Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Reconnecting... (Cannot authenticate server) #219

Closed
yasuhirokimura opened this issue Aug 7, 2020 · 7 comments
Closed

Reconnecting... (Cannot authenticate server) #219

yasuhirokimura opened this issue Aug 7, 2020 · 7 comments

Comments

@yasuhirokimura
Copy link

My home network is behind NAT and there is FreeBSD 12.1-RELEASE amd64 machine on it. I installed tmate 2.4.0 by using FreeBSD syutils/tmate port and started tmate without ~/.tmate.conf. Then following messages are repeated.

Connecting to ssh.tmate.io...
Cannot authenticate server
Reconnecting... (Cannot authenticate server)

BTW there is also Debian Unstable amd64 machine on my home network. So I installed tmate 2.4.0 with apt install tmate and start tmate with same way as FreeBSD. Then tmate started up without any error.

What is wrong?
@probonopd
Copy link

Same on FreeBSD 12.1-RELEASE amd64 using

FreeBSD:/home/user% sudo pkg info tmate      
tmate-2.4.0
Name           : tmate
Version        : 2.4.0
Installed on   : Sun Nov 29 17:46:32 2020 CET
Origin         : sysutils/tmate
Architecture   : FreeBSD:12:amd64
Prefix         : /usr/local
Categories     : sysutils
Licenses       : 
Maintainer     : swills@FreeBSD.org
WWW            : https://tmate.io/
Comment        : Instant terminal sharing
Shared Libs required:
        libmsgpackc.so.2
        libssh.so.4
        libevent-2.1.so.7
Annotations    :
        FreeBSD_version: 1201000
        repo_type      : binary
        repository     : FreeBSD
Flat size      : 544KiB
Description    :
Instant terminal sharing

WWW: https://tmate.io/

@probonopd
Copy link 

tmate -F -v -v -v -v -v -v
(...)
[4] [pki_verify_data_signature] pki_verify_data_signature: Signature valid
[2] [ssh_packet_newkeys] ssh_packet_newkeys: Signature verified and valid
[4] [ssh_packet_set_newkeys] ssh_packet_set_newkeys: called, direction = IN 
[3] [ssh_socket_unbuffered_write] ssh_socket_unbuffered_write: Enabling POLLOUT for socket
[3] [ssh_connect] ssh_connect: current state : 7
Establishing connection to 157.230.72.130
SSH client killed (157.230.72.130)
@0 active pane not changed

@probonopd
Copy link

You need to do the following:

cat > ~/.tmate.conf <<\EOF
set -g tmate-server-rsa-fingerprint   "SHA256:Hthk2T/M/Ivqfk1YYUn5ijC2Att3+UPzD7Rn72P5VWs"
set -g tmate-server-ecdsa-fingerprint "SHA256:8GmKHYHEJ6n0TEdciHeEGkKOigQfCFuBULdt6vZIhDc"
EOF

Then it works.

Why it does not come with these as defaults is completely beyond me.

Is it a bug in https://www.freshports.org/sysutils/tmate?

@yasuhirokimura
Copy link
Author

@probonopd Unfortunately I found you are right. sysutils/tmate port resets these settings by applying following patch to source files.

https://svnweb.freebsd.org/ports/head/sysutils/tmate/files/patch-options-table.c?view=co

It's really hard to understand why the maintainer make such modification.

Anyway it's not fault of tmate itself. So I close this issue.

@0mp
Copy link

0mp commented Dec 14, 2020
edited
Loading

I've ran into this issue as well. I'll open a ticket for that in the FreeBSD bug tracking system. Thanks a lot for the workaround!

Edit: https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=251846

@0mp
Copy link

0mp commented Dec 15, 2020

A patch has been committed. Users will be informed during installation how they can configure the default fingerprints via ~/.tmate. https://svnweb.freebsd.org/ports?view=revision&revision=558182

Thanks a lot everyone!

@mambrus
Copy link

mambrus commented May 24, 2021

I still have the same issue. Built server yesterday for Ubuntu 18.04 and
installed client using brew (as Ubuntu's default is incompatible with
eliptic-kerve keys), senerated server-keys added to ~/.tmate.con. All worked
well.

Exact same process on Debian Buster didn't go well (another site, restricted
network). Similar/identical logs as in this issue.

Tried so far: Launching server on port 1443 as 22 is occupied. Can reach the
port using telnet, i.e. socket is reachable. ssh hand-shaking seems to go
well according to tmate-client logs

  [2] [ssh_packet_newkeys] ssh_packet_newkeys: Received SSH_MSG_NEWKEYS
  [4] [ssh_pki_signature_verify] ssh_pki_signature_verify: Going to verify a ssh-ed25519 type signature
  [4] [pki_verify_data_signature] pki_verify_data_signature: Signature valid
  [2] [ssh_packet_newkeys] ssh_packet_newkeys: Signature verified and valid
  [4] [ssh_packet_set_newkeys] ssh_packet_set_newkeys: called, direction = IN
  [3] [ssh_packet_socket_callback] ssh_packet_socket_callback: Processing 180 bytes left in socket buffer
  [3] [ssh_packet_socket_callback] ssh_packet_socket_callback: packet: read type 7 [len=160,padding=18,comp=141,payload=141]
  [3] [ssh_packet_process] ssh_packet_process: Dispatching handler for packet type 7
  [3] [ssh_packet_ext_info] ssh_packet_ext_info: Received SSH_MSG_EXT_INFO
  [3] [ssh_packet_ext_info] ssh_packet_ext_info: Follows 1 extensions
  [3] [ssh_packet_ext_info] ssh_packet_ext_info: Extension: server-sig-algs=<ssh-ed25519,ssh-rsa,rsa-sha2-256,rsa-sha2-512,ssh-dss,ecdsa-sha  2-nistp256,ecdsa-sha2-nistp384,ecdsa-sha2-nistp521>
  [3] [ssh_socket_unbuffered_write] ssh_socket_unbuffered_write: Enabling POLLOUT for socket
  [3] [ssh_connect] ssh_connect: current state : 7
  Establishing connection to 10.88.130.4
  Cannot authenticate server
  SSH client killed (10.88.130.4)
  Reconnecting...
  @0 active pane not changed

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
4 participants
@mambrus @probonopd @yasuhirokimura @0mp