Jump to content

Recommended Posts

#FujiNet can connect to SSH hosts over N: (with encryption!) See where things are at right now, and what is to come :)

 

  • Like 7

Share this post


Link to post
Share on other sites

This is great and all, but when are you going to add L2TP IPSec VPN support?

 

*ducks*

  • Haha 2

Share this post


Link to post
Share on other sites
1 minute ago, phigan said:

This is great and all, but when are you going to add L2TP IPSec VPN support?

 

*ducks*

oh if only I could reach through the screen and give you a nice little neck massage. :)

 

-Thom

 

  • Haha 2

Share this post


Link to post
Share on other sites

It would be so cool to have a dedicated FujiNet email client. Looks like you are moving in that direction.

  • Like 1

Share this post


Link to post
Share on other sites
Posted (edited)

@tschak909: is there a disk image available with the toolset you're using in the video?  The version of netcat at atari-apps.irata.online/Networking/netcat.xex isn't working for me (login fails), and FujiNet.online/networking/n-handler.atr doesn't include netcat but has (some of) the supporting tools.

 

It looks like you're using a different version of netcat to the one that I have, so would like to try it before tearing things further apart.

Edited by x=usr(1536)

Share this post


Link to post
Share on other sites
2 hours ago, x=usr(1536) said:

The version of netcat at atari-apps.irata.online/Networking/netcat.xex isn't working for me (login fails)

The login failure is probably due to the deprecated key exchange. I've added this to my sshd_config file on a raspberry pi to enable the deprecated key algos:

 

# For FujiNet
KexAlgorithms [email protected],ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha1

This obviously isn't ideal, but it works for now. We are looking into another ssh lib and also the one we are using appears to be working on adding more algos.

  • Like 2

Share this post


Link to post
Share on other sites
13 hours ago, mozzwald said:

The login failure is probably due to the deprecated key exchange. I've added this to my sshd_config file on a raspberry pi to enable the deprecated key algos:

 

# For FujiNet
KexAlgorithms [email protected],ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha1

This obviously isn't ideal, but it works for now. We are looking into another ssh lib and also the one we are using appears to be working on adding more algos.

Enabled the deprecated algos, but it looks as though the problem is that the version of netcat that I'm using (atari-apps.irata.online/Networking/netcat.xex) isn't resolving any hosts.  It's also not working by IP, so I'm not entirely sure what's going on.

 

With 'N1:SSH://tnfs/' as the devicespec (which has a valid A record, and the #FujiNet can access the server from a host slot using that name), I get the following along with OPEN ERROR 207.  Note that this also happens when using the FQDN as well as with various permutations of upper- and lower-case hostnames:

Spoiler

Using '/dev/cu.usbserial-14410' as serial port.
Showing logs:
[22:36:36]
[22:36:36]
[22:36:36]: 1f
[22:36:36]rf:x,
[22:36:36]rf:x,
[22:36:36]Csork:siopcex' 000qt1
[22:36:36]
[22:36:36] a5y
Serial port closed!
Serial port closed!
Serial port closed!
[22:36:36] a5y
Serial port closed!
[22:36:36] a5y
Serial port closed!
Serial port closed!
[22:36:36] a5y
[22:36:36]ACK!
[22:36:36]COMPLETE!
[22:36:36]
[22:36:36]CF: 71 fe 00 00 70
[22:36:36]sioNetwork::sio_process 0xfe '': 0x00, 0x00
[22:36:36]inq_dstats = 128
[22:36:36]ACK!
[22:36:36]<-SIO read 256 bytes
[22:36:36]ACK!
[22:36:36]COMPLETE!
[22:36:36]
[22:36:36]CF: 71 4f 0c 03 cf
[22:36:36]sioNetwork::sio_process 0x4f 'O': 0x0c, 0x03
[22:36:36]sioNetwork::sio_open()
[22:36:36]
[22:36:36]ACK!
[22:36:36]<-SIO read 256 bytes
[22:36:36]ACK!
[22:36:36]sioNetwork::parseURL(N1:SSH://TNFS/)
[22:36:36]sioNetwork::parseURL transformed to (N1:SSH://TNFS/, SSH://TNFS/)
[22:36:36]Parse and instantiate protocol: N1:SSH://TNFS/
[22:36:36]NetworkProtocol::ctor()
[22:36:36]NetworkProtocolSSH::NetworkProtocolSSH(0x3ffb09cc,0x3ffb09f4,0x3ffb0a1c)
[22:36:36]sioNetwork::open_protocol() - Protocol SSH opened.
[22:36:36]Resolving hostname "TNFS"
[22:36:36]Name failed to resolve
[22:36:46]socket error on fd 57, errno: 113, "Software caused connection abort"
[22:36:46]NetworkProtocolSSH::open() - Could not connect to host. Aborting.
[22:36:46]Protocol unable to make connection. Error: 207
[22:36:46]NetworkProtocolSSH::~NetworkProtocolSSH()
[22:36:46]NetworkProtocol::dtor()
[22:36:46]ERROR!
[22:36:46]
[22:36:46]CF: 71 4f 0c 03 cf
[22:36:46]sioNetwork::sio_process 0x4f 'O': 0x0c, 0x03
[22:36:46]sioNetwork::sio_open()
[22:36:46]
[22:36:46]ACK!
[22:36:46]<-SIO read 256 bytes
[22:36:46]ACK!
[22:36:46]sioNetwork::parseURL(N1:SSH://TNFS/)
[22:36:46]sioNetwork::parseURL transformed to (N1:SSH://TNFS/, SSH://TNFS/)
[22:36:46]Parse and instantiate protocol: N1:SSH://TNFS/
[22:36:46]NetworkProtocol::ctor()
[22:36:46]NetworkProtocolSSH::NetworkProtocolSSH(0x3ffb09cc,0x3ffb09f4,0x3ffb0a1c)
[22:36:46]sioNetwork::open_protocol() - Protocol SSH opened.
[22:36:46]Resolving hostname "TNFS"
[22:36:46]Name failed to resolve
[22:36:56]socket error on fd 57, errno: 113, "Software caused connection abort"
[22:36:56]NetworkProtocolSSH::open() - Could not connect to host. Aborting.
[22:36:56]Protocol unable to make connection. Error: 207
[22:36:56]NetworkProtocolSSH::~NetworkProtocolSSH()
[22:36:56]NetworkProtocol::dtor()
[22:36:56]ERROR!
[22:36:56]
[22:36:56]CF: 71 53 00 00 c4
[22:36:56]sioNetwork::sio_process 0x53 'S': 0x00, 0x00
[22:36:56]ACK!
[22:36:56]sioNetwork::sio_status_local(0)
[22:36:56]->SIO write 4 bytes
[22:36:56]COMPLETE!

 

For comparison, here it is trying to connect via IP address and giving OPEN ERROR 207 even though the #FujiNet appears to contact the remote host:

Spoiler

Using '/dev/cu.usbserial-14410' as serial port.
Showing logs:
[22:40:37]
[22:40:37]
[22:40:37]C
[22:40:37]i x  x00
[22:40:37]0 0sook::sess': 0i_tt 28K
[22:40:37]i x  x00
[22:40:37]f'0nqs
[22:40:37]26y
[22:40:37]26y
Serial port closed!
Serial port closed!
Serial port closed!
[22:40:37]26y
Serial port closed!
[22:40:37]26y
Serial port closed!
Serial port closed!
[22:40:37]ACK!
[22:40:37]COMPLETE!
[22:40:38]
[22:40:38]CF: 71 fe 00 00 70
[22:40:38]sioNetwork::sio_process 0xfe '': 0x00, 0x00
[22:40:38]inq_dstats = 128
[22:40:38]ACK!
[22:40:38]<-SIO read 256 bytes
[22:40:38]ACK!
[22:40:38]COMPLETE!
[22:40:38]
[22:40:38]CF: 71 4f 0c 03 cf
[22:40:38]sioNetwork::sio_process 0x4f 'O': 0x0c, 0x03
[22:40:38]sioNetwork::sio_open()
[22:40:38]
[22:40:38]ACK!
[22:40:38]<-SIO read 256 bytes
[22:40:38]ACK!
[22:40:38]sioNetwork::parseURL(N1:SSH://192.168.1.100/)
[22:40:38]sioNetwork::parseURL transformed to (N1:SSH://192.168.1.100/, SSH://192.168.1.100/)
[22:40:38]Parse and instantiate protocol: N1:SSH://192.168.1.100/
[22:40:38]NetworkProtocol::ctor()
[22:40:38]NetworkProtocolSSH::NetworkProtocolSSH(0x3ffb09cc,0x3ffb09f4,0x3ffb0a1c)
[22:40:38]sioNetwork::open_protocol() - Protocol SSH opened.
[22:40:38]Resolving hostname "192.168.1.100"
[22:40:38]Resolved to address 192.168.1.100
[22:40:38]socket error on fd 57, errno: 104, "Connection reset by peer"
[22:40:38]NetworkProtocolSSH::open() - Could not connect to host. Aborting.
[22:40:38]Protocol unable to make connection. Error: 207
[22:40:38]NetworkProtocolSSH::~NetworkProtocolSSH()
[22:40:38]NetworkProtocol::dtor()
[22:40:38]ERROR!
[22:40:38]
[22:40:38]CF: 71 4f 0c 03 cf
[22:40:38]sioNetwork::sio_process 0x4f 'O': 0x0c, 0x03
[22:40:38]sioNetwork::sio_open()
[22:40:38]
[22:40:38]ACK!
[22:40:38]<-SIO read 256 bytes
[22:40:38]ACK!
[22:40:38]sioNetwork::parseURL(N1:SSH://192.168.1.100/)
[22:40:38]sioNetwork::parseURL transformed to (N1:SSH://192.168.1.100/, SSH://192.168.1.100/)
[22:40:38]Parse and instantiate protocol: N1:SSH://192.168.1.100/
[22:40:38]NetworkProtocol::ctor()
[22:40:38]NetworkProtocolSSH::NetworkProtocolSSH(0x3ffb09cc,0x3ffb09f4,0x3ffb0a1c)
[22:40:38]sioNetwork::open_protocol() - Protocol SSH opened.
[22:40:38]Resolving hostname "192.168.1.100"
[22:40:38]Resolved to address 192.168.1.100
[22:40:38]socket error on fd 57, errno: 104, "Connection reset by peer"
[22:40:38]NetworkProtocolSSH::open() - Could not connect to host. Aborting.
[22:40:38]Protocol unable to make connection. Error: 207
[22:40:38]NetworkProtocolSSH::~NetworkProtocolSSH()
[22:40:38]NetworkProtocol::dtor()
[22:40:38]ERROR!
[22:40:38]
[22:40:38]CF: 71 53 00 00 c4
[22:40:38]sioNetwork::sio_process 0x53 'S': 0x00, 0x00
[22:40:38]ACK!
[22:40:38]sioNetwork::sio_status_local(0)
[22:40:38]->SIO write 4 bytes
[22:40:38]COMPLETE!

 

Just for giggles, I re-disabled the deprecated algos.  Same thing, but now with OPEN ERROR 165 in all cases.

 

Not sure what's going on - name resolution is otherwise working fine, and everything checks out re: usernames, passwords, etc.

Share this post


Link to post
Share on other sites
8 hours ago, x=usr(1536) said:

With 'N1:SSH://tnfs/' as the devicespec (which has a valid A record, and the #FujiNet can access the server from a host slot using that name), I get the following along with OPEN ERROR 207.

Not sure about the dns.

 

8 hours ago, x=usr(1536) said:

For comparison, here it is trying to connect via IP address and giving OPEN ERROR 207 even though the #FujiNet appears to contact the remote host

Try adding the ssh port "N1:SSH://192.168.1.100:22"

  • Like 1

Share this post


Link to post
Share on other sites
21 minutes ago, mozzwald said:

Not sure about the dns.

 

Try adding the ssh port "N1:SSH://192.168.1.100:22"

Well, I feel dumb - adding the port in fixed it :D

 

The caveat to this is that you *must* use the FQDN.  For some reason, despite DHCP handing out the domain name to clients in my environment, the #FujiNet doesn't seem to be handling that option.  So while N1:SSH://tnfs.example.org:22 will work, N1:SSH://tnfs:22 will not.

 

From what I can tell, the other DHCP options are being picked up correctly - the #FujiNet routes correctly, and from checking the web UI the time is in sync with the local NTP server, including timezone.  I'm wondering if the domain-name option just isn't being processed.

 

In any event, I now have an excuse to add an 80-column upgrade to the list :D

  • Like 1

Share this post


Link to post
Share on other sites

Did a quick check of the FQDN / domain-name option theory by editing the hostname of the local server in one of the host slots from 'tnfs.example.org' to just 'tnfs'.  The #FujiNet didn't resolve it.  Changed it back and all was well again.

Share this post


Link to post
Share on other sites
On 5/3/2021 at 6:32 AM, x=usr(1536) said:

Did a quick check of the FQDN / domain-name option theory by editing the hostname of the local server in one of the host slots from 'tnfs.example.org' to just 'tnfs'.  The #FujiNet didn't resolve it.  Changed it back and all was well again.

This has been my experience too.  I always have to type full domain names.  My DNS server doesn't resolve machine names by themselves, and I set 'append these dns suffixes' in Windows.

  • Like 1

Share this post


Link to post
Share on other sites
6 minutes ago, cathrynm said:

This has been my experience too.  I always have to type full domain names.  My DNS server doesn't resolve machine names by themselves, and I set 'append these dns suffixes' in Windows.

Yep, I've run across that in Windows before as well.  Thing is, the #FujiNet is the only device on the network that displays this behaviour, at least as far as I can tell.  Registration of hostnames in DNS for DHCP clients is working via dnsmasq, and everything else - including Windows clients - seem to pick up the domain-name option without issue.

 

Not gonna lose sleep over it since the workaround is no biggie, but I am curious as to what's happening.

Share this post


Link to post
Share on other sites
10 hours ago, phigan said:

I don't know if you guys have seen this project or if it would help to see which library they are using for SSH.

That's all written in java which wont work for the esp32

Share this post


Link to post
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

Loading...

  • Recently Browsing   0 members

    No registered users viewing this page.

×
×
  • Create New...