N: SSH demo

[tschak909]

#FujiNet can connect to SSH hosts over N: (with encryption!) See where things are at right now, and what is to come

 

[phigan]

This is great and all, but when are you going to add L2TP IPSec VPN support?

 

*ducks*

[tschak909]

1 minute ago, phigan said:

This is great and all, but when are you going to add L2TP IPSec VPN support?

 

*ducks*

oh if only I could reach through the screen and give you a nice little neck massage.

 

-Thom

 

[mytek]

It would be so cool to have a dedicated FujiNet email client. Looks like you are moving in that direction.

[phigan]

On the SSH thing, I was thinking it would be cool to be able to do like [email protected]:port or something like that from terminal, in addition to N: function.

[+x=usr(1536)]

@tschak909: is there a disk image available with the toolset you're using in the video?  The version of netcat at atari-apps.irata.online/Networking/netcat.xex isn't working for me (login fails), and FujiNet.online/networking/n-handler.atr doesn't include netcat but has (some of) the supporting tools.

 

It looks like you're using a different version of netcat to the one that I have, so would like to try it before tearing things further apart.

Edited May 2, 2021 by x=usr(1536)

[mozzwald]

2 hours ago, x=usr(1536) said:

The version of netcat at atari-apps.irata.online/Networking/netcat.xex isn't working for me (login fails)

The login failure is probably due to the deprecated key exchange. I've added this to my sshd_config file on a raspberry pi to enable the deprecated key algos:

 

# For FujiNet
KexAlgorithms [email protected],ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha1

This obviously isn't ideal, but it works for now. We are looking into another ssh lib and also the one we are using appears to be working on adding more algos.

[+x=usr(1536)]

13 hours ago, mozzwald said:

The login failure is probably due to the deprecated key exchange. I've added this to my sshd_config file on a raspberry pi to enable the deprecated key algos:

 

# For FujiNet
KexAlgorithms [email protected],ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha1

This obviously isn't ideal, but it works for now. We are looking into another ssh lib and also the one we are using appears to be working on adding more algos.

Enabled the deprecated algos, but it looks as though the problem is that the version of netcat that I'm using (atari-apps.irata.online/Networking/netcat.xex) isn't resolving any hosts.  It's also not working by IP, so I'm not entirely sure what's going on.

 

With 'N1:SSH://tnfs/' as the devicespec (which has a valid A record, and the #FujiNet can access the server from a host slot using that name), I get the following along with OPEN ERROR 207.  Note that this also happens when using the FQDN as well as with various permutations of upper- and lower-case hostnames:

Spoiler

Using '/dev/cu.usbserial-14410' as serial port.
Showing logs:
[22:36:36]
[22:36:36]
[22:36:36]: 1f
[22:36:36]rf:x,
[22:36:36]rf:x,
[22:36:36]Csork:siopcex' 000qt1
[22:36:36]
[22:36:36] a5y
Serial port closed!
Serial port closed!
Serial port closed!
[22:36:36] a5y
Serial port closed!
[22:36:36] a5y
Serial port closed!
Serial port closed!
[22:36:36] a5y
[22:36:36]ACK!
[22:36:36]COMPLETE!
[22:36:36]
[22:36:36]CF: 71 fe 00 00 70
[22:36:36]sioNetwork::sio_process 0xfe '': 0x00, 0x00
[22:36:36]inq_dstats = 128
[22:36:36]ACK!
[22:36:36]<-SIO read 256 bytes
[22:36:36]ACK!
[22:36:36]COMPLETE!
[22:36:36]
[22:36:36]CF: 71 4f 0c 03 cf
[22:36:36]sioNetwork::sio_process 0x4f 'O': 0x0c, 0x03
[22:36:36]sioNetwork::sio_open()
[22:36:36]
[22:36:36]ACK!
[22:36:36]<-SIO read 256 bytes
[22:36:36]ACK!
[22:36:36]sioNetwork::parseURL(N1:SSH://TNFS/)
[22:36:36]sioNetwork::parseURL transformed to (N1:SSH://TNFS/, SSH://TNFS/)
[22:36:36]Parse and instantiate protocol: N1:SSH://TNFS/
[22:36:36]NetworkProtocol::ctor()
[22:36:36]NetworkProtocolSSH::NetworkProtocolSSH(0x3ffb09cc,0x3ffb09f4,0x3ffb0a1c)
[22:36:36]sioNetwork::open_protocol() - Protocol SSH opened.
[22:36:36]Resolving hostname "TNFS"
[22:36:36]Name failed to resolve
[22:36:46]socket error on fd 57, errno: 113, "Software caused connection abort"
[22:36:46]NetworkProtocolSSH::open() - Could not connect to host. Aborting.
[22:36:46]Protocol unable to make connection. Error: 207
[22:36:46]NetworkProtocolSSH::~NetworkProtocolSSH()
[22:36:46]NetworkProtocol::dtor()
[22:36:46]ERROR!
[22:36:46]
[22:36:46]CF: 71 4f 0c 03 cf
[22:36:46]sioNetwork::sio_process 0x4f 'O': 0x0c, 0x03
[22:36:46]sioNetwork::sio_open()
[22:36:46]
[22:36:46]ACK!
[22:36:46]<-SIO read 256 bytes
[22:36:46]ACK!
[22:36:46]sioNetwork::parseURL(N1:SSH://TNFS/)
[22:36:46]sioNetwork::parseURL transformed to (N1:SSH://TNFS/, SSH://TNFS/)
[22:36:46]Parse and instantiate protocol: N1:SSH://TNFS/
[22:36:46]NetworkProtocol::ctor()
[22:36:46]NetworkProtocolSSH::NetworkProtocolSSH(0x3ffb09cc,0x3ffb09f4,0x3ffb0a1c)
[22:36:46]sioNetwork::open_protocol() - Protocol SSH opened.
[22:36:46]Resolving hostname "TNFS"
[22:36:46]Name failed to resolve
[22:36:56]socket error on fd 57, errno: 113, "Software caused connection abort"
[22:36:56]NetworkProtocolSSH::open() - Could not connect to host. Aborting.
[22:36:56]Protocol unable to make connection. Error: 207
[22:36:56]NetworkProtocolSSH::~NetworkProtocolSSH()
[22:36:56]NetworkProtocol::dtor()
[22:36:56]ERROR!
[22:36:56]
[22:36:56]CF: 71 53 00 00 c4
[22:36:56]sioNetwork::sio_process 0x53 'S': 0x00, 0x00
[22:36:56]ACK!
[22:36:56]sioNetwork::sio_status_local(0)
[22:36:56]->SIO write 4 bytes
[22:36:56]COMPLETE!

 

For comparison, here it is trying to connect via IP address and giving OPEN ERROR 207 even though the #FujiNet appears to contact the remote host:

Spoiler

Using '/dev/cu.usbserial-14410' as serial port.
Showing logs:
[22:40:37]
[22:40:37]
[22:40:37]C
[22:40:37]i x  x00
[22:40:37]0 0sook::sess': 0i_tt 28K
[22:40:37]i x  x00
[22:40:37]f'0nqs
[22:40:37]26y
[22:40:37]26y
Serial port closed!
Serial port closed!
Serial port closed!
[22:40:37]26y
Serial port closed!
[22:40:37]26y
Serial port closed!
Serial port closed!
[22:40:37]ACK!
[22:40:37]COMPLETE!
[22:40:38]
[22:40:38]CF: 71 fe 00 00 70
[22:40:38]sioNetwork::sio_process 0xfe '': 0x00, 0x00
[22:40:38]inq_dstats = 128
[22:40:38]ACK!
[22:40:38]<-SIO read 256 bytes
[22:40:38]ACK!
[22:40:38]COMPLETE!
[22:40:38]
[22:40:38]CF: 71 4f 0c 03 cf
[22:40:38]sioNetwork::sio_process 0x4f 'O': 0x0c, 0x03
[22:40:38]sioNetwork::sio_open()
[22:40:38]
[22:40:38]ACK!
[22:40:38]<-SIO read 256 bytes
[22:40:38]ACK!
[22:40:38]sioNetwork::parseURL(N1:SSH://192.168.1.100/)
[22:40:38]sioNetwork::parseURL transformed to (N1:SSH://192.168.1.100/, SSH://192.168.1.100/)
[22:40:38]Parse and instantiate protocol: N1:SSH://192.168.1.100/
[22:40:38]NetworkProtocol::ctor()
[22:40:38]NetworkProtocolSSH::NetworkProtocolSSH(0x3ffb09cc,0x3ffb09f4,0x3ffb0a1c)
[22:40:38]sioNetwork::open_protocol() - Protocol SSH opened.
[22:40:38]Resolving hostname "192.168.1.100"
[22:40:38]Resolved to address 192.168.1.100
[22:40:38]socket error on fd 57, errno: 104, "Connection reset by peer"
[22:40:38]NetworkProtocolSSH::open() - Could not connect to host. Aborting.
[22:40:38]Protocol unable to make connection. Error: 207
[22:40:38]NetworkProtocolSSH::~NetworkProtocolSSH()
[22:40:38]NetworkProtocol::dtor()
[22:40:38]ERROR!
[22:40:38]
[22:40:38]CF: 71 4f 0c 03 cf
[22:40:38]sioNetwork::sio_process 0x4f 'O': 0x0c, 0x03
[22:40:38]sioNetwork::sio_open()
[22:40:38]
[22:40:38]ACK!
[22:40:38]<-SIO read 256 bytes
[22:40:38]ACK!
[22:40:38]sioNetwork::parseURL(N1:SSH://192.168.1.100/)
[22:40:38]sioNetwork::parseURL transformed to (N1:SSH://192.168.1.100/, SSH://192.168.1.100/)
[22:40:38]Parse and instantiate protocol: N1:SSH://192.168.1.100/
[22:40:38]NetworkProtocol::ctor()
[22:40:38]NetworkProtocolSSH::NetworkProtocolSSH(0x3ffb09cc,0x3ffb09f4,0x3ffb0a1c)
[22:40:38]sioNetwork::open_protocol() - Protocol SSH opened.
[22:40:38]Resolving hostname "192.168.1.100"
[22:40:38]Resolved to address 192.168.1.100
[22:40:38]socket error on fd 57, errno: 104, "Connection reset by peer"
[22:40:38]NetworkProtocolSSH::open() - Could not connect to host. Aborting.
[22:40:38]Protocol unable to make connection. Error: 207
[22:40:38]NetworkProtocolSSH::~NetworkProtocolSSH()
[22:40:38]NetworkProtocol::dtor()
[22:40:38]ERROR!
[22:40:38]
[22:40:38]CF: 71 53 00 00 c4
[22:40:38]sioNetwork::sio_process 0x53 'S': 0x00, 0x00
[22:40:38]ACK!
[22:40:38]sioNetwork::sio_status_local(0)
[22:40:38]->SIO write 4 bytes
[22:40:38]COMPLETE!

 

Just for giggles, I re-disabled the deprecated algos.  Same thing, but now with OPEN ERROR 165 in all cases.

 

Not sure what's going on - name resolution is otherwise working fine, and everything checks out re: usernames, passwords, etc.

[mozzwald]

8 hours ago, x=usr(1536) said:

With 'N1:SSH://tnfs/' as the devicespec (which has a valid A record, and the #FujiNet can access the server from a host slot using that name), I get the following along with OPEN ERROR 207.

Not sure about the dns.

 

8 hours ago, x=usr(1536) said:

For comparison, here it is trying to connect via IP address and giving OPEN ERROR 207 even though the #FujiNet appears to contact the remote host

Try adding the ssh port "N1:SSH://192.168.1.100:22"

[+x=usr(1536)]

21 minutes ago, mozzwald said:

Not sure about the dns.

 

Try adding the ssh port "N1:SSH://192.168.1.100:22"

Well, I feel dumb - adding the port in fixed it

 

The caveat to this is that you *must* use the FQDN.  For some reason, despite DHCP handing out the domain name to clients in my environment, the #FujiNet doesn't seem to be handling that option.  So while N1:SSH://tnfs.example.org:22 will work, N1:SSH://tnfs:22 will not.

 

From what I can tell, the other DHCP options are being picked up correctly - the #FujiNet routes correctly, and from checking the web UI the time is in sync with the local NTP server, including timezone.  I'm wondering if the domain-name option just isn't being processed.

 

In any event, I now have an excuse to add an 80-column upgrade to the list

[+x=usr(1536)]

Did a quick check of the FQDN / domain-name option theory by editing the hostname of the local server in one of the host slots from 'tnfs.example.org' to just 'tnfs'.  The #FujiNet didn't resolve it.  Changed it back and all was well again.

[phigan]

I don't know if you guys have seen this project or if it would help to see which library they are using for SSH..

 

https://sourceforge.net/projects/atari-usb-modem/

 

[cathrynm]

On 5/3/2021 at 6:32 AM, x=usr(1536) said:

Did a quick check of the FQDN / domain-name option theory by editing the hostname of the local server in one of the host slots from 'tnfs.example.org' to just 'tnfs'.  The #FujiNet didn't resolve it.  Changed it back and all was well again.

This has been my experience too.  I always have to type full domain names.  My DNS server doesn't resolve machine names by themselves, and I set 'append these dns suffixes' in Windows.

[+x=usr(1536)]

6 minutes ago, cathrynm said:

This has been my experience too.  I always have to type full domain names.  My DNS server doesn't resolve machine names by themselves, and I set 'append these dns suffixes' in Windows.

Yep, I've run across that in Windows before as well.  Thing is, the #FujiNet is the only device on the network that displays this behaviour, at least as far as I can tell.  Registration of hostnames in DNS for DHCP clients is working via dnsmasq, and everything else - including Windows clients - seem to pick up the domain-name option without issue.

 

Not gonna lose sleep over it since the workaround is no biggie, but I am curious as to what's happening.

[mozzwald]

10 hours ago, phigan said:

I don't know if you guys have seen this project or if it would help to see which library they are using for SSH.

That's all written in java which wont work for the esp32

[scottinNH]

A very loaded question... any thoughts on hosting SSHd *server* or simple listener on the FN that can then send events and data into the Atari?

 

 

On the Raspberry Pi I'm playing with "Remote GPIO".   I'd frame my question in that context... I'd like to run the A8 in my lab, then "push" some cod/data/events to the A8 from a Linux box. For example, load an AMS file, I/O over the joystick ports, etc. (These are just use cases... I know there's no shell and nothing to "expose" the OS over serial)

 

Alternatively maybe it's more straightforward for me achieve something similar to "remote control" the A8 by running code on it that polls my Linux box for updated code/data.

 

 

 

 

Edited June 25, 2021 by scottinNH

[tschak909]

23 minutes ago, scottinNH said:

A very loaded question... any thoughts on hosting SSHd *server* or simple listener on the FN that can then send events and data into the Atari?

 

 

On the Raspberry Pi I'm playing with "Remote GPIO".   I'd frame my question in that context... I'd like to run the A8 in my lab, then "push" some cod/data/events to the A8 from a Linux box. For example, load an AMS file, I/O over the joystick ports, etc. (These are just use cases... I know there's no shell and nothing to "expose" the OS over serial)

 

Alternatively maybe it's more straightforward for me achieve something similar to "remote control" the A8 by running code on it that polls my Linux box for updated code/data.

 

 

 

 

Go for it, the firmware's open, see if you can add an ssh server.

 

-Thom

[scottinNH]

2 hours ago, tschak909 said:

Go for it, the firmware's open, see if you can add an ssh server.

 

-Thom

Does the FN support creating listening sockets from BASIC?
And is there support for BASIC to respond to SIO interrupt pin? Or an example in any language?

(I'm not hellbent on BASIC, I kinda hate it, but I don't want to bloat scope by learning C)

All I want to do is and bytes from a TCP client on Linux, and have the A8 display it. Or failing that I kludge something with FTP and make the FN poll a data file I update at intervals.

 

[tschak909]

3 minutes ago, scottinNH said:

Does the FN support creating listening sockets from BASIC?
And is there support for BASIC to respond to SIO interrupt pin? Or an example in any language?

(I'm not hellbent on BASIC, I kinda hate it, but I don't want to bloat scope by learning C)

All I want to do is and bytes from a TCP client on Linux, and have the A8 display it. Or failing that I kludge something with FTP and make the FN poll a data file I update at intervals.

 

Yes. The disks in the DOS directory on atari-apps.irata.online contain a N: handler.

 

OPEN #1,12,3,"N:TCP://:6502/":REM CREATE LISTENING SOCKET ON PORT 6502

STATUS #1,A:IF PEEK(747) THEN GOTO ACCEPT

XIO 65,#1,12,3,"N:":REM ACCEPT LISTENING SOCKET
PRINT #1;"HELLO"
CLOSE #1

 

[scottinNH]

12 minutes ago, tschak909 said:

Yes. The disks in the DOS directory on atari-apps.irata.online contain a N: handler.

 

OPEN #1,12,3,"N:TCP://:6502/":REM CREATE LISTENING SOCKET ON PORT 6502

STATUS #1,A:IF PEEK(747) THEN GOTO ACCEPT

XIO 65,#1,12,3,"N:":REM ACCEPT LISTENING SOCKET
PRINT #1;"HELLO"
CLOSE #1

 

PERFECT, TY!  

[monsoft]

Unfortunately, for me ssh connection doesn't work :(

I deployed basic ubuntu linux server on my virtual box and run test:

 

16:03:05.951 > sioNetwork::parseURL(N1:SSH://192.168.1.212:22/)
16:03:05.951 > sioNetwork::parseURL transformed to (N1:SSH://192.168.1.212:22/, SSH://192.168.1.212:22/)
16:03:05.966 > Parse and instantiate protocol: N1:SSH://192.168.1.212:22/
16:03:05.966 > NetworkProtocol::ctor()
16:03:05.966 > NetworkProtocolSSH::NetworkProtocolSSH(0x3ffb0e28,0x3ffb0e50,0x3ffb0e78)
16:03:05.966 > sioNetwork::open_protocol() - Protocol SSH opened.
16:03:05.966 > Resolving hostname "192.168.1.212"
16:03:05.967 > Resolved to address 192.168.1.212
16:03:05.968 > NetworkProtocolSSH::open() - Opening session.
16:03:05.969 > NetworkProtocolSSH::open() - Attempting session handshake with fd 57
16:03:06.344 > SSH Host Key Fingerprint is: 7E:35:6C:F6:DB:68:72:C7:1A:FA:8B:12:1B:32:21:C6:DB:54:75:A7
16:03:06.358 > Authentication methods: publickey,password
16:03:09.497 > Could not perform userauth.
16:03:09.497 > Protocol unable to make connection. Error: 144
16:03:09.507 > NetworkProtocolSSH::~NetworkProtocolSSH()
16:03:09.507 > NetworkProtocol::dtor()
16:03:09.508 > ERROR

 

[mozzwald]

1 hour ago, monsoft said:

Unfortunately, for me ssh connection doesn't work 

I deployed basic ubuntu linux server on my virtual box and run test:

Did you enable the correct algo?

 

[monsoft]

Yes

 

$ sudo grep "^KexAlgorithms" /etc/ssh/sshd_config
KexAlgorithms [email protected],ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha1

I use firmware build using PlatformIO

Edited July 2, 2021 by monsoft

[Lord Thag]

This is pretty damned awesome. I’ve been out of the loop with work and COVID, and I *finally* have a Fujinet setup inbound (NUC+) so I’ve been catching up on what it can do. Last time I looked, it connected to Plato…. Now it’s a full on tcp/ip interface, does printing and PDF conversion, adds freaking command line BBS access from Sparta, also acts like an SIO2SD or SDRIVE except that you can mount disks from online servers as well, copy network files and … yeah. You folks have been BUSY. 

Super impressed. This has turned into the coolest 8-bit gadget I’ve seen in years. Can’t wait to dive in and do my bit. 

[tschak909]

On 7/2/2021 at 10:05 AM, monsoft said:

Unfortunately, for me ssh connection doesn't work 

I deployed basic ubuntu linux server on my virtual box and run test:

 

16:03:05.951 > sioNetwork::parseURL(N1:SSH://192.168.1.212:22/)
16:03:05.951 > sioNetwork::parseURL transformed to (N1:SSH://192.168.1.212:22/, SSH://192.168.1.212:22/)
16:03:05.966 > Parse and instantiate protocol: N1:SSH://192.168.1.212:22/
16:03:05.966 > NetworkProtocol::ctor()
16:03:05.966 > NetworkProtocolSSH::NetworkProtocolSSH(0x3ffb0e28,0x3ffb0e50,0x3ffb0e78)
16:03:05.966 > sioNetwork::open_protocol() - Protocol SSH opened.
16:03:05.966 > Resolving hostname "192.168.1.212"
16:03:05.967 > Resolved to address 192.168.1.212
16:03:05.968 > NetworkProtocolSSH::open() - Opening session.
16:03:05.969 > NetworkProtocolSSH::open() - Attempting session handshake with fd 57
16:03:06.344 > SSH Host Key Fingerprint is: 7E:35:6C:F6:DB:68:72:C7:1A:FA:8B:12:1B:32:21:C6:DB:54:75:A7
16:03:06.358 > Authentication methods: publickey,password
16:03:09.497 > Could not perform userauth.
16:03:09.497 > Protocol unable to make connection. Error: 144
16:03:09.507 > NetworkProtocolSSH::~NetworkProtocolSSH()
16:03:09.507 > NetworkProtocol::dtor()
16:03:09.508 > ERROR

 

Did you set the username and password using nlogin? (netcat also asks for this)

 

-Thom