You are not logged in.

#1 2016-03-09 22:23:55

remi.passmoilesel
Member
Registered: 2016-03-09
Posts: 4

SSH and obfsproxy

Hello everyboy !

I am working on obfuscated SSH connexion but connexion fail.

I tested SSH connexion without obfuscating and it works well on port 22. It works well on 443 too. I tried to pass obfuscated HTTP and it work well: trafic is transformed at source and re-transformed at destination.

But with SSH, I managed to connect one time only, but since connexion is refused. Message is:

ssh_exchange_identification: Connection closed by remote host

Server side commands:

$ sudo obfsproxy --log-min-severity=info --log-file=/tmp/obfs-log obfs3 --dest=127.0.0.1:22 server 0.0.0.0:443

Client side commands:

$ obfsproxy --log-min-severity=info obfs3 socks 127.0.0.1:4321

$ ssh -v -o "ProxyCommand /bin/nc.openbsd -x 127.0.0.1:4321 %h %p" -p 443 user@server.net 
                                                         
OpenSSH_6.9p1, OpenSSL 1.0.2d 9 Jul 2015
debug1: Reading configuration data /etc/ssh/ssh_config
debug1: /etc/ssh/ssh_config line 19: Applying options for *
debug1: Executing proxy command: exec /bin/nc.openbsd -x 127.0.0.1:4321 server.net 443
debug1: permanently_drop_suid: 1000
debug1: key_load_public: No such file or directory
debug1: identity file /home/user/.ssh/id_rsa type -1
debug1: key_load_public: No such file or directory
debug1: identity file /home/user/.ssh/id_rsa-cert type -1
debug1: key_load_public: No such file or directory
debug1: identity file /home/user/.ssh/id_dsa type -1
debug1: key_load_public: No such file or directory
debug1: identity file /home/user/.ssh/id_dsa-cert type -1
debug1: key_load_public: No such file or directory
debug1: identity file /home/user/.ssh/id_ecdsa type -1
debug1: key_load_public: No such file or directory
debug1: identity file /home/user/.ssh/id_ecdsa-cert type -1
debug1: key_load_public: No such file or directory
debug1: identity file /home/user/.ssh/id_ed25519 type -1
debug1: key_load_public: No such file or directory
debug1: identity file /home/user/.ssh/id_ed25519-cert type -1
debug1: Enabling compatibility mode for protocol 2.0
debug1: Local version string SSH-2.0-OpenSSH_6.9p1
ssh_exchange_identification: Connection closed by remote host

Anyone know what's happend ? Thanks for all !

P.S: I tried to delete keys on both sides, nothing happened.

Offline

#2 2016-03-14 14:45:37

sbmomeni
Member
Registered: 2013-07-26
Posts: 29

Re: SSH and obfsproxy

Hello and welcome to forums!

Try adding -o PubkeyAuthentication=no option to the client ssh command to disable testing public keys totally and use the password authentication directly.

Offline

#3 2016-03-17 13:35:43

remi.passmoilesel
Member
Registered: 2016-03-09
Posts: 4

Re: SSH and obfsproxy

Thanks sbmomeni !
I will try this and reply after.

Offline

#4 2016-03-27 09:19:40

remi.passmoilesel
Member
Registered: 2016-03-09
Posts: 4

Re: SSH and obfsproxy

Hello !
I tried this, it doesn't work. I tried several combinations of arguments and nothing more happened.

$ ssh -v -o PubkeyAuthentication=no -o "ProxyCommand /bin/nc.openbsd -x 127.0.0.1:9999 %h %p" -p 443 user@server         [11:13:57]

OpenSSH_6.9p1 -20.1, OpenSSL 1.0.2d 9 Jul 2015
debug1: Reading configuration data /etc/ssh/ssh_config
debug1: /etc/ssh/ssh_config line 19: Applying options for *
debug1: Executing proxy command: exec /bin/nc.openbsd -x 127.0.0.1:9999 192.168.0.50 443
debug1: permanently_drop_suid: 1000
debug1: key_load_public: No such file or directory
debug1: identity file /home/user/.ssh/id_rsa type -1
debug1: key_load_public: No such file or directory
debug1: identity file /home/user/.ssh/id_rsa-cert type -1
debug1: key_load_public: No such file or directory
debug1: identity file /home/user/.ssh/id_dsa type -1
debug1: key_load_public: No such file or directory
debug1: identity file /home/user/.ssh/id_dsa-cert type -1
debug1: key_load_public: No such file or directory
debug1: identity file /home/user/.ssh/id_ecdsa type -1
debug1: key_load_public: No such file or directory
debug1: identity file /home/user/.ssh/id_ecdsa-cert type -1
debug1: key_load_public: No such file or directory
debug1: identity file /home/user/.ssh/id_ed25519 type -1
debug1: key_load_public: No such file or directory
debug1: identity file /home/user/.ssh/id_ed25519-cert type -1
debug1: Enabling compatibility mode for protocol 2.0
debug1: Local version string SSH-2.0-OpenSSH_6.9p1 -20.1
ssh_exchange_identification: Connection closed by remote host

Offline

#5 2016-03-31 08:04:51

sbmomeni
Member
Registered: 2013-07-26
Posts: 29

Re: SSH and obfsproxy

The initial warnings about non-existing key files are normal (ssh checks them although it is not going to use them).

remi.passmoilesel wrote:
debug1: key_load_public: No such file or directory
debug1: identity file /home/user/.ssh/id_rsa type -1
debug1: key_load_public: No such file or directory
debug1: identity file /home/user/.ssh/id_rsa-cert type -1
debug1: key_load_public: No such file or directory
debug1: identity file /home/user/.ssh/id_dsa type -1
debug1: key_load_public: No such file or directory
debug1: identity file /home/user/.ssh/id_dsa-cert type -1
debug1: key_load_public: No such file or directory
debug1: identity file /home/user/.ssh/id_ecdsa type -1
debug1: key_load_public: No such file or directory
debug1: identity file /home/user/.ssh/id_ecdsa-cert type -1
debug1: key_load_public: No such file or directory
debug1: identity file /home/user/.ssh/id_ed25519 type -1
debug1: key_load_public: No such file or directory
debug1: identity file /home/user/.ssh/id_ed25519-cert type -1
debug1: Enabling compatibility mode for protocol 2.0
debug1: Local version string SSH-2.0-OpenSSH_6.9p1 -20.1
ssh_exchange_identification: Connection closed by remote host

The only wrong part is the last part after printing the Local version which should print the Remote protocol version instead.
So the problem should be from the network part. To be sure, test it by running both the client and the server obfsproxy commands on your localhost (so the ssh traffic passes unobfuscated over the network).

obfsproxy --log-min-severity=info --log-file=/tmp/obfs-log-server obfs3 --dest=PUBLIC-IP-OF-THE-SSH-SERVER:22 server 0.0.0.0:1235 &
obfsproxy --log-min-severity=info --log-file=/tmp/obfs-log-client obfs3 socks 127.0.0.1:1236 &
ssh -v -o PubkeyAuthentication=no -o "ProxyCommand /bin/nc -x 127.0.0.1:1236 %h %p" -p 1235 user@127.0.0.1

I used nc instead of nc.openbsd in the above command (nc is the correct name on unmodified/default ArchLinux).

Offline

#6 2016-03-31 08:53:25

remi.passmoilesel
Member
Registered: 2016-03-09
Posts: 4

Re: SSH and obfsproxy

Hellooooooo sbmomeni !

Thanks for your reply, I tried your commands on localhost and it works. I tried yout commands on my local network (192.168......) and it works ! I will try soon outside and reply after.

So I'm confused. Does it mean that I have to specify only the public IP adress (not fixed for me) in the obfs server command ? Or the local network adress will do the work ? And why 127.0.0.1:22 (the original adress I used on the server) is different from 192.168.0.XX:22 ?

Offline

#7 2016-03-31 10:10:49

sbmomeni
Member
Registered: 2013-07-26
Posts: 29

Re: SSH and obfsproxy

remi.passmoilesel wrote:

So I'm confused. Does it mean that I have to specify only the public IP adress (not fixed for me) in the obfs server command ? Or the local network adress will do the work ? And why 127.0.0.1:22 (the original adress I used on the server) is different from 192.168.0.XX:22 ?

Any (public or private) server IP address which is reachable from your client should work.
In the sample obfsproxy server command, I used --dest=PUBLIC-IP-OF-THE-SSH-SERVER:22 server 0.0.0.0:1235 option because it was executed on the client computer. Of course, when you run it on the server itself, the --dest=127.0.0.1:22 server 0.0.0.0:1235 will be enough.

On the server computer:

obfsproxy --log-min-severity=info --log-file=/tmp/obfs-log-server obfs3 --dest=127.0.0.1:22 server 0.0.0.0:1235 &
ss -nlpt # it should show ssh process listening on *:22 and obfsproxy listening on *:1235

On the client computer:

obfsproxy --log-min-severity=info --log-file=/tmp/obfs-log-client obfs3 socks 127.0.0.1:1236 &
ssh -v -o PubkeyAuthentication=no -o "ProxyCommand /bin/nc -x 127.0.0.1:1236 %h %p" -p 1235 user@PUBLIC-IP-OF-THE-SSH-SERVER

If it fails, you can check the following items:
1. The obfsproxy programs on the client and the server computers have the same version,
2. Above commands work with nc used as the client and the server (instead of ssh),

#server
obfsproxy --log-min-severity=info --log-file=/tmp/obfs-log-server obfs3 --dest=127.0.0.1:1239 server 0.0.0.0:1235 &
nc -l -p 1239 # this terminal should show whatever you type in the client nc

#client
obfsproxy --log-min-severity=info --log-file=/tmp/obfs-log-client obfs3 socks 127.0.0.1:1236 &
nc -x 127.0.0.1:1236 PUBLIC-IP-OF-SERVER 1235 # whatever you type here should be shown by the server nc

3. Check logs of the ssh server (systemctl status sshd) to see whether it sees the client request.

Offline

Board footer

Powered by FluxBB