Hello,
I’m running vine viewer 3.0 (build 1030) on Leopard 10.5.5 fully patched up to date (2008-10-24) and I’m unable to connect to Fedora 8 based VNC servers via a SSH tunnel.
I’ve performed some diagnostic testing an believe there is either a bug in Leopard or something has changed that Vine viewer is unaware of or there a configuration change I’m unaware of. Here’s what happening.
Putting SSHD on the Linux bos into diagnostic mode and attempting to connect shows that the Mac drops the connection during authentication.
I was attempting to connect to a new install, as a reference I tried to connect to the server it’s replacing (which I know worked with Vine at one point although I hadn’t tried to connect for a while) both are failing in the same way.
I’m able to establish a secured VNC connection in both directions between the two Linux machines so I’m reasonably certain Linux is configured correctly.
I can connect via vine to other OS X systems no problem
I can connect via vine to Linux VNC without SSH enabled no problem.
I can establish a ssh terminal session to the same server no problem both password and key based authentication.
I can connect via vncviewer over SSH Linux to Linux no problem
This isolates the problem to one of Leopard, Vine Viewer or an OS X configuration problem
As a secondary check I tried JollyFastVNC which was the only OS X client I could find supporting SSH, this product is in alpha release but it failed in a similar way although later in the authentication process. This suggests the problem is more likely to be with Leopard or configuration.
I’m out of Ideas, any suggestions (within reason :-)) welcome.
Thanks
Ray
Well you’ve tried most of what I would have suggested. Something that may help you in your testing is knowing that Vine specifies an ssh_config file (stored in Vine Viewer.app/Resources). Adjusting the settings there might help you to get a valid connection.
It would help if you could pass along what error message you are getting and also look in your Console.log file for Vine Viewer messages.
sorry for the delay replying, my new MBP was due to arrive so I thought I’d try with a clean install first. no joy - same error. There were no messages posted to the system log on the Mac for the failed connection. Here’s the DEBUG trace from the SSH server on the Fedora 8 system.
Nov 2 17:19:15 hurricane sshd[4611]: debug1: rexec start in 4 out 4 newsock 4 pipe 6 sock 7
Nov 2 17:19:15 hurricane sshd[4611]: debug1: inetd sockets after dupping: 3, 3
Nov 2 17:19:15 hurricane sshd[4611]: Connection from 192.168.0.79 port 49668
Nov 2 17:19:15 hurricane sshd[4611]: debug1: Client protocol version 2.0; client software version OpenSSH_5.0
Nov 2 17:19:15 hurricane sshd[4611]: debug1: match: OpenSSH_5.0 pat OpenSSH*
Nov 2 17:19:15 hurricane sshd[4611]: debug1: Enabling compatibility mode for protocol 2.0
Nov 2 17:19:15 hurricane sshd[4611]: debug1: Local version string SSH-2.0-OpenSSH_4.7
Nov 2 17:19:15 hurricane sshd[4612]: debug1: permanently_set_uid: 74/74
Nov 2 17:19:15 hurricane sshd[4612]: debug1: list_hostkey_types: ssh-rsa,ssh-dss
Nov 2 17:19:15 hurricane sshd[4612]: debug1: SSH2_MSG_KEXINIT sent
Nov 2 17:19:15 hurricane sshd[4612]: debug1: SSH2_MSG_KEXINIT received
Nov 2 17:19:15 hurricane sshd[4612]: debug1: kex: client->server aes128-cbc hmac-md5 none
Nov 2 17:19:15 hurricane sshd[4612]: debug1: kex: server->client aes128-cbc hmac-md5 none
Nov 2 17:19:15 hurricane sshd[4612]: debug1: SSH2_MSG_KEX_DH_GEX_REQUEST received
Nov 2 17:19:15 hurricane sshd[4612]: debug1: SSH2_MSG_KEX_DH_GEX_GROUP sent
Nov 2 17:19:15 hurricane sshd[4612]: debug1: expecting SSH2_MSG_KEX_DH_GEX_INIT
Nov 2 17:19:15 hurricane sshd[4612]: debug1: SSH2_MSG_KEX_DH_GEX_REPLY sent
Nov 2 17:19:15 hurricane sshd[4612]: debug1: SSH2_MSG_NEWKEYS sent
Nov 2 17:19:15 hurricane sshd[4612]: debug1: expecting SSH2_MSG_NEWKEYS
Nov 2 17:19:15 hurricane sshd[4612]: debug1: SSH2_MSG_NEWKEYS received
Nov 2 17:19:15 hurricane sshd[4612]: debug1: KEX done
Nov 2 17:19:15 hurricane sshd[4612]: debug1: userauth-request for user ray service ssh-connection method none
Nov 2 17:19:15 hurricane sshd[4612]: debug1: attempt 0 failures 0
Nov 2 17:19:25 hurricane sshd[4612]: Connection closed by 192.168.0.79
Nov 2 17:19:25 hurricane sshd[4612]: debug1: do_cleanup
Nov 2 17:19:25 hurricane sshd[4611]: debug1: PAM: initializing for “ray”
Nov 2 17:19:25 hurricane sshd[4611]: debug1: PAM: setting PAM_RHOST to “192.168.0.79”
Nov 2 17:19:25 hurricane sshd[4611]: debug1: PAM: setting PAM_TTY to “ssh”
Nov 2 17:19:25 hurricane sshd[4611]: debug1: do_cleanup
Nov 2 17:19:25 hurricane sshd[4611]: debug1: PAM: cleanup
As you can see, Linux reports that the mac (.0.79) closes the connection part way through authentication.
I then upped the logging level to DEBUG3 in the vine viewer resource directory file, closed & restarted vine, still didn’t see anything pertaining to vine in the console or all messages log except an Approved License message.
I did however notice this in the connect failed dialog
Connection failed:Unable to Connect To VNC Server through SSH
rse_kexinit: aes128-cbc,3des-cbc,blowfish-
I dont recall seeing the second line previously but cant swear it wasn’t there before.
Yeah this is definitely looking like it’s a Leopard SSH compatibility issue. I’m sure that with the proper configuration of SSH it can be made to work again, but that might take some trial and error.
No luck so far messing with ssh_config however I did notice one thing
I logged on to the remote server via ssh from I term having replaced my config file with the one from vine viewer without any problem.
I put my original config back and logged in again, I then tailed /var/log/secure and logged in from a second terminal; at the point the connection is dropped by vine the was a pause of some 7-8 seconds before the process continued and completed successfully. I was wondering if I could be seeing a connection timeout (the period seems too short to me) but it would explain the issue.
Nov 7 13:21:24 hurricane sshd[6698]: debug1: SSH2_MSG_NEWKEYS received
Nov 7 13:21:24 hurricane sshd[6698]: debug1: KEX done
Nov 7 13:21:24 hurricane sshd[6698]: debug1: userauth-request for user ray service ssh-connection method none
Nov 7 13:21:24 hurricane sshd[6698]: debug1: attempt 0 failures 0
This is where Vine Drops the connection
Nov 7 13:21:34 hurricane sshd[6697]: debug1: PAM: initializing for “ray”
Nov 7 13:21:34 hurricane sshd[6698]: debug1: userauth-request for user ray service ssh-connection method publickey
Nov 7 13:21:34 hurricane sshd[6698]: debug1: attempt 1 failures 1
Nov 7 13:21:34 hurricane sshd[6698]: debug1: test whether pkalg/pkblob are acceptable
Nov 7 13:21:34 hurricane sshd[6697]: debug1: PAM: setting PAM_RHOST to “192.168.0.84”
Nov 7 13:21:34 hurricane sshd[6697]: debug1: PAM: setting PAM_TTY to “ssh”
Nov 7 13:21:34 hurricane sshd[6697]: debug1: temporarily_use_uid: 500/500 (e=0/0)
Nov 7 13:21:34 hurricane sshd[6697]: debug1: trying public key file /home/ray/.ssh/authorized_keys
Nov 7 13:21:34 hurricane sshd[6697]: debug1: matching key found: file /home/ray/.ssh/authorized_keys, line 2
Nov 7 13:21:34 hurricane sshd[6697]: Found matching RSA key: FingerPrint ommited
Nov 7 13:21:34 hurricane sshd[6697]: debug1: restore_uid: 0/0
No
Fixed it,
Following the thought about a timeout I up the Linux SSH debug level to 3 & retried, noticed the authentication thread was attempting a reverse DNS lookup, during the pause. I’m currently using a temporary router that seems to provide DHCP addressed on it’s internal network but no DNS resolution, for a command line connection this times out and the process continues. Created a host entry for the IP allocated to my MBP and Vine connected straight away.
Not 100% sure this is the exact cause but it does look like Vine is timing out its connection before the reverse DNS has a chance to fail.
Ahh I’m 100% sure that you are right. We have noticed problems in other areas because of Leopard DNS issues.