EldoS | Feel safer!

Software components for data protection, secure storage and transfer

SSH to Password Manager Pro

Also by EldoS: RawDisk
Access locked and protected files in Windows, read and write disks and partitions and more.
#16017
Posted: 03/08/2011 15:45:15
by Brett Beattie (Standard support level)
Joined: 03/08/2011
Posts: 25

Hi,
I am trying to create an integrated SSH connection to Password Manager Pro (PMP) to retrieve passwords for my app. I thought the SSHBlackBox would do it, however I am having trouble.
I can connect and authenticate fine to the server, however when sending a command the SSH client appears to error out before receiving the response. The PMP SSH server is set to process the command, send a response, and then immediately disconnect. The disconnection seems to cause an error before the response is handled.
The process does work in Putty client and with plink.exe.

I have tried with both the Simple SSHClient sample app and the sophisticated SSH Client sample app (ElSimpleSSHClient and SSHClient).
I have tried using .Command and .Commands before calling .Open. I have also tried .SendText() and .SendData. I have tried client.ReceiveData() and client.ReceiveText(), both synchronous and asynchronous.

The error usually comes back to "Wrong socket state 0 in CanReceive (error code is 96258)"

If I just call .ReceiveData / .ReceiveText without checking CanReceive I get no data returned. The client then returns .Active=false.

I am running SecureBlackbox - version 8.1.192 - Released December 10, 2010, for .NET. I am running the trial while I await the arrival of a licence.

Is there a way I can have it process the response before handling the close?

A trial of PMP can be downloaded from (http://www.manageengine.com/products/passwordmanagerpro/download.html) if you want to test it out.

Thanks
#16018
Posted: 03/08/2011 17:03:51
by Ken Ivanov (EldoS Corp.)

Thank you for contacting us.

1) Could you please check if higher level TElSimpleSSHClient.ExecuteCommand() method does the job for you?

2) If it doesn't, could you please paste the entire PLINK command line as you are invoking it (please replace all the sensitive information, such as host names, user names or passwords, with dummy strings).
#16019
Posted: 03/08/2011 17:39:56
by Brett Beattie (Standard support level)
Joined: 03/08/2011
Posts: 25

Hi,
Thanks for the quick reply.

I tried that ExecuteCommand (sorry - did not see it earlier), but same result.
I changed the client.Open() code in the sample app to :

Code
try
{
                        string cmd = "RETRIEVE --resource=ResX --account=DomX\\UserX --reason=\"tester\"";
                        byte[] errdat = new byte[1024];
                        byte[] resb = client.ExecuteCommand(cmd, ref errdat);

                        string res = System.Text.Encoding.UTF8.GetString(resb, 0, resb.Length);

                        Log("Result = " + res, false);
                        
               }
               catch (Exception e)
               {
                  Log("Connection failed due to exception: " + e.Message, true);


The process jumps straight to the exception with the wrong socket state error.

The screen shot from the run is in the attachment.

The plink command line is:

D:\>plink.exe -2 -P 5522 UserX@pmpserver.domx -i UserXprivateKey.ppk RETRIEVE --resource=resX --account=DomX\userX --reason="tester"

*note the PMP SSH server handles the command itself

Thanks


#16020
Posted: 03/09/2011 08:47:51
by Vsevolod Ievgiienko (EldoS Corp.)

Hello.

The reason of the problem is that PMP server closes connection right after a command execution and TElSimpleSSHClient fails to read data from a closed socket. We are working on a fix that will allow to handle this situation.
#16023
Posted: 03/09/2011 11:15:53
by Eugene Mayevski (EldoS Corp.)

ok ... SendData/SendText works if you properly handle the response.

Unfortunately SimpleSSHDemo doesn't show the right way to do this. The correct code would be (in pseudocode):

Code
void DoReceive()
{
  try
  {
    client.ReceiveData();
  }
  catch
  {}
}

void timer1Timer()
{
  try
  {
    if (!client.Active)
      DoReceive();
    else
    while (client.Active && client.CanReceive(0))
      DoReceive();

    if (!Client.Active)
      timer1.Enabled = false;
  }
  catch
  {}
}


Note that the server can close connection at any moment and your code should be aware of this.

As for Command/Commands property - the server doesn't follow the standard - it doesn't notify about SSH channel being opened and instead reports just command execution success. All of this happens within Open() method.

This is the first time we encounter this problem and, what is worse, there's no easy way to solve it. So if you can go with SendData/SendText and the above code snippet, we'll better leave it as is.
#16025
Posted: 03/09/2011 12:07:22
by Eugene Mayevski (EldoS Corp.)

BTW ExecuteCommand is a shortcut to Command property and Open/Send.../Receive.../Close, so it won't work in your case.


Sincerely yours
Eugene Mayevski
#16029
Posted: 03/09/2011 15:48:45
by Brett Beattie (Standard support level)
Joined: 03/08/2011
Posts: 25

Ok, I put that solution to the test. It is similar to what I had tried already. I get no results from the ReceiveData - only an empty buffer / empty string.

I tried a few variations such as always doing ReceiveData first, checking CanReceive first.
(If it makes any difference my workstation is Windows XP.)

Thanks for your efforts.
#16030
Posted: 03/09/2011 15:58:51
by Brett Beattie (Standard support level)
Joined: 03/08/2011
Posts: 25

Is there a chance the delay caused by the use of the trial key is an issue for me?
#16032
Posted: 03/10/2011 00:22:16
by Eugene Mayevski (EldoS Corp.)

Yeah, looks like that bug of the server doesn't let us pick the response right as well.

Ok, we'll have to add a workaround for this server, then.
#16035
Posted: 03/10/2011 16:03:32
by Brett Beattie (Standard support level)
Joined: 03/08/2011
Posts: 25

Thanks, I'm looking forward to it.
In the mean time I have had to resort to spawning a process and executing the plink command and capturing the stdout - which makes me feel dirty!
I'll be putting the 'proper' solution in place when you guys have your workaround done!
Also by EldoS: RawDisk
Access locked and protected files in Windows, read and write disks and partitions and more.

Reply

Statistics

Topic viewed 5121 times

Number of guests: 1, registered members: 0, in total hidden: 0




|

Back to top

As of July 15, 2016 EldoS Corporation will operate as a division of /n software inc. For more information, please read the announcement.

Got it!