Issue 59 in shellinabox: Shellinabox added to Arch Linux AUR

[shell...@googlecode.com]

Status: New
Owner: ----
Labels: Type-Defect Priority-Medium

New issue 59 by cptl.org: Shellinabox added to Arch Linux AUR
http://code.google.com/p/shellinabox/issues/detail?id=59

http://aur.archlinux.org/packages.php?ID=34829

--
You received this message because you are listed in the owner
or CC fields of this issue, or because you starred this issue.
You may adjust your issue notification preferences at:
http://code.google.com/hosting/settings

[shell...@googlecode.com]

Comment #1 on issue 59 by christer.edwards: Shellinabox added to Arch Linux
AUR
http://code.google.com/p/shellinabox/issues/detail?id=59

I am unable to get this to work in Arch unless I run using '-t
--localhost-only'. The
default settings give me an SSL error, and service unavailable.

[shell...@googlecode.com]

Comment #2 on issue 59 by christer.edwards: Shellinabox added to Arch Linux
AUR
http://code.google.com/p/shellinabox/issues/detail?id=59

If I manually create the certificate.pem it works.

[shell...@googlecode.com]

Comment #3 on issue 59 by michal.bobko: Shellinabox added to Arch Linux AUR
http://code.google.com/p/shellinabox/issues/detail?id=59

Can you please tell me how did you generate certificate.pem? I generated it
as well
via openssl but it still doesn't work... Thank you

[shell...@googlecode.com]

Comment #4 on issue 59 by jose1711: Shellinabox added to Arch Linux AUR
http://code.google.com/p/shellinabox/issues/detail?id=59

i created certificate.pam using

openssl req -new -x509 -keyout certificate.pem -out certificate.pem -days
365 -nodes; chmod 600 certificate.pem

but it does not work. any idea? jose

ps: arch linux here too.

[shell...@googlecode.com]

Updates:
Status: WontFix

Comment #5 on issue 59 by zod...@gmail.com: Shellinabox added to Arch Linux
AUR
http://code.google.com/p/shellinabox/issues/detail?id=59

I am unfamiliar with Arch, and this sounds a little bit like a problem that
is specific to the Arch distribution. So, there'll only be very limited
help that I can provide.

Normally, ShellInABox is supposed to automatically generate any missing SSL
certificates. You can run it with the --debug command line option to see a
message when it tries to generate the missing certificate.

For example, if you invoked the daemon as "shellinaboxd --debug", you
should see a message that says

Received SNI callback for virtual host "localhost" from "localhost:4200"
Auto-generating missing certificate "certificate-localhost.pem"
for "localhost"

This would happen the first time you connect to the server over SSL.

For the time being, I marked this issue as "WontFix", as it doesn't sound
as if there is anything I can do about it. It appears as if this is a
configuration issue in Arch Linux. But should this turn out to be a problem
with ShellInABox itself, feel free to change the status.

[shell...@googlecode.com]

Comment #6 on issue 59 by jose1711: Shellinabox added to Arch Linux AUR
http://code.google.com/p/shellinabox/issues/detail?id=59

thank you for your explaining post. i admit this can be (and probably is)
arch's problem but i've no idea what to do in order to fix this. as you
suggested i tried with --debug flag. this is the output:

[root@darkstar ~]# shellinaboxd --debug
Command line: shellinaboxd --debug
Listening on port 4200
Substituting "nobody's" primary group for "nogroup"
Substituting "nobody's" primary group for "nogroup"
Auto-generating missing certificate "certificate.pem" for "darkstar"
Failed to generate self-signed certificate "certificate.pem"
Cannot read valid certificate from "certificate.pem". Check file
permissions and file format.

this is the respective part from strace:

write(2, "Auto-generating missing certific"..., 68) = 68
write(2, "\n", 1) = 1
rt_sigaction(SIGINT, {SIG_IGN, [], 0}, {SIG_DFL, [], 0}, 8) = 0
rt_sigaction(SIGQUIT, {SIG_IGN, [], 0}, {SIG_IGN, [], 0}, 8) = 0
rt_sigprocmask(SIG_BLOCK, [CHLD], [], 8) = 0
clone(child_stack=0, flags=CLONE_PARENT_SETTID|SIGCHLD,
parent_tidptr=0xbf80a934) = 12745
waitpid(12745, [{WIFEXITED(s) && WEXITSTATUS(s) == 1}], 0) = 12745
rt_sigaction(SIGINT, {SIG_DFL, [], 0}, NULL, 8) = 0
rt_sigaction(SIGQUIT, {SIG_IGN, [], 0}, NULL, 8) = 0
rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0
--- SIGCHLD (Child exited) @ 0 (0) ---
write(2, "Failed to generate self-signed c"..., 60) = 60

could you please shed some light on what's going on in the above code?
thank you very much for your time and patience,

joe

[shell...@googlecode.com]

Comment #7 on issue 59 by zod...@gmail.com: Shellinabox added to Arch Linux
AUR
http://code.google.com/p/shellinabox/issues/detail?id=59

The idea of looking at "strace" output is definitely good. But I think,
you'll have to give it the "-f" option, if you want to make any sense of
what's going on. We really care why the child process is failing with an
exit status of "1".

[shell...@googlecode.com]

Comment #8 on issue 59 by jose1711: Shellinabox added to Arch Linux AUR
http://code.google.com/p/shellinabox/issues/detail?id=59

hopefully this will be helpful: http://archlinux.pastebin.com/k9wUyrpx

[shell...@googlecode.com]

Comment #9 on issue 59 by zod...@gmail.com: Shellinabox added to Arch Linux
AUR
http://code.google.com/p/shellinabox/issues/detail?id=59

It appears that the daemon is run with the current directory pointing
to "/root", but the user and group ids are 99 (no idea what that is
on "arch", maybe nobody or maybe a dedicated user for shellinabox).

This user doesn't have access to the "/root" directory. You can fix that by
either starting shellinaboxd from a different directory, or my creating a
suitable directory for the certificates and providing the "--cert" command
line option. The latter is probably the better approach.

[shell...@googlecode.com]

Comment #10 on issue 59 by jose1711: Shellinabox added to Arch Linux AUR
http://code.google.com/p/shellinabox/issues/detail?id=59

oh great, this definitely got us further. i can now see that the
certificate is generated (certificate-localhost.pem). for some reason i get
the following error in the browser: Error 113
(net::ERR_SSL_VERSION_OR_CIPHER_MISMATCH): Unknown error.

[shell...@googlecode.com]

Comment #11 on issue 59 by sjkeerthi: Shellinabox added to Arch Linux AUR
http://code.google.com/p/shellinabox/issues/detail?id=59

The problem is this certificates generate with SSL 2.0 version even I tried
by enabling this on browser it doesn't work well

[shell...@googlecode.com]

Comment #12 on issue 59 by zod...@gmail.com: Shellinabox added to Arch
Linux AUR
http://code.google.com/p/shellinabox/issues/detail?id=59

ShellInABox generates certificates with this command line:

openssl req -x509 -nodes -days 7300 -newkey rsa:1024 -keyout /dev/stdout
-out /dev/stdout -subj "/CN=${DOMAIN}/"

I believe, for a lot of parameters OpenSSL looks into the
global "openssl.cnf" file. Maybe, this file defaults to a different set of
parameters than what is commonly used by other OpenSSL installations?

[shell...@googlecode.com]

Comment #13 on issue 59 by sjkeerthi: Shellinabox added to Arch Linux AUR
http://code.google.com/p/shellinabox/issues/detail?id=59

Still no clue for the certification error pasted below.

Error 113 (net::ERR_SSL_VERSION_OR_CIPHER_MISMATCH): Unknown error.

Auto-generating missing certificate "certificate.pem" for "keet"
Accepted connection from localhost:52325
Handling "GET" "/"
Compressed response from 4883 to 2099
localhost - - [21/Sep/2010:18:29:44 +0530] "GET / HTTP/1.1" 200 2192
Accepted connection from localhost:52326
Switching to SSL (replaying 0+99 bytes)
Closing connection to localhost:52326
Accepted connection from localhost:52327
Switching to SSL (replaying 0+99 bytes)
Closing connection to localhost:52327

[shell...@googlecode.com]

Comment #14 on issue 59 by sjkeerthi: Shellinabox added to Arch Linux AUR
http://code.google.com/p/shellinabox/issues/detail?id=59

Finale after a long research I could able to success with https. Just
follow the below instruction you could up shellinabox with https

# openssl genrsa -des3 -out server.key 1024
# openssl req -new -key server.key -out server.csr
# cp server.key server.key.org
# openssl rsa -in server.key.org -out server.key
# openssl x509 -req -days 365 -in server.csr -signkey server.key -out
server.crt
# cat server.crt server.key > certificate.pem
# shellinabox

Then open the browser https://localhost:4200

Thanks,
Keerthi

[shell...@googlecode.com]

Comment #15 on issue 59 by sjkeerthi: Shellinabox added to Arch Linux AUR
http://code.google.com/p/shellinabox/issues/detail?id=59

Finely after a long research I could able to success with https. Just
follow the below instruction you could up shellinabox with https.

The self sign could help us to solve the issue of

(Error 113 (net::ERR_SSL_VERSION_OR_CIPHER_MISMATCH): Unknown error.)

[shell...@googlecode.com]

Comment #16 on issue 59 by jose1711: Shellinabox added to Arch Linux AUR
http://code.google.com/p/shellinabox/issues/detail?id=59

thank you, it works!

[shell...@googlecode.com]

Comment #17 on issue 59 by nik.tettehlartey: Shellinabox added to Arch
Linux AUR
http://code.google.com/p/shellinabox/issues/detail?id=59

I confirm this now works for secure http
Thanks everyone.

[shell...@googlecode.com]

Comment #18 on issue 59 by totaliza...@gmail.com: Shellinabox added to Arch
Linux AUR
http://code.google.com/p/shellinabox/issues/detail?id=59

Can it be fixed? I got "Segmentation fault" but it works when I generate
certificate.pem as stated above.

[shell...@googlecode.com]

Comment #19 on issue 59 by m...@0x01b.net: Shellinabox added to Arch Linux
AUR
http://code.google.com/p/shellinabox/issues/detail?id=59

Attached is the arch openssl.cnf. Can you post the default for your
distribution?

When I do an "openssl x509 -text" for the certificate that codeinabox
generates vs the instructions in comment 15, the difference is that the
codeinabox cert says version 3 and the comment15 one says version 1. The
version3 cert also has a block for x509 extensions...

Attachments:
openssl.cnf 10.6 KB

[shell...@googlecode.com]

Comment #20 on issue 59 by tomtasche: Shellinabox added to Arch Linux AUR
http://code.google.com/p/shellinabox/issues/detail?id=59

This seems to happen on distributions other than Arch too. I'm running
Ubuntu Server 11.10 and I'm facing the exact same problem.

[shell...@googlecode.com]

Comment #21 on issue 59 by Jayschwa: Shellinabox added to Arch Linux AUR
http://code.google.com/p/shellinabox/issues/detail?id=59

https://github.com/jayschwa/shellinabox/commit/28ff61e1c6b622c565ff7d1b5fbeba306e937598

I have made an update that seems to resolve the
ERR_SSL_VERSION_OR_CIPHER_MISMATCH issue for me.

[shell...@googlecode.com]

Comment #22 on issue 59 by TruSktr: Shellinabox added to Arch Linux AUR
http://code.google.com/p/shellinabox/issues/detail?id=59

It'd be nice if this was fixed. I don't know much about ssl yet in order to
make custom solutions like above.

--
You received this message because this project is configured to send all
issue notifications to this address.
You may adjust your notification preferences at:
https://code.google.com/hosting/settings

[shell...@googlecode.com]

Comment #23 on issue 59 by TruSktr: Shellinabox added to Arch Linux AUR
http://code.google.com/p/shellinabox/issues/detail?id=59

cd /tmp, then shellinabox works perfect!

[shell...@googlecode.com]

Comment #24 on issue 59 by andym...@gmail.com: Shellinabox added to Arch
Linux AUR
http://code.google.com/p/shellinabox/issues/detail?id=59

plus 1 Keerthi's answer