ssh_client API

[TJ Molnar]

I was hoping to use ssh_client in a personal project of mine, however, I haven't been able to get a connection to start. I feel like I'm missing something obvious. Any input would be very much appreciated.

In my project, I'm only interested in creating ssh tunnels, so I don't really need hterm as a front end.  At this stage my setup is netcat listening for a connection from ssh_client on port 2222.

'use strict';

var ssh = {};

ssh.initPlugin = function(){

  var onPluginLoaded = () => {

    console.log('PLUGIN_LOADING_COMPLETE');

  };

  

  this.plugin = window.document.createElement('embed');

  this.plugin.style.cssText =

      ('position: absolute;' +

       'top: 0px' +

       'width: 0px;' +

       'height: 0px;');

  const pluginURL = `plugin/ssh_client.nmf`;

  this.plugin.setAttribute('src', pluginURL);

  this.plugin.setAttribute('type', 'application/x-nacl');

  this.plugin.addEventListener('load', onPluginLoaded);

  

  var onPluginMessage = function(e) {

    e = JSON.parse(e.data);

    console.log(e.name + ": " + e.arguments);

  };

  this.plugin.addEventListener('message', onPluginMessage.bind(this))

  var errorHandler = (ev) => {

    console.error('loading plugin failed', ev);

  };

  this.plugin.addEventListener('crash', errorHandler);

  this.plugin.addEventListener('error', errorHandler);

  document.body.appendChild(this.plugin);

};

ssh.sendToPlugin = function(name, args) {

  var str = JSON.stringify({name: name, arguments: args});

  this.plugin.postMessage(str);

};

ssh.parms = function (inUser,inHost,inPort,inKey,inArgs){

  this.argv = {

    terminalWidth: 0,

    terminalHeight: 0,

    useJsSocket: false,

    writeWindow: 8192,

    arguments: ["-C","-p"+inPort,"-l"+inUser,inHost]

  };

  //TODO

  //,"-i /.ssh/"+inKey

  //inArgs

}

ssh.parms("test","100.69.48.115","2222","myKey",[]);

ssh.initPlugin();

var counter = 0;

setInterval(function(){

  ssh.sendToPlugin('startSession', [ssh.argv]);

  console.log("CONNECT: " + counter);

  counter++;

},10000);

I keep getting printLog: startSession: invalid arguments is there something wrong with my session object I'm trying to pass?

[TJ Molnar]

EDIT: Still can't create a session but a correction

ssh.sendToPlugin = function(name, args) {

  var str = JSON.stringify({name: name, arguments: args});

  console.log("SENDING: " + str)

  this.plugin.postMessage({name: name, arguments: args});

};

[Mike Frysinger]

are you using the prebuilt binaries, or building it yourself ?  i'm wondering what version you're using as we've been changing the API quite a bit recently to optimize.

-mike

--
You received this message because you are subscribed to the Google Groups "chromium-hterm" group.
To view this discussion on the web visit https://groups.google.com/a/chromium.org/d/msgid/chromium-hterm/424c8179-d098-4a9f-8549-bc319b9840cd%40chromium.org.

[TJ Molnar]

I'm using the prebuilt binaries from 0.10. Was there a significant API change since that version? 

[Mike Frysinger]

the 0.10 release predates all the changes we've been making, so it'd still use JSON+base64 strings.  starting with 0.11, we've been cutting away a lot of that stuff.  but we'll focus on 0.10 as that's what you're using.

i'm not sure your ssh object code is correct.  the "printLog: startSession: invalid arguments" message shows up if the argument isn't an object.

try adding console.log(ssh.argv) before calling ssh.sendToPlugin('startSession', [ssh.argv]) to make sure it's a proper object.

-mike

On Wed, Jan 30, 2019 at 9:46 PM TJ Molnar <tj....@gmail.com> wrote:

I'm using the prebuilt binaries from 0.10. Was there a significant API change since that version? 

--

You received this message because you are subscribed to the Google Groups "chromium-hterm" group.

To view this discussion on the web visit https://groups.google.com/a/chromium.org/d/msgid/chromium-hterm/48d77d5e-ec2d-4e05-8ff1-517bee3a0310%40chromium.org.

[TJ Molnar]

Just updated to 0.13 just to make it easier for myself in the future. Okay, so I was able to create a session because I can get the "session already started!"  error, however, I still don't get any connection on my netcat listener.

>

PLUGIN_LOADING_COMPLETE

openFile: 0,/dev/stdin,0

openFile: 1,/dev/stdout,1

openFile: 2,/dev/stderr,1

> ssh.argv

{arguments:

"-C",

"-p2222",

"-ltest",

"100.69.48.115"],

 

terminalHeight: 0,

terminalWidth: 0,

useJsSocket: false,

writeWindow: 8192}

 

> ssh.sendToPlugin("startSession",[ssh.argv])

> ssh.sendToPlugin("startSession",[ssh.argv])

printLog: startSession: session already started!

[Mike Frysinger]

you prob should add logs to secure shell and check the messages that flow back & forth.

--- a/nassh/js/nassh_command_instance.js

+++ b/nassh/js/nassh_command_instance.js

@@ -1103,6 +1103,7 @@ nassh.CommandInstance.prototype.createTtyStream = function(

  * @param {Array} arguments The message arguments.

  */

 nassh.CommandInstance.prototype.sendToPlugin_ = function(name, args) {

+console.log(`js->nacl ${name}`, args);

   this.plugin_.postMessage({name: name, arguments: args});

 };

 

@@ -1203,6 +1204,7 @@ nassh.CommandInstance.prototype.onBeforeUnload_ = function(e) {

  * plugin message into something dispatchMessage_ can digest.

  */

 nassh.CommandInstance.prototype.onPluginMessage_ = function(e) {

+console.log(`nacl->js ${e.data.name}`, e.data.arguments);

   // TODO: We should adjust all our callees to avoid this.

   e.data.argv = e.data.arguments;

   this.dispatchMessage_('plugin', this.onPlugin_, e.data);

23:53:09.959 nassh_command_instance.js:1106 js->nacl onResize (2) [175, 48]

23:53:10.021 nassh_command_instance.js:1106 js->nacl startSession [{…}]

23:53:10.022 nassh_command_instance.js:1207 nacl->js openFile (3) [0, "/dev/stdin", 0]

23:53:10.023 nassh_command_instance.js:1207 nacl->js openFile (3) [1, "/dev/stdout", 1]

23:53:10.027 nassh_command_instance.js:1207 nacl->js openFile (3) [2, "/dev/stderr", 1]

23:53:10.039 nassh_command_instance.js:1106 js->nacl onOpenFile (3) [0, true, true]

23:53:10.040 nassh_command_instance.js:1106 js->nacl onOpenFile (3) [1, true, true]

23:53:10.042 nassh_command_instance.js:1106 js->nacl onOpenFile (3) [2, true, true]

23:53:10.178 nassh_command_instance.js:1207 nacl->js write (2) [1, ArrayBuffer(73)]

23:53:10.187 nassh_command_instance.js:1106 js->nacl onWriteAcknowledge (2) [1, 73]

23:53:10.221 nassh_command_instance.js:1207 nacl->js write (2) [1, ArrayBuffer(28)]

23:53:10.227 nassh_command_instance.js:1106 js->nacl onWriteAcknowledge (2) [1, 101]

... session is now established ...

-mike

--

You received this message because you are subscribed to the Google Groups "chromium-hterm" group.

To view this discussion on the web visit https://groups.google.com/a/chromium.org/d/msgid/chromium-hterm/4ed0b48e-8e15-430a-89f3-06c3fdf8412c%40chromium.org.

[TJ Molnar]

Copied the actions of the app, but I'm still not getting a write response from the plugin. Any recommendations of how I could make the plugin more verbose? 

LOGS FROM APP

js->nacl onResize [105,31]

nassh_command_instance.js:1106 js->nacl startSession [{"terminalWidth":105,"terminalHeight":31,"useJsSocket":false,"environment":{"NCURSES_NO_UTF8_ACS":"1","TERM":"xterm-256color","COLORTERM":"truecolor"},"writeWindow":8192,"arguments":["-oSendEnv=NCURSES_NO_UTF8_ACS","-oSendEnv=TERM","-oSendEnv=COLORTERM","-ltjr3xx","107.180.40.56"]}]

nassh_command_instance.js:1208 nacl->js openFile [0,"/dev/stdin",0]

nassh_command_instance.js:1208 nacl->js openFile [1,"/dev/stdout",1]

nassh_command_instance.js:1208 nacl->js openFile [2,"/dev/stderr",1]

nassh_command_instance.js:1106 js->nacl onOpenFile [0,true,true]

nassh_command_instance.js:1106 js->nacl onOpenFile [1,true,true]

nassh_command_instance.js:1106 js->nacl onOpenFile [2,true,true]

nassh_command_instance.js:1106 js->nacl onResize [75,36]

nassh_command_instance.js:1208 nacl->js openFile [101,"/dev/tty",2]

nassh_command_instance.js:1106 js->nacl onOpenFile [101,true,true]

nassh_command_instance.js:1208 nacl->js close [101]

nassh_command_instance.js:1106 js->nacl onClose [101,"closed"]

nassh_command_instance.js:1208 nacl->js openFile [101,"/dev/tty",2]

nassh_command_instance.js:1106 js->nacl onOpenFile [101,true,true]

nassh_command_instance.js:1208 nacl->js write [101,{}]

nassh_command_instance.js:1208 nacl->js read [101,1]

nassh_command_instance.js:1106 js->nacl onWriteAcknowledge [101,33]

Logs from my Code

test.js:8 PLUGIN_LOADING

test.js:6 PLUGIN_LOADING_COMPLETE

test.js:21 NACL->JS: openFile: 0,/dev/stdin,0

test.js:21 NACL->JS: openFile: 1,/dev/stdout,1

test.js:21 NACL->JS: openFile: 2,/dev/stderr,1

ssh.connect()

test.js:38 JS->NACL: {"name":"onResize","arguments":[175,48]}

test.js:38 JS->NACL: {"name":"startSession","arguments":[{"terminalWidth":175,"terminalHeight":48,"useJsSocket":false,"writeWindow":8192,"arguments":["-C","-p22","-ltjr3xx","100.69.48.115"]}]}

test.js:38 JS->NACL: {"name":"openFile","arguments":[0,true,true]}

test.js:38 JS->NACL: {"name":"openFile","arguments":[1,true,true]}

test.js:38 JS->NACL: {"name":"openFile","arguments":[2,true,true]}

test.js:38 JS->NACL: {"name":"onResize","arguments":[175,48]}

[Mike Frysinger]

On Thu, Jan 31, 2019 at 10:24 AM TJ Molnar <tj....@gmail.com> wrote:

Copied the actions of the app, but I'm still not getting a write response from the plugin. Any recommendations of how I could make the plugin more verbose? 

LOGS FROM APP

js->nacl onResize [105,31]

nassh_command_instance.js:1106 js->nacl startSession [{"terminalWidth":105,"terminalHeight":31,"useJsSocket":false,"environment":{"NCURSES_NO_UTF8_ACS":"1","TERM":"xterm-256color","COLORTERM":"truecolor"},"writeWindow":8192,"arguments":["-oSendEnv=NCURSES_NO_UTF8_ACS","-oSendEnv=TERM","-oSendEnv=COLORTERM","-ltjr3xx","107.180.40.56"]}]

nassh_command_instance.js:1208 nacl->js openFile [0,"/dev/stdin",0]

nassh_command_instance.js:1208 nacl->js openFile [1,"/dev/stdout",1]

nassh_command_instance.js:1208 nacl->js openFile [2,"/dev/stderr",1]

nassh_command_instance.js:1106 js->nacl onOpenFile [0,true,true]

nassh_command_instance.js:1106 js->nacl onOpenFile [1,true,true]

nassh_command_instance.js:1106 js->nacl onOpenFile [2,true,true]

nassh_command_instance.js:1106 js->nacl onResize [75,36]

nassh_command_instance.js:1208 nacl->js openFile [101,"/dev/tty",2]

nassh_command_instance.js:1106 js->nacl onOpenFile [101,true,true]

nassh_command_instance.js:1208 nacl->js close [101]

nassh_command_instance.js:1106 js->nacl onClose [101,"closed"]

nassh_command_instance.js:1208 nacl->js openFile [101,"/dev/tty",2]

nassh_command_instance.js:1106 js->nacl onOpenFile [101,true,true]

nassh_command_instance.js:1208 nacl->js write [101,{}]

if you compare to my run, you should be writing an ArrayBuffer with bytes here, not an object ...

-mike

 

nassh_command_instance.js:1208 nacl->js read [101,1]

nassh_command_instance.js:1106 js->nacl onWriteAcknowledge [101,33]

Logs from my Code

test.js:8 PLUGIN_LOADING

test.js:6 PLUGIN_LOADING_COMPLETE

test.js:21 NACL->JS: openFile: 0,/dev/stdin,0

test.js:21 NACL->JS: openFile: 1,/dev/stdout,1

test.js:21 NACL->JS: openFile: 2,/dev/stderr,1

ssh.connect()

test.js:38 JS->NACL: {"name":"onResize","arguments":[175,48]}

test.js:38 JS->NACL: {"name":"startSession","arguments":[{"terminalWidth":175,"terminalHeight":48,"useJsSocket":false,"writeWindow":8192,"arguments":["-C","-p22","-ltjr3xx","100.69.48.115"]}]}

test.js:38 JS->NACL: {"name":"openFile","arguments":[0,true,true]}

test.js:38 JS->NACL: {"name":"openFile","arguments":[1,true,true]}

test.js:38 JS->NACL: {"name":"openFile","arguments":[2,true,true]}

test.js:38 JS->NACL: {"name":"onResize","arguments":[175,48]}

--

You received this message because you are subscribed to the Google Groups "chromium-hterm" group.

To view this discussion on the web visit https://groups.google.com/a/chromium.org/d/msgid/chromium-hterm/1276e1fc-957b-43ac-9fe6-616da49b4f0e%40chromium.org.

[TJ Molnar]

UPDATE: the problem I had before was my implementation of the javascript responses to the plugin. I was able to create a new thread, however I was hanging on the file_system_.WaitForStdFiles() function in the plugin. So all of my previous posts have been corrected.

Now everything seems like it should work, but no matter what host/port I try, I always get a ssh: connect to host 100.115.92.2 port 2222: Connection refused response. Keep in mind I can access any of the host/port combinations from the nassh app, so I'm wondering is there a security policy within NACL that is blocking my connection? (my code is running within an unpacked extension with permissions of  ["storage","tabs","activeTab"])

My CODE

PLUGIN_LOADING

PLUGIN_LOADING_COMPLETE

JS->NACL: {"name":"startSession","arguments":[{"terminalWidth":0,"terminalHeight":0,"useJsSocket":false,"writeWindow":8192,"arguments":["-C","-p2222","-ltest","100.115.92.2"]}]}

NACL->JS: openFile: 0,/dev/stdin,0

JS->NACL: {"name":"onOpenFile","arguments":[0,true,true]}

NACL->JS: openFile: 1,/dev/stdout,1

JS->NACL: {"name":"onOpenFile","arguments":[1,true,true]}

NACL->JS: openFile: 2,/dev/stderr,1

JS->NACL: {"name":"onOpenFile","arguments":[2,true,true]}

NACL->JS: write: 2,[object ArrayBuffer]

        ssh: connect to host 100.115.92.2 port 2222: Connection refused

JS->NACL: {"name":"onWriteAcknowledge","arguments":[2,66]}

NACL->JS: exit: 255

plugin exit: 255

JS->NACL: {"name":"onExitAcknowledge","arguments":[]}

[Mike Frysinger]

ah yeah you're going to run into problems now :).  we cover this in our hacking doc:

  https://chromium.googlesource.com/apps/libapps/+/master/nassh/doc/hack.md#Whitelisted-Permissions

there might be a way out for you as long as you can make a Chrome App.  Chrome Extensions don't support raw sockets (yet?), only Chrome Apps do.  see the Chrome APIs for details:

  https://developer.chrome.com/apps/sockets_tcp

be aware there's another API with confusingly similar name that is deprecated:

  https://developer.chrome.com/apps/socket

so lets assume you have a Chrome App and you have those permissions enabled.  the useJsSocket flag is there so the NaCl plugin will send all socket data/requests back to the JS world instead of making them directly itself (which requires the whitelisted NaCl private network permissions).  if you look at nassh_stream_relay_sshfe.js, that's a nassh.Stream implementation that takes care of converting data between WebSockets and the plugin's binary stream.  you'll have to implement your own nassh.Stream class that uses Chrome's socket APIs to make the connection & send data between the plugin world.

i haven't bothered doing this for Secure Shell because the future of these APIs are in such flux.  at some point, Chrome Extensions will be able to request access to the raw sockets APIs, and then i could migrate from the direct NaCl network connections to always going through the Chrome sockets code.  but until that stabilizes/settles down, there's other work to be done that i don't have to worry about it getting rewritten in the next year :/.

that said, if you wanted to put together a nassh.Stream class built on top of the Chrome sockets APIs and upload CLs for it, i'd be open to merging them to the official repo.

-mike

--

You received this message because you are subscribed to the Google Groups "chromium-hterm" group.

To view this discussion on the web visit https://groups.google.com/a/chromium.org/d/msgid/chromium-hterm/7c181fc0-002d-4a07-8e33-def40163b501%40chromium.org.

[TJ Molnar]

I take it that the "NaCl private network permissions" for nassh falls under special circumstances. Okay, so if I'm stuck using jsSockets I'll migrate away from my extension and set it up as an app. My school work is starting to pick up, but I'll provide an update when I have made significant progress. I'm quite busy too, however I would be interested in witting a stream file for nassh. As of now I was able to get the plugin to send a SSH hello message to netcat listener which read ssh-2.0-openssh_7.4 over chrome tcp sockets api. Thanks for the support.

-TJ

[Mike Frysinger]

yeah, "NaCl private network permissions" requires the extension id to be explicitly hardcoded in the Chromium browser source.  as you can imagine, that is only allowed for a very limited number of apps, and at this point is super deprecated.  so the chances of you getting your app listed is less than 0 :).

-mike

On Tue, Feb 5, 2019 at 5:55 PM TJ Molnar <tj....@gmail.com> wrote:

I take it that the "NaCl private network permissions" for nassh falls under special circumstances. Okay, so if I'm stuck using jsSockets I'll migrate away from my extension and set it up as an app. My school work is starting to pick up, but I'll provide an update when I have made significant progress. I'm quite busy too, however I would be interested in witting a stream file for nassh. As of now I was able to get the plugin to send a SSH hello message to netcat listener which read ssh-2.0-openssh_7.4 over chrome tcp sockets api. Thanks for the support.

-TJ

--

You received this message because you are subscribed to the Google Groups "chromium-hterm" group.

To view this discussion on the web visit https://groups.google.com/a/chromium.org/d/msgid/chromium-hterm/72168837-11fd-4504-b59b-50421b879a9b%40chromium.org.

[TJ Molnar]

I can't leave this stuff alone. So I was able to successfully able to get a session started with password authentication, but I had a couple of questions. After the plugin finishes the authentication process, I can write to fd 0 and it sends an encrypted packet and I get maybe three packets in response, I'm sending those back to the plugin over fd 100, so then shouldn't I get a NACL->JS: write: 1,[object ArrayBuffer] decrypted output? Furthermore when I'm using the -i flag I'm getting a load pubkey " ./myKey": Bad file number on fd 2, I was kind of assuming that if I was using -i the plugin would request this with openFile file request, how does the plugin handle this?

PLUGIN_LOADING

PLUGIN_LOADING_COMPLETE

JS->NACL: {"name":"startSession","arguments":[{"terminalWidth":500,"terminalHeight":300,"use

JsSocket":true,"writeWindow":8192,"arguments":["-C","-o UserKnownHostsFile=/dev/null","-o

StrictHostKeyChecking=no","-p5000","-ltest","100.115.92.2"]}]}

NACL->JS: openFile: 0,/dev/stdin,0

JS->NACL: {"name":"onOpenFile","arguments":[0,true,true]}

NACL->JS: openFile: 1,/dev/stdout,1

JS->NACL: {"name":"onOpenFile","arguments":[1,true,true]}

NACL->JS: openFile: 2,/dev/stderr,1

JS->NACL: {"name":"onOpenFile","arguments":[2,true,true]}

NACL->JS: openSocket: 100,100.115.92.2,5000

CONNECTED > 100.115.92.2:5000

JS->NACL: {"name":"onOpenSocket","arguments":[100,true,true]}

RECEIVING TO TEMP >  SSH-2.0-SSH Server - Banana Studio

NACL->JS: write: 100,[object ArrayBuffer]

SENDING Packet 0 > SSH-2.0-OpenSSH_7.9

NACL->JS: read: 100,1

JS->NACL: {"name":"onRead","arguments":[100,"U1NILTIuMC1TU0ggU2VydmVyIC0gQmFuYW5hIFN0dWRpbw0K"]}

NACL->JS: write: 100,[object ArrayBuffer]

SENDING Packet 1 > l ·² ¦aªsã»üŸó‹[íÅ

curve25519-sha256,curve255...@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c fecdsa-sha2-ni...@openssh.com,ecdsa-sha2-nis...@openssh.com,ecdsa-sha2-nis...@openssh.com,ssh-ed2551...@openssh.com,rsa-sha2-5...@openssh.com,rsa-sha2-2...@openssh.com,ssh-rsa-...@openssh.com,ecdsa-sha2-nistp256,ecdsa-sha2-nistp384,ecdsa-sha2-nistp521,ssh-ed25519,rsa-sha2-512,rsa-sha2-256,ssh-rsalchac...@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr,aes12...@openssh.com,aes25...@openssh.comlchacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr,aes12...@openssh.com,aes25...@openssh.comÕumac-64-etm@openssh.com,umac-1...@openssh.com,hmac-sha...@openssh.com,hmac-sha...@openssh.com,hmac-s...@openssh.com,uma...@openssh.com,umac...@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1Õumac-...@openssh.com,umac-1...@openssh.com,hmac-sha...@openssh.com,hmac-sha...@openssh.com,hmac-s...@openssh.com,uma...@openssh.com,umac...@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-s...@openssh.com,zlib,none...@openssh.com,zlib,none

RECEIVING >  | Ô`ÝÓ“Ú—ƒÿ‹ }* cµ·diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1 ssh-rsamaes128-ctr,aes192-ctr,aes256-ctr,arcfour128,arcfour256,aes128-cbc,3des-cbc,blowfish-cbc,aes192-cbc,aes256-cbcmaes128-ctr,aes192-ctr,aes256-ctr,arcfour128,arcfour256,aes128-cbc,3des-cbc,blowfish-cbc,aes192-cbc,aes256-cbcGhmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-md5,hmac-sha1-96,hmac-md5-96Ghmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-md5,hmac-sha1-96,hmac-md5-96 none noneù}’Ñi ÷OòÀæÉ:W

JS->NACL: {"name":"onRead","arguments":[100,"AAACfA8U1GDd05Pal4P/ix99KpBjtQAAALdkaWZmaWUtaGVsbG1hbi1ncm91cC1leGNoYW5nZS1zaGEyNTYsZGlmZmllLWhlbGxtYW4tZ3JvdXAtZXhjaGFuZ2Utc2hhMSxlY2RoLXNoYTItbmlzdHAyNTYsZWNkaC1zaGEyLW5pc3RwMzg0LGVjZGgtc2hhMi1uaXN0cDUyMSxkaWZmaWUtaGVsbG1hbi1ncm91cDE0LXNoYTEsZGlmZmllLWhlbGxtYW4tZ3JvdXAxLXNoYTEAAAAHc3NoLXJzYQAAAG1hZXMxMjgtY3RyLGFlczE5Mi1jdHIsYWVzMjU2LWN0cixhcmNmb3VyMTI4LGFyY2ZvdXIyNTYsYWVzMTI4LWNiYywzZGVzLWNiYyxibG93ZmlzaC1jYmMsYWVzMTkyLWNiYyxhZXMyNTYtY2JjAAAAbWFlczEyOC1jdHIsYWVzMTkyLWN0cixhZXMyNTYtY3RyLGFyY2ZvdXIxMjgsYXJjZm91cjI1NixhZXMxMjgtY2JjLDNkZXMtY2JjLGJsb3dmaXNoLWNiYyxhZXMxOTItY2JjLGFlczI1Ni1jYmMAAABHaG1hYy1zaGEyLTI1NixobWFjLXNoYTItNTEyLGhtYWMtc2hhMSxobWFjLW1kNSxobWFjLXNoYTEtOTYsaG1hYy1tZDUtOTYAAABHaG1hYy1zaGEyLTI1NixobWFjLXNoYTItNTEyLGhtYWMtc2hhMSxobWFjLW1kNSxobWFjLXNoYTEtOTYsaG1hYy1tZDUtOTYAAAAEbm9uZQAAAARub25lAAAAAAAAAAAAAAAAAB75fZLRaRT3T/LA5sk6Vw=="]}

NACL->JS: write: 100,[object ArrayBuffer]

SENDING Packet 2 > LA fßý ¥nî§ç aÝ hx0I³W` ¿„'- íý 0Nì$‰ 5 ‚º”øLïù¦`e n[2åê=) wÀÖþ§©

ssh.onPlugin.write @ ssh.js:111

RECEIVING >  „ ssh-rsa ª+e™ EDÐ#Ó>•¨È2™ uk™÷ò

5R·>F¦*ÍÌòܪxPb¿>(ò/@‹Å%­V|›;HÞ¦þpp ,Àéhí ÿùÒ¦ ~ S›îTÝ-l@G®è·>í`œv,duù4Ö­ÈMúÂ’£öÞçÙzD˜† k€„!å Ëc&ÜK> = I|Än.1‡v­ÚÉ®³µ§^O;ÞÿÕæìL~’€\÷ª6oJ*é¢n¶Zimôo&ÓEˆÒQÉÐé&ö Úêäסõ­ ¸^!Ô †ÀÁñ¥&4å¢ . ,ÖýKQkÙL»x6΃`B ¨ìˆùîÉe¾ðnÕϵúœ ¼ìªKA RJ¡Üïƒ :+ØÙ„Ò ":‡+†«} 3 p¬O s°Ÿ-s„8ý¨‹iåŸhÌ× ¤D õ’ 4ÃÆD»› Û ssh-rsa B^W€ª¢Ì|œÁ oOòXX‰6Ì~îH\¯ ˜UaCZ;‡xèÜ;]¢2äz—ð:{Æ‚YèxÏÅÊzvá

õ"lŽh$ ;bp

8°d½†4‰x11#oµ·Õï!l œuõ]þVl¦¨nÙ$?Ù©r dr}/°ž3¼½è ¡L ¸mƒÔ^ºTFTÿŠŠ¡ $w<#Õ

:BGÁÿö „L™o'p1†äŸS¬g ?ŠPäœÉ‚„ pÈôaA6€äÍI oôÑ h§Ð[››W¬Oy Å–!øY -†¨Èª ëÙýP•Çî²] ²8¹ å~ e‡\ c¨[Î7‚ï¶Xnsî)ó ã›Èü G'$ÁG·Pbxhc

JS->NACL: {"name":"onRead","arguments":[100,"AAAChA8fAAABFwAAAAdzc2gtcnNhAAAAAwEAAQAAAQEAqitlmZBFRNAj0z6VqMgymZB1a5n38g4HDTVStz5GpirNzPLcqnhQYr8+KPIvQIvFJa1WfJs7SN6m/nBwnSzA6WjtIIX/+dKmFRh+IFOb7lTdLWwSQEeu6LeFPu1gnHYeLGR1+TTWrchN+sKSo/be59l6RJiGHWuAhCHlDstjJtxLPhg9AAFJfMRuLjGHdq3aya6ztadeTzve/9Xm7Ex+koBc96o2b0oq6aJutlppjG30bybTRYjSUcnQ6Sb2oNrq5NehjPWtG7heIdSQhsDB8aUmNOWikC6PLIXW/UsSUWvZTLt4Ns4IgwJgQqCo7Ij57sllvvBu1c+1+pyQvOyqSwAAAEEEUh5KodzvgxMOOivY2YTSgSI6hyuGq32QMwFwrE8FHw9zsJ8tc4Q4/aiLaeWfaMzXFKREFCD1khg0w8ZEu5uB2wAAAQ8AAAAHc3NoLXJzYQAAAQBCXleAqqLMfJzBEW8MTx7yWFiJNsx+7khcrxaYVWFDWjuHeOgC3DtdFaIy5HqX8Dp7xoJZ6HjPxcp6duEN9SJsjmgkFDticAo4sGS9hjSJeDExI2+1t9XvIWx/nHX1Xf5WbKaobtkkP9mpcg4AZHJ9L7CeFTO8vegLoUwBuG2D1F66VEZU/4qKoRgkdx48I9UKOkJHwf/2FoRMmW8ncDGG5J9TrGeQP4pQ5JzJgoSQcMj0YUE2gOTNSQRv9NEYAWin0Fubm1esT3kXxZYh+FkDLYaoyKof69n9UJXH7rJdHxoEsji5j+V+EWWHXH8BY6hbzjeC77ZYbnPuKfOd4wibyPwPnUcnJMFHt1BieGhj"]}

NACL->JS: write: 2,[object ArrayBuffer]

2 USER> Warning: Permanently added '[100.115.92.2]:5000' (RSA) to the list of known hosts.

JS->NACL: {"name":"onWriteAcknowledge","arguments":[2,1578]}

RECEIVING >  

-6²Ç´yÇ´¨

JS->NACL: {"name":"onRead","arguments":[100,"AAAADAoVDi02sse0ece0qA=="]}

NACL->JS: write: 100,[object ArrayBuffer]

SENDING Packet 3 > 

NACL->JS: write: 100,[object ArrayBuffer]

SENDING Packet 3 > Îþ çL³X€hಚÈýÍšÌÚ¤D ýHZ*' Dù æïõG ÈU˹ĉ EyÜŽ(žàYj‹<@D´ûçMz

RECEIVING >  ø÷ îR-” ýs×KTŠ‰ë®GƬ›å4 ÏÝ M»Hrk‡+ h OñØd »U&‡yõpüÆBòµ”Fê*¾HÍÒhÓÛ gö/ P–QAÁ*¸³

JS->NACL: {"name":"onRead","arguments":[100,"+PeP7lItlJ39c9dLVIqJ665Hxqyb5RU0Bs/dAU27SHJrhysOaA5P8dhkIJC7VSaHefVw/MZC8rWURuoqvkjN0mjT2wNn9i8EUJZRQcEquLM="]}

NACL->JS: write: 100,[object ArrayBuffer]

SENDING Packet 5 > © pìðoX4íì?5 ¯%@@ö s®­ ¡Èh uàù mÿ¿ÚÍ"\{öLXe$I¶oÀ ÈSá$>ÑÑéöì € ѱý9mÑÞFk£T Æ1

RECEIVING >  Udœ4 ÖU

ÐÛ·µ$ãª Ì Ðßk ­ ·ÄTœDíÐÚg˜

Qœ–vëD‰5ÒlXB›ŠÞf ô.ÐXÝ·{| 3 0ÉÕ^­ x%_€YÑ35Õï ¼So`Xˆ bj

JS->NACL: {"name":"onRead","arguments":[100,"VWScNBbWD1UN0Nu3tSTjqhTMFtDfax0frRe3xFScRO3Q2meYDVGclnbrRIk10mxYQpuK3mYcDvQu0IxYFd23e3wDMwMwydWFXq2QeCVfBYBZ0TM11e8OvFNvYFiIGGJq"]}

NACL->JS: write: 100,[object ArrayBuffer]

SENDING Packet 6 > 4ƒÄ´ðn’ „l ŸËšº·Ó'í¨.gg*sÜUÖ-¿þ:ï# áI?´Ž[C91% †ªuL'Z^õ¾m â'WH€ NÒ Ï9`­ ’÷ øôÃøDp¹ŠóOXÛ 4 zm äX·?¨?ôªzb’ù ±ç#

RECEIVING >  Ù 1ÞE†^‡ Y 3ª N ¥‘M9f½ BÌ¢ ¼

‘%®ßNµøEÒΚEó¢îÚ SFRrO*p' vÔ|ÆsrŽn±m7vÂÇ)vH ðÊf øÅ ƒY bη³n¹¸pS §ªP¬%ð&ÍfB ¿O Ël§ ` —Jn9Öž

JS->NACL: {"name":"onRead","arguments":[100,"2QccMd5Fhl6HjVkHM6oWThylkU2FOWa9j0LMohu8BBoKkSWu3061+EXSAs6aRfOi7toeE1NGUnIVTypwJxN21HzGcwJyjm6xbTd2wscpdkig8MpmAfjFA4NZF2LOt7NuubhwUyCnqlCsJfAmzWZCgb9PGctspxQPYBSXSm451p4="]}

NACL->JS: openFile: 101,/dev/tty,2

JS->NACL: {"name":"onOpenFile","arguments":[101,true,true]}

NACL->JS: close: 101

JS->NACL: {"name":"onClose","arguments":[101]}

NACL->JS: openFile: 101,/dev/tty,2

JS->NACL: {"name":"onOpenFile","arguments":[101,true,true]}

NACL->JS: write: 101,[object ArrayBuffer]

USER> Password:

JS->NACL: {"name":"onWriteAcknowledge","arguments":[101,1860]}

NACL->JS: read: 101,1

JS->NACL: {"name":"onRead","arguments":[101,"dGVzdAo="]}

NACL->JS: close: 101

JS->NACL: {"name":"onClose","arguments":[101]}

NACL->JS: write: 100,[object ArrayBuffer]

SENDING Packet 7 > ñWåY€1‚y^ Š2eµh\V%ì`7¼N¡Òû 6ÛôÑK=¦[ Íìý† Ð#(ÿ<;"ƒg±õ´‰é­°÷>Ÿ|¤? ÝG â¯ÙgÜI·cPÔd¬ÖÞ Å—îåS Ý ê¸ OG

RECEIVING >  *ò ˆî¶ó;{¸ MH78J(ÉEKSؘ‹Ex9 a’¢Ša}ñæy.ø%ê5Ç Ÿƒ¤ë×óN—øe"W ,ˆóÔ

JS->NACL: {"name":"onRead","arguments":[100,"KvIQiO628zuMe7gYTUg3OEooyUVLU9iYi0V4ORthkqKKYX3x5nku+CXqNccYnwiDpOvX806X+GUSIleNLIjz1A=="]}

NACL->JS: write: 100,[object ArrayBuffer]

SENDING Packet 8 > ï]AAYbw¢2˜/É€ Ì Ad)ÍG‰_½P5W“ôO'†ªö 7QeÆý ´' È«ê Z1 Õ•CÁ‹#í»wÒvPÒX2¸Fz1ÂÆ^š

RECEIVING >  UŠÆ sSô

¿ ‹Âa4ô¬ÌÍWÅ‚5A&”°T„© e†

òkcm= Ð ‰::§[

–¸P†—›¨œLì€å žìX_݆ABŸfhšò

JS->NACL: {"name":"onRead","arguments":[100,"VYrGgXNT9BoKvweLwmE09KyMzM1XxYKMNUEmlLBUhKkBZYYN8oVrY209HdAHgaCJOjqnWwqWuFCGl5uonEzsgOUBCZ7sWF/dhkFCn2ZomvI="]}

NACL->JS: write: 100,[object ArrayBuffer]

SENDING Packet 9 > ʽy(:»íB†'àvzÜ/vÄ°b—;Û½·73 ¨:®öúÚv)2 èá¦.öo3¢ÕÛ¢âùºŠÌj‘&€ Ûx®¶ÇË@(;m,£í O È ¥ÎÓ¹jJà—LOðhF±ÛŽä«!@žj–¹}3]ê

ý€ÔHiöoæë#hno‘žûT3ò¿c‚QM©$b§®ú± ;)™¤â ô¡o£²#Çwæ,5¥Ã¤Ñb1ìåÒQ@BFYVëCJÚ• f ®—C§ 4“ò¸à ëc›à¯×g Ç æ”\|Ÿ£X4š¼õ ùKfÙ^Yàþ " 3!à)zNæI] ÀEe‹T½ÜzûÌ,¦K"ÉZ#M ¶Ÿ ‹‡’ckêÈ?¡S " ðùœ# ¯ ê}­'—‚b*æt~ºíÕ¼kÏAS’É5vÄ[`2/¶¶0Û9uûÛ@Ql/ªùqe zìNf ¶s!ÍÙ?¢Û?;1[ø­ HÆÔ bO¥vp Øü êf‹ÞñÔ•G(ÝçÐ 2­Î¦' 5~Òù¾˜#N-)-v

RECEIVING >  ‘ fbsá–eU uâεB @–Äü´ž\ä7€køã> Ãg ˜ ¡¯ - f¸/ ÷ÈuÙÞ]§Ï‡>

nL5ð

JS->NACL: {"name":"onRead","arguments":[100,"kRNmYnPhlmVVE3XizrVCBgxAlsT8tJ5c5DeAa/jjPhfDZxGYA6GvBAQtF2a4LyAQ98gCddneXafPhz4Kbkw18A=="]}

RECEIVING >  Áþ%¹Y,áPöðÑ(8-pN÷Ô¬ñFX£Ò

—ð&ŽjʘÛû,C3IÊ¿¢.„ î1NK ¤˜EÉU

JS->NACL: {"name":"onRead","arguments":[100,"wf4SJblZCCzhhVD28NEoOIwtGnASTvfUrPFGWKPSCpfwJo5qypjb+yxDM0nKv6IuhJ0d7jFOSxABpJhFD8mMVQ=="]}

RECEIVING >  a}Æ© iCíÙÈ1Š·¢ ÙĆ)YÜq@(Ûþg¢P 3kQ¨ÙŸç(¹Ã œVòYö6ШÝÝÚ^ŠQ±i.ûÏ ¾ÓÜŽåÔzÃbrA=Xä

JS->NACL: {"name":"onRead","arguments":[100,"YX3GqQ5pQ+3ZyDGKt6IZGdnEhilZ3HFAKNv+Z6IeUBczFWtRqNmf5yi5wwacVvJZ9jbQqN3d2l6KUbFpLvvPHwi+09yO5dR6w2JyQT0aWOQ="]}

NACL->JS: write: 1,[object ArrayBuffer]

1 USER> cave_cheets:/ $

JS->NACL: {"name":"onWriteAcknowledge","arguments":[1,2452]}

[TJ Molnar]

Just to clarify, I'm trying to create a local ssh tunnel and I keep getting: 

debug1: Local connections to 0.0.0.0:6000 forwarded to remote address 100.115.92.2:5000

debug3: channel_setup_fwd_listener_tcpip: type 2 wildcard 0 addr 0.0.0.0

listen: Permission denied

listen [0.0.0.0]:6000: Permission denied

Would I be correct to assume that even with the jsSocket flag, the plugin is still trying to create the tunnel itself? And so this goes back to the "nacl private network permissions" issue?

Furthermore, I'm also trying to get authentication through keys to work and even when I add the files via the webkitRequestFileSystem api I still end with:

debug1: Next authentication method: publickey

debug1: Trying private key: /keys/MYKEY

debug2: Load key "/keys/MYKEY": No such file or directory

debug2: we did not send a packet, disable method

I have the filesystem permission, but could this still be a permission issue?

[Mike Frysinger]

data transferred via /dev/std{in,out,err} (i.e. fd [0,1,2]) is not encrypted.  that is raw data after ssh has decrypted everything.  that's the content that is normally displayed in hterm.

data sent via the sockets (e.g. fd 100) will be encrypted as it's ssh communicating with the remote side.  you shouldn't try to parse that, just send it directly to/from the remote server.  this is what happens when you set jsSocket=true.  you don't need "nacl private network permissions" access for this.

filesystem emulation is a bit picky.  you should put everything under /.ssh/.  you might get weird errno values like EINVAL when you'd expect ENOENT.

-mike

--

You received this message because you are subscribed to the Google Groups "chromium-hterm" group.

To view this discussion on the web visit https://groups.google.com/a/chromium.org/d/msgid/chromium-hterm/4ba75019-fc5f-40ba-8cc8-7998e2be8872%40chromium.org.

[TJ Molnar]

• Filesystem
• I'll keep trying different variations and go back to the source, but I placed everything in /.ssh/ and it's still being picky. Let me know if you think of any other weird requirements you've run into when developing.

Write completed. /.ssh/MyKey

Write completed. /.ssh/MyKey.pub

 

debug2: Load key "/keys/MyKey": No such file or directory

debug1: Trying private key: /.ssh/MyKey

debug2: Load key "/.ssh/MyKey": No such file or directory

debug2: we did not send a packet, disable method

debug1: No more authentication methods to try.

someServer: Permission denied (publickey).

• SSH Tunnels
• As far as using something like -L0.0.0.0:6000:127.0.0.1:80 with jsSockets=true it still looks like the plugin is trying to open socket from the plugin world opposed to handing it off to the JS world. That's why I was wondering if I needed to modify something else to get the plugin to pass it to the JS world. So something like an "openSocket" request for a tcp-sever, and then I was planning to pass that to chrome.sockets.tcpServer.  

Authentication succeeded (keyboard-interactive).

Authenticated to 100.69.49.93 ([UNKNOWN]:-1).

debug1: Local connections to 0.0.0.0:6000 forwarded to remote address 100.115.92.2:5000

debug3: channel_setup_fwd_listener_tcpip: type 2 wildcard 0 addr 0.0.0.0

debug1: Local forwarding listening on 0.0.0.0 port 6000.

listen: Permission denied

listen [0.0.0.0]:6000: Permission denied

channel_setup_fwd_listener_tcpip: cannot listen to port: 6000

[Mike Frysinger]

all the logic we have on the JS side is in nassh.getFileSystem.  off the top of my head, we don't do anything else here.  "fileSystem" permission is only about chrome.fileSystem which is for navigating the real filesystem which isn't what this code is doing.  you could try adding "unlimitedStorage" to see if it makes a diff.

wrt -L/-R and such, that might actually go through the nacl codepaths still to create the local ports listening.  i thought you were asking about the general ssh connection, not port forwarding.  honestly i haven't looked at these particular code paths before.

-mike

--
You received this message because you are subscribed to the Google Groups "chromium-hterm" group.

To view this discussion on the web visit https://groups.google.com/a/chromium.org/d/msgid/chromium-hterm/cd4e26a6-9277-4492-9fda-6034def58274%40chromium.org.

[TJ Molnar]

Update. 

• Executing Commands SOLVED
• I wasn't sending a \n with my commands. I assumed the plugin appended that, so I thought it wasn't giving me the STDOUT. 
• Filesystem SOLVED
• I was requesting window.TEMPORARY instead of window.PERSISTENT. Hindsight is always 20/20.
• SSH Tunnels TODO
• I've confirmed that the plugin world is trying to open the local ports for the tunnel. I know the only solution, with the current security requirements, is a patch to ssh_client to extend jsSockets functionality to include -L/-R.  I haven't gone in depth yet, but do you have any suggestions for a good starting place? Do you think modeling it after openSocket would be a good idea?

[TJ Molnar]

For getting ssh_client to talk to use jsSockets for -L/-R tunnels. I've been tracing the calls and it appears as though when jsSockets is true EVERYTHING is being passed to...

void JsSocket::Connect(int32_t result, const char* host, uint16_t port) {

  FileSystem* sys = FileSystem::GetFileSystem();

  Mutex::Lock lock(sys->mutex());

  out_->OpenSocket(fd_, host, port, this);

}

But it is still actually going towards tcp_server_socket.cc. I know the path from OpenSSH is OpenSSH -> syscalls.cc  -> file_system.cc -> js_files.cc. Is there a section of code that I'm missing?

[TJ Molnar]

Are there any old docs for the tcp_socket_private? I've read the docs for tcp_socket, and I've seen the sources for both.

[Mike Frysinger]

you mean for the ppapi? I've just referred to the source whenever I need something. the nacl SDK includes the headers as well as the source code, so you can usually dive deeper if you want.

tbh, I often just recursively grep its tree.

btw, can you attach your work with the js socket code?

-mike

On Thu, Apr 4, 2019, 01:11 TJ Molnar <tj....@gmail.com> wrote:

Are there any old docs for the tcp_socket_private? I've read the docs for tcp_socket, and I've seen the sources for both.

--
You received this message because you are subscribed to the Google Groups "chromium-hterm" group.

To view this discussion on the web visit https://groups.google.com/a/chromium.org/d/msgid/chromium-hterm/99787ef1-2a9c-478a-b90b-b193d79ee6d5%40chromium.org.