-
Notifications
You must be signed in to change notification settings - Fork 248
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Password-less logins not working, even though they appear to connect successfully #1
Comments
SSHFS-Win does not support password-less logins out of the box. The primary reason is that it invokes SSHFS with the options If you are able to rebuild SSHFS-Win you may be able to build your own version that supports password-less logins, by making the following changes:
Unfortunately I expect that simply changing the The
Even nicer would be to modify SSHFS-Win so that it can support both scenarios with registry modifications. |
It seems it is not so simple, since I was unable to get it working with your changes. Furthermore, to debug it, I've added
With logging turned up to max, and trying to connect to multiple different servers, I've narrowed the issue down to this:
Using the "force TTY allocation" options I found for this error didn't do anything. Have you encountered this error during the development? |
works for me when running the original command directly from the (cygwin) commandline without the aforementioned options: |
Also worked for me using the sshfs-win installer (not a real cygwin environment) by doing the following: cd "C:\Program Files (x86)\SSHFS-Win\bin" I needed to add the SSHFS-Win directory to my path, so sshfs.exe could find ssh.exe |
This works with ssh https://github.com/cuviper/ssh-pageant ? |
Any reason why it should not? I used ssh-agent, ssh-pageant and currently the keepass-sshagent plugin and they all implement the same protocol afaik. Have you tried and failed? As said it all works for me when mounting the sshfs from cygwin with the right Environment. I guess you could also set SSH_AUTH_SOCK globally if you, but i don't know if ssh-pageant supports a fixed sock similar to ssh-agent -a option). |
I get a
I'm stuck. |
Works |
Here's a better one. It assumes ssh-pagent in On reboot only the previous one works. It should be possible to use this logic in the manager and check for |
@riedel I've tried to get this running with KeeAgent, but I simply can't get it to use the socket file. Can you please share how you got it to work (the complete thing with environment and everything)? My environment is set up correctly, because I can use the |
@xelra: I try to just tell you my config. Probably there is simpler/better/safer ways see above In Options->KeeAgents, I ticked "Create cygwin..." and set it to thenI set the sock to the same "file":
I compiled and ran sshfs from cygwin and it worked. I am a bit puzzled if you say, that KeyAgent worked for you with ssh but not sshfs... |
Thank you very much for your response. I have managed to use the socket file by slightly changing the syntax to It still errors with On the server I looked at the output of journald and I saw
That confirms that the connection and authentication is successful, but then it gets terminated. Does anyone have any idea what could be wrong? |
After spending 2 days of trial and error, I found an acceptable way of using SSHFS-Win. I couldn't get it to run inside of Cygwin at all, because it would always terminate itself after authentication as described in my last comment. I'm sharing my way of starting and killing the mounts in this other issue: #15. @riedel Thank you for your help. |
I managed to get it to work with Map Network Drive using a private ssh key and without password prompt. @RoliSoft, I basically did what you reported back in July 2016, only instead of compiling sshfs-win from source, I simply hex-edited sshfs-win.exe (life is too short for compiling). Initially I replaced I changed the registry value Then I put my private SSH key (id_rsa) in At this point, Map Network Drive works, for connection strings of the format @billziss-gh Thank you for this beautifully written software suite, it has directly increased the productivity of many people! |
@yanivhamo excellent work at putting all the pieces together on your own :) |
Is it possible to support both password + key login in the released version? |
@billziss-gh is it possible support pub key login? |
@netroby I described how I did it here #15 (comment). There's no UI for it, but it's not the most complicated thing in the world either. |
work fine with
|
I've spent several hours on this and each time it results in |
@ctaggart Without knowing any of the specific details, my first guess is that you're having troubles with cygwin. You're probably modifying files or changing environment variables for the wrong cygwin installation. sshfs-win comes with its own cygwin install and you have to target that one specifically with the things that are mentioned in this issue. |
@tsauri thanks for the write up. BTW, the latest SSHFS-Win beta sets up the Cygwin environment in such a way that the |
Great works |
I tried the beta sshfs-win, it still ask for password. But my ssh only login via public key. |
The same : read: Connection reset by peer |
@netroby which method did you try for SSHFS-Win beta?
|
both of them.all failed
发自 BlueMail
2018年8月30日 下午12:47, 下午12:47,在 Bill Zissimopoulos <notifications@github.com> 已写:
…
@netroby which method did you try for SSHFS-Win beta?
- Map network drive from Explorer?
- Command line invocation of `sshfs.exe`?
- SiriKali?
--
You are receiving this because you were mentioned.
Reply to this email directly or view it on GitHub:
#1 (comment)
|
@tsauri you are welcome :) |
Hi @billziss-gh and @yanivhamo , Why am I doing this: Thanks for your work! |
@yatsukino you might want o look at #41 |
@4O4 thank to you I succeeded to build but it's still not working... I have the following error :
Maybe the private key is in the wrong place ? |
@yatsukino Can you describe how exactly are you doing this? Are you trying one of the approach described in the comments above? AFAIR this one worked for me before: #1 (comment) |
@4O4 I downloaded the source code then replace About your comment link I've just tried this but same it return me Connection reset by peer ... Hope I did not forget information. |
Is there any documentation for this? I placed my key files into the .ssh directory (like I would in linux) and it doesn't seem to use them - it still pops up the password dialog box. I need to access a server that doesn't allow password logins. I'm using v3.2.18213 |
I took me a while but I finally able to get it to mount with IdentityFile. If you like UI and a system tray icon, I suggest you to use SiriKali. I started using SiriKali because I couldn't figure out how to make sshfs work with identity file. Here is how I am able to identity file with sshfs-win. I am using SSHFS-Win 3.5 BETA and Windows 10 to start with.
The key here is the use of |
Hi thanks it works Or maybe is there a way to mount it permanently? |
I almost got this working. Using:
Configuration
Mounting using command line works: Mounting using "Map Network Drive" doesn't:
Use "echo & echo.|sshfs-win.exe ..." to simulate ENTER key |
Now I got it working using a recompiled version of SSHFS-Win 2.7 (removing "-opassword_stdin", "-opassword_stdout" and adding -ofollow_symlinks -otransform_symlinks -ocreate_umask=000 to sshfs-win.c), setting Computer\HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\WinFsp\Services\sshfs\Credentials to 0 and creating C:\Program Files (x86)\SSHFS-Win\home\SYSTEM.ssh\id_rsa But it would be better to have the key in the user home folder. |
Hi @billziss-gh , I have a suggestion of an implementation to support both scenarios. I can't create a branch to create a pull request, so I attached a patch file that can be applied from the git tag v3.5.19106. The principle is that I read the registry key and, if it is 0, I send the parameter -oIdentityFile pointing to c:/Users/<username>/.ssh/id_rsa, where <username> correspond to the variable locuser_nodom, othewise I pass -opassword_stdin and -opassword_stdout to sshfs. I noticed with the last version that if I launch sshfs-win from the command line with my user, the -oIdentityFile would not be needed because it finds my key to connect. The reason why I add -oIdentityFile in the patch is to make it works when mounting the drive from Windows Explorer because the process sshfs-win is executed as System user and it doesn't find the key in this situation. |
@dcourcel thanks for the patch.
Creating a PR (Pull Request) on GitHub is quite easy. In the most basic scenario you just fork the project, apply your changes to your fork and then create a PR from these changes. This would allow me to properly review your patch, suggest changes, attribute the code to you when it is merged in, etc.
I read your description above and read your patch. I like the general idea. But IMO a better approach would be to introduce a new prefix (e.g.
Fair enough! But we should not hard code the Please consider resending this as a PR if possible. |
PR #129 is created! I don't write in C often (Too low level for me ;) ), so feel free to tell me everything that is incorrect in my code. |
Thanks to @dcourcel's PR, which has been merged in, SSHFS-Win now supports public key authentication out of the box. We can therefore close this issue. I will be publishing new SSHFS-Win binaries with this enhancement soon. |
Great works. thanks for @dcourcel |
It was a pleasure! |
@dcourcel I'm trying to figure out a way to use custom, password-protected public key files. Is this something which should be possible with this patch? |
To use a private ssh key file protected by a passphrase, you can do it with the command line, but not from the Windows file explorer. In the command prompt, you can enter I am not sure it would be easy to make it work with Windows file explorer. The idea I have is to use Windows popup asking for username and password to get the passphrase, but I don't know exactly how the information from Windows popup is transfered to sshfs-win.exe. I think this part is handled by WinFsp service that use registry key to know if it must show the Windows popup or not. Even if sshfs-win.exe receives the passphrase by stdin or from another way, I don't know how to transfer the passphrase to sshfs. sshfs process launches ssh process and it is ssh process who asks for the passphrase in the command prompt. The process sshfs have the option -opassword_stdin for an authentication using a password, but for a passphrase for ssh key, I don't think there is such option. |
@dcourcel, thanks for this detailed information which was really helpful to get public key authentication working for me. Using
On the way to this final command line, I noticed the following:
|
I did all the steps @yanivhamo mentioned and finally managed to connect to the server with the private key (thanks for the help). However, unfortunately I was unable to mount the root folder on the server (the double slash trick at the end didn't work for me). For example: Would anyone know what I did wrong or even another tip to make the connection not from the home directory? |
Thank you for developing and publishing the software. I wonder if there would be any predictions for publishing the new SSHFS-Win binaries (sorry for the question). Thanks again for the contributions. |
@Ilanfigueiredo it is my understanding that public key cryptography now works out of the box. Just download the latest release, place your keys in See the README. |
Thank you @billziss-gh, it worked just fine. About the mount the root folder on the server, I tried the double slash as @yanivhamo did (e.g. Thank you again |
I just looked at the new documentation, and there is this: Did you try that? I am still using the old version, with the // trick, works great for me. Could it be a permissions issue on your root folder? |
I use private keys instead of passwords to login to my servers. Checking the documentation I could find on
sshfs-win
, there seems to be no mention of supporting this, however, since I saw the standardssh.exe
andsshfs.exe
are bundled, I fired up Process Monitor to see if at any time it tries to read the private keys.I found that it was trying to access
C:\Program Files (x86)\SSHFS-Win\home\SYSTEM\.ssh\id_rsa
, so I quickly created ahome\SYSTEM
directory and copied the appropriate files from my Cygwin installation.After retrying, I found that it successfully read the private keys, so no privilege issues, however, shortly the Windows error message popped up, informing me that
Windows cannot access \\sshfs\root@excelsior.rolisoft.net
.Checking the logs on my server confirms that it was able to connect:
Running
ssh.exe root@excelsior.rolisoft.net
fromC:\Program Files (x86)\SSHFS-Win\bin
asnt authority\system
also drops me into a shell, without any password prompts, so it should work.Going through the whole list of spawned processes during a connect does reveal at least one instance of
sshfs.exe
exiting with status code 1, however, I'm all out of ideas on how to debug this, as the SSH client has no option to log to a file as far as I know.The text was updated successfully, but these errors were encountered: