Impossible for admin panel to connect to a KeySAS station
Closed this issue · 4 comments
estebanbecker commented
I installed KeySAS and KeySAS admin on two debian 12 VMs. But it's impossible for KeySAS admin to connect to KeySAS station.
They can ping each other without problems. I tried to export the SSH certificate manually, but i don't know to which user KeySAS tries to connect.
I was also able to connect each other through SSH using a certificate
Here you can find the logs that i obtain for each connection:
sept. 19 11:57:44 KeySAS keysas-admin.desktop[2126]: 2023-09-19T09:57:44.692Z DEBUG [keysas_admin::store] Query: SELECT * FROM station_table WHERE name = 'systeam';
sept. 19 11:57:44 KeySAS keysas-admin.desktop[2126]: 2023-09-19T09:57:44.692Z DEBUG [keysas_admin::store] Found: 192.168.0.2
sept. 19 11:57:44 KeySAS keysas-admin.desktop[2126]: 2023-09-19T09:57:44.693Z INFO [ssh_rs::session] start for version negotiation.
sept. 19 11:57:44 KeySAS keysas-admin.desktop[2126]: 2023-09-19T09:57:44.704Z INFO [ssh_rs::config::version] server version: [SSH-2.0-OpenSSH_9.2p1 Debian-2]
sept. 19 11:57:44 KeySAS keysas-admin.desktop[2126]: 2023-09-19T09:57:44.704Z INFO [ssh_rs::config::version] version negotiation was successful.
sept. 19 11:57:44 KeySAS keysas-admin.desktop[2126]: 2023-09-19T09:57:44.704Z INFO [ssh_rs::config::version] client version: [SSH-2.0-SSH_RS-0.3.2]
sept. 19 11:57:44 KeySAS keysas-admin.desktop[2126]: 2023-09-19T09:57:44.706Z INFO [ssh_rs::config::algorithm] server key exchange: ["sntrup761x25519-sha512@openssh.com", "curve25519-sha256", "curve25519-sha256@libssh.org", "ecdh-sha2-nistp256", "ecdh-sha2-nistp384", "ecdh-sha2-nistp521", "diffie-hellman-group-exchange-sha256", "diffie-hellman-group16-sha512", "diffie-hellman-group18-sha512", "diffie-hellman-group14-sha256"]
sept. 19 11:57:44 KeySAS keysas-admin.desktop[2126]: 2023-09-19T09:57:44.707Z INFO [ssh_rs::config::algorithm] server public key: ["rsa-sha2-512", "rsa-sha2-256", "ecdsa-sha2-nistp256", "ssh-ed25519"]
sept. 19 11:57:44 KeySAS keysas-admin.desktop[2126]: 2023-09-19T09:57:44.707Z INFO [ssh_rs::config::algorithm] server c2s encryption: ["chacha20-poly1305@openssh.com", "aes128-ctr", "aes192-ctr", "aes256-ctr", "aes128-gcm@openssh.com", "aes256-gcm@openssh.com"]
sept. 19 11:57:44 KeySAS keysas-admin.desktop[2126]: 2023-09-19T09:57:44.707Z INFO [ssh_rs::config::algorithm] server s2c encryption: ["chacha20-poly1305@openssh.com", "aes128-ctr", "aes192-ctr", "aes256-ctr", "aes128-gcm@openssh.com", "aes256-gcm@openssh.com"]
sept. 19 11:57:44 KeySAS keysas-admin.desktop[2126]: 2023-09-19T09:57:44.707Z INFO [ssh_rs::config::algorithm] server c2s mac: ["umac-64-etm@openssh.com", "umac-128-etm@openssh.com", "hmac-sha2-256-etm@openssh.com", "hmac-sha2-512-etm@openssh.com", "hmac-sha1-etm@openssh.com", "umac-64@openssh.com", "umac-128@openssh.com", "hmac-sha2-256", "hmac-sha2-512", "hmac-sha1"]
sept. 19 11:57:44 KeySAS keysas-admin.desktop[2126]: 2023-09-19T09:57:44.707Z INFO [ssh_rs::config::algorithm] server s2c mac: ["umac-64-etm@openssh.com", "umac-128-etm@openssh.com", "hmac-sha2-256-etm@openssh.com", "hmac-sha2-512-etm@openssh.com", "hmac-sha1-etm@openssh.com", "umac-64@openssh.com", "umac-128@openssh.com", "hmac-sha2-256", "hmac-sha2-512", "hmac-sha1"]
sept. 19 11:57:44 KeySAS keysas-admin.desktop[2126]: 2023-09-19T09:57:44.707Z INFO [ssh_rs::config::algorithm] server c2s compression: ["none", "zlib@openssh.com"]
sept. 19 11:57:44 KeySAS keysas-admin.desktop[2126]: 2023-09-19T09:57:44.707Z INFO [ssh_rs::config::algorithm] server s2c compression: ["none", "zlib@openssh.com"]
sept. 19 11:57:44 KeySAS keysas-admin.desktop[2126]: 2023-09-19T09:57:44.707Z DEBUG [ssh_rs::config::algorithm] converted server algorithms: [kex: "curve25519-sha256,ecdh-sha2-nistp256,diffie-hellman-group14-sha256", pubkey: "rsa-sha2-512,rsa-sha2-256,ssh-ed25519", c_enc: "chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr", s_enc: "chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr", c_mac: "hmac-sha2-256,hmac-sha2-512,hmac-sha1", s_mac: "hmac-sha2-256,hmac-sha2-512,hmac-sha1", c_compress: "none", s_compress: "none"]
sept. 19 11:57:44 KeySAS keysas-admin.desktop[2126]: 2023-09-19T09:57:44.707Z INFO [ssh_rs::client::client_kex] start for key negotiation.
sept. 19 11:57:44 KeySAS keysas-admin.desktop[2126]: 2023-09-19T09:57:44.707Z INFO [ssh_rs::client::client_kex] send client algorithm list.
sept. 19 11:57:44 KeySAS keysas-admin.desktop[2126]: 2023-09-19T09:57:44.707Z INFO [ssh_rs::config::algorithm] client algorithms: [kex: "curve25519-sha256,ecdh-sha2-nistp256", pubkey: "ssh-ed25519,rsa-sha2-512,rsa-sha2-256", c_enc: "chacha20-poly1305@openssh.com", s_enc: "chacha20-poly1305@openssh.com", c_mac: "hmac-sha2-512,hmac-sha2-256", s_mac: "hmac-sha2-512,hmac-sha2-256", c_compress: "none", s_compress: "none"]
sept. 19 11:57:44 KeySAS keysas-admin.desktop[2126]: 2023-09-19T09:57:44.708Z INFO [ssh_rs::config::algorithm] matched algorithms [kex: "curve25519-sha256", pubkey: "ssh-ed25519", c_enc: "chacha20-poly1305@openssh.com", s_enc: "chacha20-poly1305@openssh.com", c_mac: "hmac-sha2-512", s_mac: "hmac-sha2-512", c_compress: "none", s_compress: "none"]
sept. 19 11:57:44 KeySAS keysas-admin.desktop[2126]: 2023-09-19T09:57:44.790Z INFO [ssh_rs::client::client_kex] signature verification success.
sept. 19 11:57:44 KeySAS keysas-admin.desktop[2126]: 2023-09-19T09:57:44.790Z INFO [ssh_rs::client::client_kex] send new keys
sept. 19 11:57:44 KeySAS keysas-admin.desktop[2126]: 2023-09-19T09:57:44.790Z INFO [ssh_rs::client::client_kex] key negotiation successful.
sept. 19 11:57:44 KeySAS keysas-admin.desktop[2126]: 2023-09-19T09:57:44.790Z INFO [ssh_rs::client::client_auth] Auth start
sept. 19 11:57:44 KeySAS keysas-admin.desktop[2126]: 2023-09-19T09:57:44.843Z INFO [ssh_rs::client::client_auth] public key authentication. algorithm: ssh-ed25519
sept. 19 11:57:44 KeySAS keysas-admin.desktop[2126]: 2023-09-19T09:57:44.890Z ERROR [ssh_rs::client::client_auth] user auth failure. (public key)
sept. 19 11:57:44 KeySAS keysas-admin.desktop[2126]: 2023-09-19T09:57:44.890Z INFO [ssh_rs::client::client_auth] fallback to password authentication
sept. 19 11:57:44 KeySAS keysas-admin.desktop[2126]: 2023-09-19T09:57:44.890Z INFO [ssh_rs::client::client_auth] password authentication.
sept. 19 11:57:44 KeySAS keysas-admin.desktop[2126]: 2023-09-19T09:57:44.913Z ERROR [ssh_rs::client::client_auth] user auth failure. (password)
sept. 19 11:57:44 KeySAS keysas-admin.desktop[2126]: 2023-09-19T09:57:44.914Z ERROR [keysas_admin] Failed to open ssh connection with station: Error: { Kind(SshError("user auth failure.")) }
sept. 19 11:57:46 KeySAS keysas-admin.desktop[2126]: 2023-09-19T09:57:46.263Z WARN [keysas_admin] is_alive: Name must not be empty
Do you have any ideas to solve the problem?
Edit: Better log view
r3dlight commented
Hi,
For the first connexion, keysas-admin tries to connect using user keysas and password Changeme007 (see https://keysas.fr/raspberry.html#keysas-admin-desktop-client). Password auth is then disabled when first enrolling the new station using keysas-admin.
Please ensure that user keysas has the following sudo access :
https://github.com/r3dlight/keysas/blob/main/keysas-core/debian/keysas-sudoconfig in /etc/sudoers.d/ like this :
install -v -o root -g root -m 0644 debian/keysas-sudoconfig /etc/sudoers.d/010_keysas
estebanbecker commented
Thank you, i wasn't looking in the good pages: https://keysas.fr/keysas-admin.html
r3dlight commented
Glad, it helped :)
I'll make sure to update the documentation to clarify that point.