Kubernetes - invalid memory address or nil pointer dereference
mbrown1508 opened this issue · 1 comments
mbrown1508 commented
When attempting to ssh to a container using password, error occurs preventing connection and any further connections. Running k3s v1.24.4+k3s1, have also tried on minikube with similar results. Have also tried with latest as well as building from the repo with the same results.
The configuration is from the examples, unsure if I am doing something wrong.
Commands Run
kubectl apply -f sshpiper-crd.yml
kubectl apply -f sshpiper-sample.yml
kubectl port-forward service/sshpiper 2222:2222 # In another tab
ssh password_simple1@localhost -p 2222
logs pod/sshpiper-deployment
Generating public/private rsa key pair.
Your identification has been saved in /etc/ssh/ssh_host_rsa_key
Your public key has been saved in /etc/ssh/ssh_host_rsa_key.pub
The key fingerprint is:
SHA256:7Ee3EvjuV7iWwXtJ9AH/r4mDqSGwgJp+y8oVB9LsEyo root@sshpiper-deployment-7cccf87fdf-2nkks
The key's randomart image is:
+---[RSA 3072]----+
| |
| o . |
| . = o |
| .+ o . . .o |
|E..+.. S o..o .o|
|o. .+o . o o+.o o|
|o .. . o +o.B ..|
|o o. . +o.B.o..|
| +oo. .ooo.oo. |
+----[SHA256]-----+
time="2022-10-23T05:33:33Z" level=info msg="starting sshpiperd version: 1.0.50, 319824e56, 2022-08-05T23:08:01Z, go1.19"
time="2022-10-23T05:33:33Z" level=info msg="found host keys [/etc/ssh/ssh_host_rsa_key]"
time="2022-10-23T05:33:33Z" level=info msg="loading host key /etc/ssh/ssh_host_rsa_key"
time="2022-10-23T05:33:33Z" level=info msg="starting child process plugin: [/sshpiperd/plugins/kubernetes]"
time="2022-10-23T05:33:33Z" level=info msg="sshpiperd is listening on: [::]:2222"
time="2022-10-23T05:33:50Z" level=debug msg="connection accepted: 127.0.0.1:48240"
time="2022-10-23T05:33:51Z" level=debug msg="connection from 127.0.0.1:48240 establishing failed reason: EOF"
time="2022-10-23T05:33:59Z" level=debug msg="connection accepted: 127.0.0.1:51082"
time="2022-10-23T05:34:00Z" level=debug msg="next auth methods [password]"
time="2022-10-23T05:34:03Z" level=debug msg="downstream 127.0.0.1:51082 is sending password auth"
panic: runtime error: invalid memory address or nil pointer dereference
[signal SIGSEGV: segmentation violation code=0x1 addr=0x0 pc=0x12fd7bb]
goroutine 30 [running]:
main.(*plugin).createUpstream(0xc000747c80, {0x180cbc0, 0xc0000bacc0}, 0xc000382000, {0xc00068fa30, 0x4})
/src/plugin/kubernetes/kubernetes.go:157 +0x25b
main.(*plugin).findAndCreateUpstream(0xc000747c80, {0x180cbc0, 0xc0000bacc0}, {0xc00068fa30, 0x4}, {0x0, 0x0, 0xc0001e29f0?})
/src/plugin/kubernetes/kubernetes.go:194 +0x333
main.main.func1.2({0x180cbc0, 0xc0000bacc0}, {0xc000047858?, 0x40b605?, 0x14e0d80?})
/src/plugin/kubernetes/main.go:25 +0x6b
github.com/tg123/sshpiper/libplugin.(*server).PasswordAuth(0x14cbcc0?, {0xc000198190?, 0x49ed46?}, 0x1588920?)
/src/libplugin/pluginbase.go:243 +0x45
github.com/tg123/sshpiper/libplugin._SshPiperPlugin_PasswordAuth_Handler({0x1537140?, 0xc0001fb080}, {0x1817bc0, 0xc000191110}, 0xc0000bac60, 0x0)
/src/libplugin/plugin_grpc.pb.go:357 +0x170
google.golang.org/grpc.(*Server).processUnaryRPC(0xc00029c380, {0x181c5d8, 0xc000602b60}, 0xc00027e6c0, 0xc000747e00, 0x224a9e0, 0x0)
/go/pkg/mod/google.golang.org/grpc@v1.47.0/server.go:1283 +0xcfe
google.golang.org/grpc.(*Server).handleStream(0xc00029c380, {0x181c5d8, 0xc000602b60}, 0xc00027e6c0, 0x0)
/go/pkg/mod/google.golang.org/grpc@v1.47.0/server.go:1620 +0xa2f
google.golang.org/grpc.(*Server).serveStreams.func1.2()
/go/pkg/mod/google.golang.org/grpc@v1.47.0/server.go:922 +0x98
created by google.golang.org/grpc.(*Server).serveStreams.func1
/go/pkg/mod/google.golang.org/grpc@v1.47.0/server.go:920 +0x28a
time="2022-10-23T05:34:03Z" level=error msg="cmd /sshpiperd/plugins/kubernetes error: exit status 2"
time="2022-10-23T05:34:03Z" level=error msg="cannot create upstream for 127.0.0.1:51082 with password auth: rpc error: code = Unavailable desc = error reading from server: EOF"
time="2022-10-23T05:34:03Z" level=error msg="recv log error: rpc error: code = Unavailable desc = error reading from server: EOF"
time="2022-10-23T05:34:03Z" level=error msg="plugin /sshpiperd/plugins/kubernetes recv logs error: rpc error: code = Unavailable desc = error reading from server: EOF"
time="2022-10-23T05:34:03Z" level=error msg="cannot get next auth methods rpc error: code = Unavailable desc = connection error: desc = \"transport: failed to write client preface: write |1: file already closed\""
time="2022-10-23T05:34:03Z" level=debug msg="next auth methods []"
time="2022-10-23T05:34:04Z" level=debug msg="downstream 127.0.0.1:51082 is sending password auth"
time="2022-10-23T05:34:04Z" level=error msg="cannot create upstream for 127.0.0.1:51082 with password auth: rpc error: code = Unavailable desc = connection error: desc = \"transport: failed to write client preface: write |1: file already closed\""
time="2022-10-23T05:34:04Z" level=error msg="cannot get next auth methods rpc error: code = Unavailable desc = connection error: desc = \"transport: failed to write client preface: write |1: file already closed\""
time="2022-10-23T05:34:04Z" level=debug msg="next auth methods []"
time="2022-10-23T05:34:04Z" level=debug msg="downstream 127.0.0.1:51082 is sending password auth"
time="2022-10-23T05:34:04Z" level=error msg="cannot create upstream for 127.0.0.1:51082 with password auth: rpc error: code = Unavailable desc = connection error: desc = \"transport: failed to write client preface: write |1: file already closed\""
time="2022-10-23T05:34:04Z" level=error msg="cannot get next auth methods rpc error: code = Unavailable desc = connection error: desc = \"transport: failed to write client preface: write |1: file already closed\""
time="2022-10-23T05:34:04Z" level=debug msg="next auth methods []"
time="2022-10-23T05:34:05Z" level=debug msg="connection from 127.0.0.1:51082 establishing failed reason: [ssh: no auth passed yet, rpc error: code = Unavailable desc = error reading from server: EOF, rpc error: code = Unavailable desc = connection error: desc = \"transport: failed to write client preface: write |1: file already closed\", rpc error: code = Unavailable desc = connection error: desc = \"transport: failed to write client preface: write |1: file already closed\"]"
sshpiper-crd.yml
apiVersion: apiextensions.k8s.io/v1
kind: CustomResourceDefinition
metadata:
name: pipes.sshpiper.com
spec:
group: sshpiper.com
names:
kind: Pipe
listKind: PipeList
plural: pipes
singular: pipe
scope: Namespaced
versions:
- name: v1beta1
schema:
openAPIV3Schema:
properties:
apiVersion:
description: 'APIVersion defines the versioned schema of this representation
of an object. Servers should convert recognized schemas to the latest
internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
type: string
kind:
description: 'Kind is a string value representing the REST resource this
object represents. Servers may infer this from the endpoint the client
submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
type: string
metadata:
type: object
spec:
properties:
from:
items:
properties:
authorized_keys_data:
type: string
username:
type: string
username_regex_match:
type: boolean
required:
- username
type: object
type: array
to:
properties:
host:
type: string
ignore_hostkey:
type: boolean
known_hosts_data:
type: string
private_key_secret:
description: LocalObjectReference contains enough information
to let you locate the referenced object inside the same namespace.
properties:
name:
description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
TODO: Add other useful fields. apiVersion, kind, uid?'
type: string
type: object
username:
type: string
required:
- host
type: object
required:
- from
- to
type: object
required:
- spec
type: object
served: true
storage: true
sshpiper-sample.yml
# sshpiper service
---
apiVersion: v1
kind: Service
metadata:
name: sshpiper
spec:
selector:
app: sshpiper
ports:
- protocol: TCP
port: 2222
---
apiVersion: apps/v1
kind: Deployment
metadata:
name: sshpiper-deployment
labels:
app: sshpiper
spec:
replicas: 1
selector:
matchLabels:
app: sshpiper
template:
metadata:
labels:
app: sshpiper
spec:
serviceAccountName: sshpiper-account
containers:
- name: sshpiper
image: farmer1992/sshpiperd:v1.0.50
imagePullPolicy: Always
ports:
- containerPort: 2222
env:
- name: PLUGIN
value: "kubernetes"
- name: SSHPIPERD_LOG_LEVEL
value: "trace"
---
apiVersion: rbac.authorization.k8s.io/v1
kind: Role
metadata:
name: sshpiper-reader
rules:
- apiGroups: [""]
resources: ["secrets"]
verbs: ["get"]
- apiGroups: ["sshpiper.com"]
resources: ["pipes"]
verbs: ["get", "list", "watch"]
---
apiVersion: rbac.authorization.k8s.io/v1
kind: RoleBinding
metadata:
name: read-sshpiper
subjects:
- kind: ServiceAccount
name: sshpiper-account
roleRef:
kind: Role
name: sshpiper-reader
apiGroup: rbac.authorization.k8s.io
---
apiVersion: v1
kind: ServiceAccount
metadata:
name: sshpiper-account
# pipe to a password based sshd
---
apiVersion: sshpiper.com/v1beta1
kind: Pipe
metadata:
name: pipe-password1
spec:
from:
- username: "password_simple1"
to:
host: host-password1:2222
username: "user"
ignore_hostkey: true
---
apiVersion: v1
kind: Service
metadata:
name: host-password1
spec:
selector:
app: host-password1
ports:
- protocol: TCP
port: 2222
---
apiVersion: v1
kind: Pod
metadata:
name: host-password1
labels:
app: host-password1
spec:
containers:
- name: host-password1
image: lscr.io/linuxserver/openssh-server:latest
ports:
- containerPort: 2222
env:
- name: PASSWORD_ACCESS
value: "true"
- name: USER_PASSWORD
value: "pass1"
- name: USER_NAME
value: "user"
# pipe to a password based sshd
---
apiVersion: sshpiper.com/v1beta1
kind: Pipe
metadata:
name: pipe-password2
spec:
from:
- username: "password_simple2"
to:
host: host-password2:2222
username: "user"
ignore_hostkey: true
---
apiVersion: v1
kind: Service
metadata:
name: host-password2
spec:
selector:
app: host-password2
ports:
- protocol: TCP
port: 2222
---
apiVersion: v1
kind: Pod
metadata:
name: host-password2
labels:
app: host-password2
spec:
containers:
- name: host-password2
image: lscr.io/linuxserver/openssh-server:latest
ports:
- containerPort: 2222
env:
- name: PASSWORD_ACCESS
value: "true"
- name: USER_PASSWORD
value: "pass2"
- name: USER_NAME
value: "user"
tg123 commented
Thanks for reporting.
fixed in latest version
this is because there is an internal version, I did not copy the code fully.
I will do cleanup and make sure no private code anymore