Error logging into remote machine and retries?

Notes, tips, and other usefull things on how to use LogMX

Moderator: admin

Post Reply
isheedm
Posts: 109
Joined: Wed Sep 12, 2007 2:16 pm

Error logging into remote machine and retries?

Post by isheedm »

I tried to use the new v1.1 on a machine on my network with scp. I can successfully log in with Putty SSH, but LogMX can't for some reason.

Does LogMX 'retry' the login several times? I've found that if I try to open the remote file with LogMX, it fails, then my account is locked on that machine due to too many invalid login attempts. I really don't like having my account locked because of LogMX...
admin
Site Admin
Posts: 555
Joined: Sun Dec 17, 2006 10:30 pm

Post by admin »

Hello,

Sorry for the inconvenience.
LogMX uses JSch library to read files via SCP (this library is also used by Ant and Eclipse, so I think we will find a solution to your problem).
LogMX doesn't retry itself to connect, and JSch documentation doesn't talk about it.
So here is a few ideas to start with:
  • Does your SSH server listen to port 22? LogMX needs this to read the file (no tunable port at this time)
  • LogMX v1.1.0 uses JSch v0.1.26, and JSch new version is 0.1.35. Next LogMX releases will use v0.1.35, but in the mean time, you can try with v0.1.35 right now: simply copy file http://www.logmx.com/downloads/jsch.jar in LogMX "lib" directory. (we have tested this version and it works with LogMX v1.1.0)
  • If it doesn't work, check your SSH daemon logs to see if LogMX retries several times: generally in /var/log/sshd.log or /var/log/auth.log (see /etc/syslog.conf if you don't find these files). You should see lines like "Failed password for .... from .... port ... ssh2" for each attempt)
  • You can also check if your sshd locks accounts in /etc/ssh/sshd_config: see parameter "MaxAuthTries" (help can be found here: http://www.openbsd.org/cgi-bin/man.cgi? ... &sektion=5)
If it still doesn't work: do you already managed to read a file via SCP using LogMX, or does it fail every time?

Please let us now if you still don't manage to use SCP.
Xavier
isheedm
Posts: 109
Joined: Wed Sep 12, 2007 2:16 pm

Post by isheedm »

I don't have permission to view any files, but the admin sent me the config file. I see no setting defined for MaxAuthTries.

ls: /var/log/sshd.log: No such file or directory
ls: /var/log/auth.log: No such file or directory

I'll have to get back to you on if I can find the log files and get the admin to send them to me.
isheedm
Posts: 109
Joined: Wed Sep 12, 2007 2:16 pm

Post by isheedm »

The log files don't seem to help much:

Code: Select all

Oct 18 08:50:26 bulldogs sshd(pam_unix)[8043]: authentication failure; logname=
uid=0 euid=0 tty=NODEVssh ruser= rhost=my.host  user=my.user
I tweaked the error message to remove my host and username for privacy.
isheedm
Posts: 109
Joined: Wed Sep 12, 2007 2:16 pm

Post by isheedm »

I got the remote log file working on two other machines, I haven't yet figured out why it doesn't work on this particular one.
isheedm
Posts: 109
Joined: Wed Sep 12, 2007 2:16 pm

Post by isheedm »

Somehow, there must be a retry:

Code: Select all

Oct 26 12:10:39 bulldogs sshd(pam_unix)[836]: authentication failure; logname= uid=0 euid=0 tty=NODEVssh ruser= rhost=host  user=user

Oct 26 12:10:55 bulldogs sshd(pam_unix)[836]: 6 more authentication failures; logname= uid=0 euid=0 tty=NODEVssh ruser= rhost=host  user=user
Notice the "6 more authentication failures". Our accounts are locked after 5 failures.
admin
Site Admin
Posts: 555
Joined: Sun Dec 17, 2006 10:30 pm

Post by admin »

OK for the retries, we will try to know why JSch do so and how to configure it.
I got the remote log file working on two other machines, I haven't yet figured out why it doesn't work on this particular one.
It would be helpful to compare the sshd configuration on these machines: sshd version, SSH protocol version (e.g. protocol version 4 is not supported by LogMX whereas 1, 2, 3 are), login timeout, ...
These links may help you to do that:
http://www.faqs.org/docs/securing/chap15sec122.html
http://unixhelp.ed.ac.uk/CGI/man-cgi?sshd_config+5
http://www.unix.org.ua/orelly//networki ... ppb_01.htm

You can also try ps -elf | grep ssh or ps -ef | grep ssh or ps -el | grep ssh to know which options were used to start sshd.

Did you try with the last JSch version? (cf JAR download link in my first post)
isheedm
Posts: 109
Joined: Wed Sep 12, 2007 2:16 pm

Post by isheedm »

Works (fwcatdev)

Code: Select all

SunOS fwcatdev 5.8 Generic_117350-49 sun4u sparc SUNW,Sun-Fire-V240
OpenSSH_3.9p1, OpenSSL 0.9.7d 17 Mar 2004
Problems (bulldogs)

Code: Select all

Linux bulldogs 2.4.21-32.EL #1 SMP Fri Apr 15 21:02:58 EDT 2005 x86_64 x86_64 x86_64 GNU/Linux
OpenSSH_3.6.1p2, SSH protocols 1.5/2.0, OpenSSL 0x0090701f
The only differences I see in the sshd_config files are:

fwcatdev:

Code: Select all

#UsePrivilegeSeparation yes
bulldogs:

Code: Select all

SyslogFacility AUTHPRIV
UsePrivilegeSeparation no
isheedm
Posts: 109
Joined: Wed Sep 12, 2007 2:16 pm

Post by isheedm »

I accidentally typed in the wrong password on a machine that worked earlier today and jSch must have retried the connection. I just caused my account to be locked out.
isheedm
Posts: 109
Joined: Wed Sep 12, 2007 2:16 pm

Post by isheedm »

The configuration of the other machine that works is:

(fwjsfimat09)

Code: Select all

Linux fwjsfimat09 2.4.21-32.0.1.EL #1 Tue May 17 17:53:25 EDT 2005 x86_64 x86_64 x86_64 GNU/Linux

OpenSSH_3.6.1p2, SSH protocols 1.5/2.0, OpenSSL 0x0090701f
sshd_config entries:

Code: Select all

Port 22
Protocol 2
SyslogFacility AUTHPRIV
X11Forwarding yes
UsePrivilegeSeparation no
Subsystem       sftp    /usr/libexec/openssh/sftp-server
It is curious how this machine is just like bulldogs, but bulldogs has problems...
admin
Site Admin
Posts: 555
Joined: Sun Dec 17, 2006 10:30 pm

Post by admin »

I've just submit this issue in JSch forum: http://sourceforge.net/forum/message.php?msg_id=4601204

In the meantime:
  • what is the error message that appeared in LogMX?
  • did you try with the last JSch version? (cf JAR download link in my first post)
isheedm
Posts: 109
Joined: Wed Sep 12, 2007 2:16 pm

Post by isheedm »

I used the jar download link from above, but it didn't help.

The error I get is:

Error while reading file "..."

[Exception] - Invalid login/password pair to connect to host "bulldogs".

Retype your password or change it in Network Options dialog.

I just noticed I had an entry in the Network Options dialog for this host (bulldogs), so I deleted it.

After I got the account unlocked, bulldogs now works!

I guess it was the bad entry in the Network Options setting. Sorry I didn't notice it earlier.
isheedm
Posts: 109
Joined: Wed Sep 12, 2007 2:16 pm

Re: Error logging into remote machine and retries?

Post by isheedm »

Did you ever get a response from JSch about retries? One of my coworkers commented yesterday that he won't use LogMX because he is worried that he will lock the account we use to login to the server with.

If you could allow us to load in a private SSH key into LogMX and pass that along to JSch, that would be ideal (see viewtopic.php?f=4&t=27)
admin
Site Admin
Posts: 555
Joined: Sun Dec 17, 2006 10:30 pm

Re: Error logging into remote machine and retries?

Post by admin »

Hello,

No, we didn't have received a response from JSch, but maybe their new releases will help fixing this (seeing their ChangeLog: http://www.jcraft.com/jsch/ChangeLog). Since we couldn't reproduce this problem with our different servers there (no account locked on wrong password), you may want to test it yourself: simply replace the LogMX file "lib/jsch.jar" with the new JSch JAR file (https://sourceforge.net/projects/jsch/f ... r/download).

As for the private key file, please read my response there: viewtopic.php?p=292#p292

Xavier
Post Reply