New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

SSH connection issues in RC9 #1125

Open
xavier-jr-do opened this Issue Jul 5, 2016 · 58 comments

Comments

@xavier-jr-do

xavier-jr-do commented Jul 5, 2016

Getting this error when using ssh tunnel with password (not private key) and port 22:

Resource temporarily unavailable. No supported authentication methods found. (Error #35)

The local machine is MacOS el Capitan 10.11.5
The remote server is MacOS el Capitan 10.11.5 with Mac Server

Both SO are using OpenSSL 0.9.8zh 14 Jan 2016 version

@simsekgokhan

This comment has been minimized.

Collaborator

simsekgokhan commented Jul 5, 2016

Hi Xavi, thanks for the issue reporting. We will try to reproduce and investigate the issue. Can you also provide output of the following command on local and server side?
sshd --version

@xavier-jr-do

This comment has been minimized.

xavier-jr-do commented Jul 5, 2016

The version is OpenSSH_6.9p1, LibreSSL 2.1.8 on booth sides.

@JivanRoquet

This comment has been minimized.

JivanRoquet commented Jul 7, 2016

Don't know if it's exactly the same issue, but it could be related.

Getting this error when using ssh tunnel with private key and port 22:

Resource temporarily unavailable. Authentication by key (/Users/Me/.ssh/id_rsa) failed (Error -16). (Error #35)

Local machine: OS X El Capitan 10.11.2
Remote server: DigitalOcean droplet Linux 14.04

sshd --version local output:
OpenSSH_6.9p1, LibreSSL 2.1.8

sshd --version server output:
OpenSSH_6.6.1p1 Ubuntu-2ubuntu2.7, OpenSSL 1.0.1f 6 Jan 2014

Needless to say, connecting with ssh with the exact same parameters works perfectly within a shell.

robomongo

@simsekgokhan

This comment has been minimized.

Collaborator

simsekgokhan commented Jul 12, 2016

Hi Xavi, we have tested SSH with exact OSX, *SSH and *SSL versions of your local and remote servers and it worked. We will try different configs to reproduce the issue. Meanwhile, can you reproduce the issue on your side and send us the logs; related logs will be located in /var/log/system.log ?

@simsekgokhan

This comment has been minimized.

Collaborator

simsekgokhan commented Jul 12, 2016

Hi @JivanRoquet, thanks for reporting the issue and details of your environment. We will investigate the issue. Best Regards. Gokhan

@juliashibalko

This comment has been minimized.

Collaborator

juliashibalko commented Jul 18, 2016

@simsekgokhan

This comment has been minimized.

Collaborator

simsekgokhan commented Jul 25, 2016

Hey guys, we are having no luck to reproduce the issue, but we are still trying different configs.
One suggestion came to our minds, we have an enhancement in SSH code in RC9, which might cause the issue you are experiencing; could you guys want to test if you have the same result with RC8?

@xavier-jr-do

This comment has been minimized.

xavier-jr-do commented Aug 2, 2016

Same result on RC8 for me.

The system.log of the server shows this (nothing on my mac):

Aug 2 10:08:59 macServer sshd[17213]: Connection closed by xxx.xxx.xxx.xxx [preauth]
Aug 2 10:08:59 macServer com.apple.xpc.launchd1: Service exited with abnormal code: 255

@bacheson

This comment has been minimized.

bacheson commented Aug 9, 2016

+1 RC9 doesn't work on any of my 4 macs all running the latest OSX 10.11.6

@juliashibalko

This comment has been minimized.

Collaborator

juliashibalko commented Aug 9, 2016

@bacheson thank you for reporting! We're investigating this problem. So if you have some free minutes, could you please add problem details to help us with replicating:

  1. OS version of server with mongod running;
  2. If possible - please provide sshd --version information of your local and remote machines;
  3. Also if possible: reproduce the issue and provide sshd logs of your local and remote machines. It will also help us so mich in problem fixing.
    // MAC SSH logs
    /var/log/system.log
    // Linux SSH logs
    /var/log/auth.log

Thanks in advance!

@bacheson

This comment has been minimized.

bacheson commented Aug 9, 2016

mongo: 3.2

sshd: OpenSSH_6.9p1, LibreSSL 2.1.8

errors:
Aug 9 12:20:09 MacBook-Pro taskgated[163]: no application identifier provided, can't use provisioning profiles [pid=645]
Aug 9 12:20:09 MacBook-Pro taskgated[163]: no application identifier provided, can't use provisioning profiles [pid=646]

@simsekgokhan

This comment has been minimized.

Collaborator

simsekgokhan commented Aug 23, 2016

Hi guys, we have made some investigation/testing in the lab but still no luck to reproduce the problem.

We have also tested some workaround solutions. At this point we will continue the investigation but we can suggest workaround solution. Please let us know if you need help with applying workaround solution.

Workaround Solution

i. Use ssh port forwarding option from MAC terminal to remote mongodb server:

// with password
ssh -L localport:mongodb_ip:port user@ssh_server_ip
ssh -L 27018:192.168.3.28:27017 user@192.168.3.28  // working example
// with private key
ssh -i /path/to/private_key.pem -L localport:mongodb_ip:port user@ssh_server_ip   
ssh -i temp/priv_key.pem -L 27018:192.168.3.48:27017 user@192.168.3.48    // working example

ii. Go to Robomongo, create connection with localhost:27018
(Note: No need to enable SSH on Robomongo, ssh tunneling is enabled and handled by MAC terminal.)

Tests in lab

// working
local   10.11.3             OpenSSH_6.9p1, LibreSSL 2.1.8
remote  ubuntu 16.04        OpenSSH_7.2p2 Ubuntu-4ubuntu1, OpenSSL 1.0.2g-fips  1 Mar 2016
// working
local   10.11.3             OpenSSH_6.9p1, LibreSSL 2.1.8 
remote  ubuntu 14.04        OpenSSH_6.6.1p1 Ubuntu-2ubuntu2.6, OpenSSL 1.0.1f 6 Jan 2014
// working
local   10.11.5             OpenSSH_6.9p1, LibreSSL 2.1.8
remote  10.11.3             OpenSSH_6.9p1, LibreSSL 2.1.8
// working
local   10.11.5             OpenSSH_6.9p1, LibreSSL 2.1.8
remote  ubuntu 14.04        OpenSSH_6.6.1p1 Ubuntu-2ubuntu2.6, OpenSSL 1.0.1f 6 Jan 2014


@xavier-jr-do

This comment has been minimized.

xavier-jr-do commented Aug 23, 2016

Port fowarding works for me!

@simsekgokhan

This comment has been minimized.

Collaborator

simsekgokhan commented Aug 23, 2016

Would be also very helpful to know if this problem is happening always or sometimes for everybody? We have some information that it might be related to network issues (timeouts) - Thanks.

@simsekgokhan

This comment has been minimized.

Collaborator

simsekgokhan commented Aug 23, 2016

And for Robomongo SSH logs please select the connection and press "shift+enter", and share the logs with us.

@xavier-jr-do

This comment has been minimized.

xavier-jr-do commented Aug 24, 2016

The problem is happening always. I make a gif to show you the speed of connection (hosts file edited to link xxxx.com to my server ip)

robomongo

@juliashibalko

This comment has been minimized.

Collaborator

juliashibalko commented Sep 20, 2016

@juliashibalko

This comment has been minimized.

Collaborator

juliashibalko commented Sep 22, 2016

Hi guys! It would be great and very helpful for us if you check new version of Robomongo 0.9.0-RC10 and reproduce the issue. We have updated OpenSSL library so it might solve the problem.
Thanks in advance!

@marmor7

This comment has been minimized.

marmor7 commented Sep 22, 2016

Still the same issue on RC10.

Failed to create SSH tunnel to webtest:22.
Error:
Resource temporarily unavailable. Authentication by key (/path/to/file.pem) failed (Error -16). (Error #35)

I know it's able to access the file, as it'll complain it doesn't find the file if I put some made up path there.

@ikb42

This comment has been minimized.

ikb42 commented Sep 23, 2016

I have this issue too.
But, only when connecting to one of my servers and not to others. The server with the problem is:

more /etc/*-release
::::::::::::::
/etc/lsb-release
::::::::::::::
DISTRIB_ID=Ubuntu
DISTRIB_RELEASE=14.04
DISTRIB_CODENAME=trusty
DISTRIB_DESCRIPTION="Ubuntu 14.04.2 LTS"
::::::::::::::
/etc/os-release
::::::::::::::
NAME="Ubuntu"
VERSION="14.04.2 LTS, Trusty Tahr"
ID=ubuntu
ID_LIKE=debian
PRETTY_NAME="Ubuntu 14.04.2 LTS"
VERSION_ID="14.04"

uname -r
3.13.0-93-generic

HTH

Update - server says:

OpenSSH_6.6.1p1 Ubuntu-2ubuntu2.8, OpenSSL 1.0.1f 6 Jan 2014

@simsekgokhan

This comment has been minimized.

Collaborator

simsekgokhan commented Oct 4, 2016

Update:
Finally, after many tests and tries, we have managed to reproduce the issue.

local: MAC OS X 10.11.5
remote: Ubuntu 14.04
Robomongo 0.9.0 Final

Next Actions:

  • Investigate the problem in the code.
  • Increase sshd log verbose level and check logs again.
@simsekgokhan

This comment has been minimized.

Collaborator

simsekgokhan commented Oct 4, 2016

@marmor7 @ikb42
Thanks for reporting the problem. Can you share version information about your local OS, remote OS and Robomongo version please?

We have finally reproduced the problem and hopefully investigation will be faster after this moment.
And in case you did not see, you can use the workaround solution until we find a permanent fix :
#1125 (comment)

@simsekgokhan simsekgokhan self-assigned this Oct 4, 2016

@simsekgokhan

This comment has been minimized.

Collaborator

simsekgokhan commented Jun 15, 2017

@comzyh
Thanks a lot for reporting the problem with details.

@Bersam

This comment has been minimized.

Bersam commented Jun 15, 2017

Just some information about my case maybe it would be helpful:

  1. OS: Archlinux (Linux gnu 4.10.13-1)
  2. related packages versions:
  • robomongo 1.0.0-3
  • libssh 0.7.5-1
  • libssh2 1.8.0-2
  • openssh 7.5p1-2
  • openssl 1.1.0.e-1
  • MongoDB shell version: 3.2.0-34-g9fa2d97e18
  • mongodb 3.4.3-1
  1. ssh information:
  • With Private Key (located in default directory)
  • asking for passphrase each time
  • connecting to remote server on terminal without any problem
  • was working with same settings on robomongo 0.9

@simsekgokhan simsekgokhan added this to the SSH Connection Problems milestone Jun 26, 2017

@comzyh

This comment has been minimized.

comzyh commented Aug 18, 2017

I have a workaround for who can see error: kex protocol error: type 30 seq 1 [preauth] in shd log.

As we know, Robo3T use libssh2, and libssh2 only support diffie-hellman key exchange methods.

Key Exchange Methods: diffie-hellman-group1-sha1, diffie-hellman-group14-sha1, diffie-hellman-group-exchange-sha1, diffie-hellman-group-exchange-sha256

base on my own test, diffie-hellman-group-exchange-sha1, and diffie-hellman-group-exchange-sha256 doesn't work well.

So, add one line to /etc/ssh/sshd_config at ssh server, to disable diffie-hellman-group-exchange-sha1, and diffie-hellman-group-exchange-sha256

KexAlgorithms curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha1

then restart ssh-server.

And, upgrade libssh2 to master doesn't resolve this problem, I tried.

@h0x91b

This comment has been minimized.

h0x91b commented Oct 18, 2017

Exactly as @comzyh said above

In my case this was an Amazon Linux, I typed on server sshd -T | grep kex removed from list diffie-hellman-group-exchange-sha1 and diffie-hellman-group-exchange-sha256 then added result to end of /etc/ssh/sshd_config

kexalgorithms curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1

Then restarted sshd on server service sshd restart, and robomongo is working now.

@dalu

This comment has been minimized.

dalu commented Nov 1, 2017

this solution doesn't work for me with robomongo 1.1.1 on archlinux and mongodb 3.4 percona on CentOS7.4

@umutsayar

This comment has been minimized.

umutsayar commented Nov 8, 2017

I had the same issue(Robo3T on Windows 10, MongoDB on Ubuntu) when I tried to connect with my private key(ppk) which is created by PuttyGen. To fix this, I exported my ppk as OpenSSH key without an extension. It worked when I connect with the new key.

in PuttyGen -> Load(ppk) -> Conversion -> Export OpenSSH key

sshd --version command result on server:
OpenSSH_7.2p2 Ubuntu-4ubuntu2.2, OpenSSL 1.0.2g 1 Mar 2016

@daviesalex

This comment has been minimized.

daviesalex commented Dec 12, 2017

We experienced this after upgrading a SSH gateway to CentOS 7.4. The workaround posted above worked for us:

# Add this to /etc/ssh/sshd_config
KexAlgorithms curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha1
# systemctl restart sshd

This is of course not ideal... but effective!

@simsekgokhan

This comment has been minimized.

Collaborator

simsekgokhan commented Dec 21, 2017

Hi All, again sorry for the inconvenience and for the delay. We have an SSH enhancement to fix this problem and some other SSH issues. But, we cannot verify our fix for the problem in this ticket, since we are still unable to reproduce this problem in our systems. We are asking your help to test the following beta for us (fingers crossed).

Robo 3T 1.2 - Beta

Note:
Please also be aware that Putty (*.ppk) key files cause problems and not supported. Robo supports OpenSSH format. Steps to convert ppk to OpenSSH is here #484 (comment).

@h0x91b

This comment has been minimized.

h0x91b commented Dec 21, 2017

I can check, 10 minutes.

@h0x91b

This comment has been minimized.

h0x91b commented Dec 21, 2017

Works!

screenshot 2017-12-21 09 36 23

screenshot 2017-12-21 09 36 39

@simsekgokhan

This comment has been minimized.

Collaborator

simsekgokhan commented Dec 21, 2017

@h0x91b , thanks a lot for quick test, we are very happy to see that :)

@MarsZone

This comment has been minimized.

MarsZone commented Jan 10, 2018

So 1.2beta fix the ssh private key problem.
But it still some problem there. like the close button disappeared.
bu2

@simsekgokhan

This comment has been minimized.

Collaborator

simsekgokhan commented Jan 10, 2018

Hi @MarsZone thanks a lot for the feedback, very happy to see that it works.
Can you share your OS version details?

@MarsZone

This comment has been minimized.

MarsZone commented Jan 10, 2018

@simsekgokhan Yes sure.macOS High Sierra 10.13.2

@dottodot

This comment has been minimized.

dottodot commented Jan 14, 2018

I've tried the suggestions above and Robo 3T 1.2 - Beta but still get the error

Error: Resource temporarily unavailable. Authentication by key (/.ssh/id_rsa) failed (Error -18). (Error #35)

@MekliCZ

This comment has been minimized.

MekliCZ commented Jan 18, 2018

Still the same, it just takes more time to appear. :/
snimek obrazovky 2018-01-18 v 16 22 40

@usos0k

This comment has been minimized.

usos0k commented Feb 7, 2018

@h0x91b solution works for me! I was using Amazon Linux too. Thanks a lot.

@Serena07

This comment has been minimized.

Serena07 commented Feb 19, 2018

Beta 1.2 resolves the issue for Windows 7!

@zagatta-sonah

This comment has been minimized.

zagatta-sonah commented Apr 14, 2018

Doesnt work for me either on Mac OS 10.13.3

@highfeed

This comment has been minimized.

highfeed commented Nov 3, 2018

@simsekgokhan doesn't work for me. Mac OS 10.14.1 (18B75)

@JohannesTK

This comment has been minimized.

JohannesTK commented Nov 26, 2018

Doesn't work.

screenshot 2018-11-26 at 09 14 58

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment