Unable to connect to Linux VNC with Vine Viewer 3.0

Hello,

I'm running vine viewer 3.0 (build 1030) on Leopard 10.5.5 fully patched up to date (2008-10-24) and I'm unable to connect to Fedora 8 based VNC servers via a SSH tunnel.

I've performed some diagnostic testing an believe there is either a bug in Leopard or something has changed that Vine viewer is unaware of or there a configuration change I'm unaware of. Here's what happening.

Putting SSHD on the Linux bos into diagnostic mode and attempting to connect shows that the Mac drops the connection during authentication.

I was attempting to connect to a new install, as a reference I tried to connect to the server it's replacing (which I know worked with Vine at one point although I hadn't tried to connect for a while) both are failing in the same way.

I'm able to establish a secured VNC connection in both directions between the two Linux machines so I'm reasonably certain Linux is configured correctly.

I can connect via vine to other OS X systems no problem

I can connect via vine to Linux VNC without SSH enabled no problem.

I can establish a ssh terminal session to the same server no problem both password and key based authentication.

I can connect via vncviewer over SSH Linux to Linux no problem

This isolates the problem to one of Leopard, Vine Viewer or an OS X configuration problem

As a secondary check I tried JollyFastVNC which was the only OS X client I could find supporting SSH, this product is in alpha release but it failed in a similar way although later in the authentication process. This suggests the problem is more likely to be with Leopard or configuration.

I'm out of Ideas, any suggestions (within reason :-)) welcome.

Thanks

Ray

Comments

  • JonathanOSXJonathanOSX ForumAdmin admin
    Well you've tried most of what I would have suggested. Something that may help you in your testing is knowing that Vine specifies an ssh_config file (stored in Vine Viewer.app/Resources). Adjusting the settings there might help you to get a valid connection.

    It would help if you could pass along what error message you are getting and also look in your Console.log file for Vine Viewer messages.
  • sorry for the delay replying, my new MBP was due to arrive so I thought I'd try with a clean install first. no joy - same error. There were no messages posted to the system log on the Mac for the failed connection. Here's the DEBUG trace from the SSH server on the Fedora 8 system.

    Nov 2 17:19:15 hurricane sshd[4611]: debug1: rexec start in 4 out 4 newsock 4 pipe 6 sock 7
    Nov 2 17:19:15 hurricane sshd[4611]: debug1: inetd sockets after dupping: 3, 3
    Nov 2 17:19:15 hurricane sshd[4611]: Connection from 192.168.0.79 port 49668
    Nov 2 17:19:15 hurricane sshd[4611]: debug1: Client protocol version 2.0; client software version OpenSSH_5.0
    Nov 2 17:19:15 hurricane sshd[4611]: debug1: match: OpenSSH_5.0 pat OpenSSH*
    Nov 2 17:19:15 hurricane sshd[4611]: debug1: Enabling compatibility mode for protocol 2.0
    Nov 2 17:19:15 hurricane sshd[4611]: debug1: Local version string SSH-2.0-OpenSSH_4.7
    Nov 2 17:19:15 hurricane sshd[4612]: debug1: permanently_set_uid: 74/74
    Nov 2 17:19:15 hurricane sshd[4612]: debug1: list_hostkey_types: ssh-rsa,ssh-dss
    Nov 2 17:19:15 hurricane sshd[4612]: debug1: SSH2_MSG_KEXINIT sent
    Nov 2 17:19:15 hurricane sshd[4612]: debug1: SSH2_MSG_KEXINIT received
    Nov 2 17:19:15 hurricane sshd[4612]: debug1: kex: client->server aes128-cbc hmac-md5 none
    Nov 2 17:19:15 hurricane sshd[4612]: debug1: kex: server->client aes128-cbc hmac-md5 none
    Nov 2 17:19:15 hurricane sshd[4612]: debug1: SSH2_MSG_KEX_DH_GEX_REQUEST received
    Nov 2 17:19:15 hurricane sshd[4612]: debug1: SSH2_MSG_KEX_DH_GEX_GROUP sent
    Nov 2 17:19:15 hurricane sshd[4612]: debug1: expecting SSH2_MSG_KEX_DH_GEX_INIT
    Nov 2 17:19:15 hurricane sshd[4612]: debug1: SSH2_MSG_KEX_DH_GEX_REPLY sent
    Nov 2 17:19:15 hurricane sshd[4612]: debug1: SSH2_MSG_NEWKEYS sent
    Nov 2 17:19:15 hurricane sshd[4612]: debug1: expecting SSH2_MSG_NEWKEYS
    Nov 2 17:19:15 hurricane sshd[4612]: debug1: SSH2_MSG_NEWKEYS received
    Nov 2 17:19:15 hurricane sshd[4612]: debug1: KEX done
    Nov 2 17:19:15 hurricane sshd[4612]: debug1: userauth-request for user ray service ssh-connection method none
    Nov 2 17:19:15 hurricane sshd[4612]: debug1: attempt 0 failures 0
    Nov 2 17:19:25 hurricane sshd[4612]: Connection closed by 192.168.0.79
    Nov 2 17:19:25 hurricane sshd[4612]: debug1: do_cleanup
    Nov 2 17:19:25 hurricane sshd[4611]: debug1: PAM: initializing for "ray"
    Nov 2 17:19:25 hurricane sshd[4611]: debug1: PAM: setting PAM_RHOST to "192.168.0.79"
    Nov 2 17:19:25 hurricane sshd[4611]: debug1: PAM: setting PAM_TTY to "ssh"
    Nov 2 17:19:25 hurricane sshd[4611]: debug1: do_cleanup
    Nov 2 17:19:25 hurricane sshd[4611]: debug1: PAM: cleanup

    As you can see, Linux reports that the mac (.0.79) closes the connection part way through authentication.
  • I then upped the logging level to DEBUG3 in the vine viewer resource directory file, closed & restarted vine, still didn't see anything pertaining to vine in the console or all messages log except an Approved License message.

    I did however notice this in the connect failed dialog

    Connection failed:Unable to Connect To VNC Server through SSH
    rse_kexinit: aes128-cbc,3des-cbc,blowfish-

    I dont recall seeing the second line previously but cant swear it wasn't there before.
  • JonathanOSXJonathanOSX ForumAdmin admin
    Yeah this is definitely looking like it's a Leopard SSH compatibility issue. I'm sure that with the proper configuration of SSH it can be made to work again, but that might take some trial and error.
  • No luck so far messing with ssh_config however I did notice one thing

    I logged on to the remote server via ssh from I term having replaced my config file with the one from vine viewer without any problem.

    I put my original config back and logged in again, I then tailed /var/log/secure and logged in from a second terminal; at the point the connection is dropped by vine the was a pause of some 7-8 seconds before the process continued and completed successfully. I was wondering if I could be seeing a connection timeout (the period seems too short to me) but it would explain the issue.

    Nov 7 13:21:24 hurricane sshd[6698]: debug1: SSH2_MSG_NEWKEYS received
    Nov 7 13:21:24 hurricane sshd[6698]: debug1: KEX done
    Nov 7 13:21:24 hurricane sshd[6698]: debug1: userauth-request for user ray service ssh-connection method none
    Nov 7 13:21:24 hurricane sshd[6698]: debug1: attempt 0 failures 0


    This is where Vine Drops the connection


    Nov 7 13:21:34 hurricane sshd[6697]: debug1: PAM: initializing for "ray"
    Nov 7 13:21:34 hurricane sshd[6698]: debug1: userauth-request for user ray service ssh-connection method publickey
    Nov 7 13:21:34 hurricane sshd[6698]: debug1: attempt 1 failures 1
    Nov 7 13:21:34 hurricane sshd[6698]: debug1: test whether pkalg/pkblob are acceptable
    Nov 7 13:21:34 hurricane sshd[6697]: debug1: PAM: setting PAM_RHOST to "192.168.0.84"
    Nov 7 13:21:34 hurricane sshd[6697]: debug1: PAM: setting PAM_TTY to "ssh"
    Nov 7 13:21:34 hurricane sshd[6697]: debug1: temporarily_use_uid: 500/500 (e=0/0)
    Nov 7 13:21:34 hurricane sshd[6697]: debug1: trying public key file /home/ray/.ssh/authorized_keys
    Nov 7 13:21:34 hurricane sshd[6697]: debug1: matching key found: file /home/ray/.ssh/authorized_keys, line 2
    Nov 7 13:21:34 hurricane sshd[6697]: Found matching RSA key: FingerPrint ommited
    Nov 7 13:21:34 hurricane sshd[6697]: debug1: restore_uid: 0/0
    No
  • Fixed it,

    Following the thought about a timeout I up the Linux SSH debug level to 3 & retried, noticed the authentication thread was attempting a reverse DNS lookup, during the pause. I'm currently using a temporary router that seems to provide DHCP addressed on it's internal network but no DNS resolution, for a command line connection this times out and the process continues. Created a host entry for the IP allocated to my MBP and Vine connected straight away.

    Not 100% sure this is the exact cause but it does look like Vine is timing out its connection before the reverse DNS has a chance to fail.
  • JonathanOSXJonathanOSX ForumAdmin admin
    Ahh I'm 100% sure that you are right. We have noticed problems in other areas because of Leopard DNS issues.
Sign In or Register to comment.