currently I am trying to connect to ssh with golang.
I enabled the PasswordAuthentication on the server and testet it by conecting via terminal this
worked like a charm no problems at all. The final goal ist to connect to a MySQL DB via ssh tunnel.
sshConfig := &ssh.ClientConfig{
User: os.Getenv("SSH_USER"),
Auth: []ssh.AuthMethod{
ssh.Password(""),
},
HostKeyCallback: ssh.InsecureIgnoreHostKey(),
}
conn, err := ssh.Dial("tcp", "", sshConfig)
if err != nil {
return nil, err
}
The credentials were loaded via env vars and they also worked.
But the ssh.Dial funtion threw allways follwing error:
ssh: handshake failed: ssh: unable to authenticate, attempted methods [none password], no supported methods remain
I checked /etc/ssh/sshd_config
I tried to use the same authentication method via the terminal and it worked
I checked the credentials
Am I missing something ?
Thanks in advance.
Related
I am trying to establish SSH Connection to remote server using public Key certificate. I am using golang golang.org/x/crypto/ssh pkg. I am validating host authenticity with knownhosts.New and my config looks like this.
hostkeyCallback, err = knownhosts.New("/home/user/.ssh/known_hosts")
config := &ssh.ClientConfig{
User: user,
Auth: []ssh.AuthMethod{
ssh.PublicKeys(certSigner),
},
HostKeyAlgorithms: []string{
ssh.KeyAlgoED25519,
},
Timeout: 10 * time.Second,
HostKeyCallback: hostkeyCallback,
}
// Establish connection
conn, err := ssh.Dial("tcp", ip+":22", config)
This gives me ssh: handshake failed: ssh: host key mismatch.
I checked the .ssh/known_hosts file and it's looking good. I don't see any duplicate entry or so.
Also, the output format of hostkeyCallback is JSON and which is not supported. surprisingly This is what I get in Info logs of hostkeyCallback.
"HostcallBack","Value: Error":"json: unsupported type: ssh.HostKeyCallback"
Can someone please help me on this ?
I'm using a Go API and I need to connect it to my Cassandra DB on a Google Cloud server.
This is my Go connection code:
func SetupDBConnection() {
cluster := gocql.NewCluster("XX.XXX.XXX.XXX")
cluster.Keyspace = "afterstr"
cluster.Consistency = gocql.Quorum
s, err := cluster.CreateSession()
if err != nil {
fmt.Println(err)
}
}
But, when I run this code, I have this error:
gocql: unable to create session: control: unable to connect to initial hosts: dial tcp xx.xxx.xxx.xxx:9042: i/o timeout
This is my Google Cloud configuration:
I also modified the cassandra.yaml file in my server to change the listen address and the RPC address to put my IP with the port I use to run my Go program that I opened.
(It is opened 3 times because I was just testing something)
Try:
cluster.Authenticator = gocql.PasswordAuthenticator{Username: username, Password: password}
I'm attempting to connect to RabbitMQ with amqps:// in Go using streadway/amqp. I can connect successfully with amqp://. When enabling TLS and using amqps:// I get the following error:
panic: remote error: tls: handshake failure
RabbitMQ is running in docker with the following environment variables and settings:
environment:
RABBITMQ_SSL_CACERTFILE: /ca_certificate.pem
RABBITMQ_SSL_CERTFILE: /server_certificate.pem
RABBITMQ_SSL_KEYFILE: /server_key.pem
ports:
- 5671:5671 # Note that 5671 is for tls and 5672 is non-tls
volumes:
- ./ca_certificate.pem:/ca_certificate.pem:ro
- ./server_certificate.pem:/server_certificate.pem:ro
- ./server_key.pem:/server_key.pem:ro
I've tried the following with amqp/streadway:
err := amqp.DialTLS(amqps://guest:guest#localhost:5671", nil)
if err != nil {
panic(err)
}
I've also tried reading the cert files, creating a key pair, and appending the certificate authority to the cert pool and using it that way in a tls.Config{} with the following functions:
tls.LoadX509KeyPair()
x509.NewCertPool().AppendCertsFromPEM()
I generate the certs with mkcert for 127.0.0.1, localhost, rabbitmq.
According to some answers that aren't related to RabbitMQ, some people suggest the ciphers could be wrong. So I took a look at what ciphers rabbitmq is using:
$ openssl s_client -connect localhost:5671 -tls1
Protocol : TLSv1
Cipher : ECDHE-RSA-AES256-SHA
<etc etc...>
Verify return code: 0 (ok)
There are also one or two errors when I run the above command, but I'm guessing it's because I'm not providing the CA certificate in this command (I'm using MacOS). Maybe related, maybe not, as I don't have this issue with postgres, for example:
verify error:num=19:self signed certificate in certificate chain
verify return:0
4644699756:error:1401E410:SSL routines:CONNECT_CR_FINISHED:sslv3 alert handshake failure:/AppleInternal/BuildRoot/Library/Caches/com.apple.xbs/Sources/libressl/libressl-47.100.4/libressl-2.8/ssl/ssl_pkt.c:1200:SSL alert number 40
Then I use the following tls.Config settings in golang:
tlsConfig := &tls.Config{
Certificates: []tls.Certificate{cert}, // from tls.LoadX509KeyPair
RootCAs: caCertPool,
CipherSuites: []uint16{
tls.TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384, // these look like they match the Cipher above
tls.TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA,
},
CurvePreferences: []tls.CurveID{tls.CurveP521, tls.CurveP384, tls.CurveP256},
PreferServerCipherSuites: true,
InsecureSkipVerify: true,
MinVersion: tls.VersionTLS10,
}
I still have the same issue. I highly doubt it's the library, it must be something I'm doing wrong, but what is it?
I reproduced your setup. It doesn't work because you need to configure the AMQP connection with the client certs.
Using mkcert: mkcert -client rabbitmq.test localhost 127.0.0.1 ::1 (note the -client flag).
After this, you just need to pass the client certs into your AMQP tlsConfig with tls.LoadX509KeyPair, and it should just work:
cert, err := tls.LoadX509KeyPair("./rabbitmq.test+3-client.pem", "./rabbitmq.test+3-client-key.pem")
// Load CA cert
caCert, err := ioutil.ReadFile("./rootCA.pem") // The same you configured in your MQ server
if err != nil {
log.Fatal(err)
}
caCertPool := x509.NewCertPool()
caCertPool.AppendCertsFromPEM(caCert)
tlsConfig := &tls.Config{
Certificates: []tls.Certificate{cert}, // from tls.LoadX509KeyPair
RootCAs: caCertPool,
// ...other options are just the same as yours
}
conn, err := amqp.DialTLS("amqps://test:secret#127.0.0.1:5671", tlsConfig)
if err != nil {
panic(err) // does not panic!
}
// ... application code
PS: in my setup I used some different names (user/password/container) than yours, but those should be irrelevant
I tried to connect to one of my virtual machines using SSH and Go.
It works perfectly fine via command line if i do it like so:
ssh root#my_host
I type in the password and it works all good.
I tried to do it in Go, here is my code:
package main
import (
"golang.org/x/crypto/ssh"
"fmt"
)
func connectViaSsh(user, host string, password string) (*ssh.Client, *ssh.Session) {
config := &ssh.ClientConfig{
User: user,
Auth: []ssh.AuthMethod{ssh.Password(password)},
HostKeyCallback: ssh.InsecureIgnoreHostKey(),
}
client, err := ssh.Dial("tcp", host, config)
fmt.Println(err)
session, err := client.NewSession()
fmt.Println(err)
return client, session
}
func main() {
client, _ := connectViaSsh("root", "host:22", "password")
client.Close()
}
If i run it it returns an error:
ssh: handshake failed: ssh: unable to authenticate, attempted methods [none], no supported methods remain
Does anyone have any idea what might cause such an error. It works just fine using paramiko in Python, and in shell but fails in Go. Is there something i'm missing?
As pointed by #JimB and #putu my server doesn't have Password Authentication enabled.
To verify that i ran ssh with verbose option and it gave me back all supported authentication methods.
In my case it turned out to be following:
debug1 : Authentications that can continue: publickey,keyboard-interactive,hostbased
So i had 2 options to go with, either enable password authentication on the server or use other method to authenticate.
To enable password authentication connect to your server and open sshd config file like so:
vi /etc/ssh/sshd_config
Find line saying: PasswordAuthentication no
Change it to yes, save changes and restart sshd service: service ssh restart
After that password authentication method starts to work as expected.
Alternatively other methods can be used, i decided to try keyboard-interactive, the one user usually has when connects over the terminal using ssh.
Here is the code snippet that does just that, sends password after password question is asked by remote server:
package main
import (
"bytes"
"golang.org/x/crypto/ssh"
"fmt"
)
func connectViaSsh(user, host string, password string) (*ssh.Client, *ssh.Session) {
config := &ssh.ClientConfig{
User: user,
Auth: []ssh.AuthMethod{
ssh.KeyboardInteractive(SshInteractive),
},
HostKeyCallback: ssh.InsecureIgnoreHostKey(),
}
client, err := ssh.Dial("tcp", host, config)
fmt.Println(err)
session, err := client.NewSession()
fmt.Println(err)
return client, session
}
func SshInteractive(user, instruction string, questions []string, echos []bool) (answers []string, err error) {
answers = make([]string, len(questions))
// The second parameter is unused
for n, _ := range questions {
answers[n] = "your_password"
}
return answers, nil
}
func main() {
var b bytes.Buffer
client, session := connectViaSsh("root", "host:22", "password")
session.Stdout = &b
session.Run("ls")
fmt.Println(b.String())
client.Close()
}
In my case server asks only one question which is password, if your server asks more than that you would need to build an entire chain of answers to feed back in.
I am trying to authenticate with LDAP server using goLang also trying to search the user.
I am new to goLang and LDAP so I pulled GitHub code.
While trying with below code, I am getting error in authentication
func ExampleLDAPClient_Authenticate() {
client := &ldap.LDAPClient{
Base: "cn=admin,dc=testing,dc=io",
Host: "52.51.245.219",
Port: 389,
UseSSL: false,
BindDN: "cn=admin,dc=testing,dc=io",
BindPassword: "test123",
UserFilter: "(uid='*api*')",
// GroupFilter: "(memberUid=%s)",
Attributes: []string{"givenName", "sn", "mail", "uid"},
}
defer client.Close()
username := "cn=admin,dc=testing,dc=io"
password := "test123"
ok, user, err := client.Authenticate(username, password)
if err != nil {
log.Fatalf("Error authenticating user %s: %+v", "*cn=admin,dc=testing,dc=io*", err)
}
if !ok {
log.Fatalf("Authenticating failed for user %s", "*cn=admin,dc=testing,dc=io*")
}
log.Printf("User: %+v", user)
}
go run example.go
2016/10/06 23:52:25 Error authenticating user *cn=admin,dc=testing,dc=io*: LDAP Result Code 201 "": ldap: finished compiling filter with extra at end: %!(EXTRA string=bmui)
Note: LDAP server working with http connection
Could anyone help me to fix this...
What library is this?
I have used http://gopkg.in/ldap.v2 and in my case it was working well (with OpenLDAP server at least). It may be worth trying it - it seems to be the most used library.