OpenSSH from different path

ashik · May 9, 2023, 5:10am

Hi,

This is regarding openSSH integration.

In the router which i am using, we dont have /user/local/bin. so i put in a already existing folder and mentioned that path in /etc/ssh/sshd_config. say /x/y/bin

But the netconf doesn’t seem to get connected.

I could connect netconf with 2022 and it works.
But if i disabled ssh in confd.conf, restart confd and sshd and trying to connect with port 22. But that’s not working. I have also enabled USE_IPC = yes

I would like to have netconf connected with ssh port mentioned in sshd_config.

Any suggestions on this would be of great help

ashik · May 10, 2023, 5:49am

debug1: channel 0: new [server-session]
debug1: session_new: session 0
debug1: session_open: channel 0
debug1: session_open: session 0: link with channel 0
debug1: server_input_channel_open: confirm session
debug1: Received SSH2_MSG_UNIMPLEMENTED for 5
debug1: server_input_channel_req: channel 0 request subsystem reply 1
debug1: session_by_channel: session 0 channel 0
debug1: session_input_channel_req: session 0 req subsystem
debug1: subsystem: exec() /config/netconf-subsys
Starting session: subsystem ‘netconf’ for Admin from 172.30.23.62 port 62172 id 0
debug1: Received SIGCHLD.
debug1: session_by_pid: pid 6132
debug1: session_exit_message: session 0 channel 0 pid 6132
debug1: session_exit_message: release channel 0
debug1: session_by_channel: session 0 channel 0
debug1: session_close_by_channel: channel 0 child 0
Close session: user Admin from 172.30.23.62 port 62172 id 0
debug1: channel 0: free: server-session, nchannels 1
Received disconnect from 172.30.23.62 port 62172:11:
Disconnected from user Admin 172.30.23.62 port 62172
debug1: do_cleanup
debug1: do_cleanup
debug1: PAM: cleanup
debug1: PAM: closing session
debug1: PAM: deleting credentials

Please let me know if am missing something here

cohult · May 10, 2023, 2:49pm

Hi,

You seem to follow the ConfD UG chapter “NETCONF Transport Protocols” section “Using OpenSSH”. Have you compiled the $CONFD_DIR/src/confd/netconf/netconf-subsys.c program for the system you are running that program on? I.e. using the $CONFD_DIR/src/confd/netconf/Makefile and make clean all?

ashik · May 11, 2023, 6:14am

Hi Cohult,

It was compiled for the system only. But it fails to exec netconf-sybsys with below error.

#./netconf-subsys
No SSH_CONNECTION environment variable found

Regards,
Ash

cohult · May 11, 2023, 9:06am

Hi Ash,
Seems like an OpenSSH issue then. The SSH_CONNECTION variable is set by OpenSSH and used by, for example, the netconf_subsys program to determine client IP address etc.

From the ssh(1) man page:

SSH_CONNECTION
Identifies the client and server ends of the connection. The variable contains four space-separated values: client IP address, client port number, server IP address, and server port number.

cohult · May 12, 2023, 6:01am

Note that you are not supposed to run the netconf-subsys program from your command line. The OpenSSH daemon will run the netconf-subsys program after you configure it to do so. From the ConfD UG under “Using OpenSSH” that I referred to earlier:

. To use OpenSSH, compile the netconf-subsys program, and put the executable in e.g. /usr/local/bin. Then add the following line to the ssh daemon’s config file, sshd_config:
Subsystem netconf /usr/local/bin/netconf-subsys