, thunar, etc. -- "If you are using an Macintosh e-mail program that is not from Microsoft, we recommend checking with that particular company. But most likely other e-mail programs like Eudora are not designed to enable virus replication" -- http://www.microsoft.com/mac/products/office/2001/virus_alert.asp -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org
participants (13)
-
Andrei Borzenkov -
arvidjaar@gmail.com
-
Carlos E. R. -
Carlos E. R. -
Charles Philip Chan -
David C. Rankin -
David Haller -
Doug -
jdd -
John Andersen -
John M Andersen
-
Mark Goldstein -
Patrick Shanahan