TurrisOS 3.9.4 is out!

prezes_kk · February 1, 2018, 1:54pm

New error from syslog (Turris OS 3.9.4)

2018-02-01 08:00:10 NIKOLA (v42) Exception traceback: [('/usr/bin/nikola', 181, '<module>', 'server = WrappedServer(server_address, ssl_context=ssl_context)'), ('/usr/lib/python2.7/site-packages/nikola/rpc_wrapper.py', 30, '__init__', 'self.serial = binascii.hexlify(serial if serial else atsha204.get_serial())')]
2018-02-01 08:00:10 NIKOLA (v42) Exception thrown: failed to initialize crypto library

cynerd · February 2, 2018, 8:14am

@prezes_kk my tip is that this is on Turris 1.x where are sometimes known problems with i2c and that wat with access to atsha. Reboot or potentially unpower router for few moments to reset hardware state of i2c bus. If this is Turris Omnia then please fill support request or create issue in Nikola project on our gitlab.

prezes_kk · February 2, 2018, 8:29am

This is Turris Omnia (from Indiegogo - buyed 30.10.2016 r) with gpio pins sn. 47244647648

Radovan_Haban · February 2, 2018, 8:54am

After upgrade to Turris OS 3.9.4, Haas doesn’t work and my System Log is full of following errors

2018-02-02T01:12:49+01:00 info twisted: [SSHService ssh-connection on SSHServerTransport,1396,5.188.87.49] got channel direct-tcpip request
2018-02-02T01:12:49+01:00 alert twisted: [SSHService ssh-connection on SSHServerTransport,1396,5.188.87.49] channel open failed
2018-02-02T01:12:49+01:00 alert twisted: [SSHService ssh-connection on SSHServerTransport,1396,5.188.87.49] Traceback (most recent call last):
2018-02-02T01:12:49+01:00 alert twisted: [SSHService ssh-connection on SSHServerTransport,1396,5.188.87.49] Failure: twisted.conch.error.ConchError: (3, ‘unknown channel’)2018-02-02T01:12:49+01:00 info twisted: [SSHService ssh-connection on SSHServerTransport,1396,5.188.87.49] got channel direct-tcpip request
2018-02-02T01:12:49+01:00 alert twisted: [SSHService ssh-connection on SSHServerTransport,1396,5.188.87.49] channel open failed
2018-02-02T01:12:49+01:00 alert twisted: [SSHService ssh-connection on SSHServerTransport,1396,5.188.87.49] Traceback (most recent call last):
2018-02-02T01:12:49+01:00 alert twisted: [SSHService ssh-connection on SSHServerTransport,1396,5.188.87.49] Failure: twisted.conch.error.ConchError: (3, ‘unknown channel’)2018-02-02T01:12:49+01:00 info twisted: [SSHService ssh-connection on SSHServerTransport,1396,5.188.87.49] got channel direct-tcpip request
2018-02-02T01:12:49+01:00 alert twisted: [SSHService ssh-connection on

Pepe · February 2, 2018, 9:37am

Hello,
In this case it wasn’t needed to write to haas@nic.cz, but hopefully they responded to you yesterday.

@dbonnes, @Radovan_Haban:

2018-01-31T22:10:39+00:00 info twisted: [SSHService ssh-connection on SSHServerTransport,1179,5.188.87.53] got channel direct-tcpip request
2018-01-31T22:10:39+00:00 alert twisted: [SSHService ssh-connection on SSHServerTransport,1179,5.188.87.53] Failure: twisted.conch.error.ConchError: (3, ‘unknown channel’)

This is known and developers of HaaS are not sure, if they should enable it on honeypot.
See it here.

Regarding issues, why honeypot doesn’t work since 30th January. We apologize for that and we’re working on fix. It requires further lenghty investigation and now as temporary workaround should be enough delete line 29, where is procd_set_param user nobody in file /etc/init.d/haas-proxy and don’t forget to restart HaaS.

I tested this yesterday and for me it works. Related commit is here. Please write us feedback if it works for you.

Jirka · February 2, 2018, 11:19am

Maybe it is same root cause as HaaS je funkční. I noticed some script (related to turris 1.x, on Omnia need to be aproved to participate on project) gets enabled in one of previous updates 3.9.x I believe. I think nikola is in the same category of “features”.

Its just blind unexperienced guess, but I know devs try to merge Turis 1.x and Omnia branches together, and that symptoms makes me feel as some of Non-participated Omnia’s gets something by mistake.

Perry · February 2, 2018, 1:01pm

Line 29 deleted. Today, HAAS started working! For the first time since old Honeypot. By the way 24 sessions. Thank you.

Edit: Now even with a command and it counts.

quietsche · February 2, 2018, 1:11pm

Running since several days/weeks.
Keys are correct, syslog shows login tries with twisted

Testing login:

 ~ $ ssh leethaxx0r@$myip
leethaxx0r@$myip's password:
Permission denied, please try again.
Permission denied, please try again.
leethaxx0r@haas-app.nic.cz: Permission denied (password,publickey,keyboard-interactive).
Connection to $myip closed.

(funny there is a nic.cz-url )

and crowded log with twisted:

$ sudo grep twisted /var/log/syslog | grep kukuzi |grep "service ssh-userauth" | sort |cut -d"," -f 3-| uniq | wc -l
396

Pepe · February 2, 2018, 1:30pm

Hi,
please, can you try to delete line 29 in file /etc/init.d/haas-proxy, what I said above?
If it doesn’t work, please tell me and I’ll look into it with HaaS developers.

About showing haas-app.nic.cz:
HaaS or any other services are primarily aimed for botnets. The real person, who is trying to hack can recognize only with one command, if it is a real device/system or not.
Currently we have other things to do than changing a hostname. Maybe later we’ll change it, but right now there’s no plan to do it.

quietsche · February 2, 2018, 3:18pm

Running as root now, but a botnet catching service as an elevated user? Can’t help myself, but this is odd…

Working now,see stats at haas site.

dbonnes · February 2, 2018, 5:22pm

Finally (for the first time ever), HaaS is working for me. Note that in my case, it was insufficient to just restart haas-proxy, I had to reboot the router.

DIKKEHENK · February 2, 2018, 7:01pm

hmm, forgive this nOOb, but can i conclude that it might be better to turn off all honeypots, and wait till this is fixed in a proper way? My syslog is suddenly filled with all sorts of strange attempts. Login into haas shows nothing here. and no clue how to edit a config.

best, Dikke.

DIKKEHENK · February 3, 2018, 1:50pm

Ok, with some help from a linux guru i managed to ‘‘edit’’ the token, and not remove rule 29. Haas works !
Would be nice to have some sort of how-to-do-this-step-by-step for those not familiar with the terminal, or is that blaspheme ?

best, Dikke.

vcunat · February 3, 2018, 1:54pm

I assume future updates should solve these.

DIKKEHENK · February 3, 2018, 2:00pm

Well, untill now the team solved ( for me ) always the trouble… But the token thing in the config is a nasty one for nOObs like me. My suggestion would be a simple open field in foris so you can copy paste it from haas into the Turris? Or is that to easy?

best, Dikke.

DIKKEHENK · February 3, 2018, 3:16pm

i have 1 attempt on haas, while the syslog is giving the same error ( loads ) as you described in the 3.9.5 RC thread. ( Failure: twisted.conch.error.ConchError: (3, ‘unknown channel’) ) I removed all extra FW rules so everything is factory standard.

DIKKEHENK · February 3, 2018, 3:41pm

well, the interesting thing here is that since i put in the correct token, line 29 is not present in the haas proxy? Anyway, i’m not qualified enough to understand all this

freshdax · February 4, 2018, 5:57am

It works, see the addresses and username with password. No commands yet, but seems to work.
Do we need to undo this change after updating to 3.9.5? I backed up the haas-proxy file

Pepe · February 5, 2018, 10:20am

No, you don’t need to do anything, because file haas-proxy in folder /etc/init.d will be overwritten by updater.