Zugg Software :: View topic

GURU Joined: 10 Oct 2000 Posts: 873 Location: USA

(don't know if SSH is supposed to work yet? Only thing I see in the release notes is a fix in 2.04 that was switching SSH sessions to regular telnet)

Upon connecting to my server, SSH, port 22. (gave details and a login/pwd to Zugg a while ago in PM or email. It's a FreeBSD box.) you see a connection message identifying server and OpenSSH version but no login prompt.

If you type the username and hit enter, you see "Protocol mismatch."

Putty connects with no difficulty. Both test connections were made via LAN link, and Putty also works fine from outside.

On the FreeBSD box, SSH authentication timeout messages pop up.

-Tarn

Posted: Tue Oct 23, 2007 5:54 am

Tarn, can you PM me the details again. SSH should be working on most servers, but every server type seems to have it's quirks.

Whenever there is a problem connecting with SSH, go to the Tools/Message Log menu in CMUD and copy/paste the result. It will show what protocols are being attempted. Also, you might be able to connect by going into the SSH Preferences and moving the protocols up/down to change the order in which they are tried. You can also compare them to PuTTY to see exactly what protocols PuTTY is using.

GURU Joined: 10 Oct 2000 Posts: 873 Location: USA

Wanderer Joined: 09 Jun 2006 Posts: 62 Location: Florida

Hmm, Tarn... this may be related to the bug that's been around for a while, wherein you set a session as SSH and then it defaults back to Telnet for no reason. If you right click the session and go to Edit, the radio button is probably not set to SSH. I don't know why, but after you create a session and set it to SSH, it goes back to telnet until you edit and select SSH again.

GURU Joined: 10 Oct 2000 Posts: 873 Location: USA

Posted: Tue Oct 23, 2007 5:21 pm

Yeah, according to your Message Log, it's not trying any SSH stuff. Check the Message Log after you get it set to SSH and you'll see all of the extra information that gets put in there for SSH negotiations.

I'll take a look at the bug where the SSH mode isn't setting. I thought I had fixed that, but I guess it's still not right.

Not sure about the multiple password prompt, but I'll try the login using the info you gave me to see what is happening. Normally SSH shouldn't need to prompt if your Password field in the Character tab of your session is set correctly. But there are multiple ways for a SSH session to authenticate, and one of them forces a password prompt, so maybe the server is using that method.

GURU Joined: 10 Oct 2000 Posts: 873 Location: USA

Posted: Thu Oct 25, 2007 7:21 pm

I'll take a look at it.

Also, keep in mind that in CMUD v2.x, your password are stored in the separate sessionkeys.db file and are encrypted with 128bit DSA. So they are quite secure these days. It might be possible for someone to hack the binary and determine the private key, but you can always use the File/Master Password command to set your own private key. This key is not stored in any file, and you will be prompted to enter it to access your sessions. But without this private key, it would be impossible for anyone else to decrypt your sessionkeys.db file.

Posted: Fri Oct 26, 2007 8:10 pm

OK, I tracked down the problem with the SSH mode not getting saved when you first create a new session.

On the password prompting, what I found was fairly interesting. In SSH, you first set the username and password for the socket (which is what the first user/pass prompt is for). Then the server itself can use a variety of different authentication methods. Most servers use the "password authentication" method, which just uses the password that has already been sent. However, it seems that your particular server is not implementing that method.

Another one of these methods is called "keyboard authentication". With this method, the server sends a list of questions to the client, and the client displays the questions and collects answers which are then sent back to the server. This is the method that your server is using.

So, the second password prompt that you see is the server sending the "Password?" question using the keyboard authentication.

I decided to kludge this a bit (which might be what PuTTY does). When the server sends a question, CMUD checks to see if it's only a single question, and if the question contains the string "password" (case insensitive) in it. If so, and if you entered a password in the previous username/password dialog, then CMUD will send the same password to the server a second time.

This seems to work on your server now, and hopefully this doesn't mess up the keyboard authentication for servers that use it to ask other different questions. Or maybe it's one of those cases where this feature exists in the protocol, but nobody uses it except to prompt for the password again.