Register Guidelines E-Books Search Today's Posts Mark Forums Read

Go Back   MobileRead Forums > E-Book Readers > Amazon Kindle > Kindle Developer's Corner

Notices

Reply
 
Thread Tools Search this Thread
Old 02-18-2012, 03:54 AM   #61
sjheiss
Connoisseur
sjheiss began at the beginning.
 
Posts: 58
Karma: 26
Join Date: Dec 2011
Device: K3G, KF2
What I meant with Telnet, was that when I entered "cd /mnt" it would work, but if I tried, say, "cd /mnt/us" it would complain that no such file or directory existed.

Now that I try it again, I get this:

Code:
[root@kindle /mnt]# ls
base-mmc  base-us   mmc       rwfs      us
[root@kindle /mnt]# cd /us
-sh: cd: can't cd to /us
Before it said that the directory /us/ doesn't exist, now it just says it can't cd to it.

I should just give up on Linux, for the 5th or so time. Every time I try to use it theres always some unsolvable error or problem that prevents me from doing anything I want to do. All distros are so broken, slow, incomplete, and user-unfriendly, even if you know what you're doing.

Last edited by sjheiss; 02-18-2012 at 04:16 AM.
sjheiss is offline   Reply With Quote
Old 02-18-2012, 05:08 AM   #62
ixtab
(offline)
ixtab ought to be getting tired of karma fortunes by now.ixtab ought to be getting tired of karma fortunes by now.ixtab ought to be getting tired of karma fortunes by now.ixtab ought to be getting tired of karma fortunes by now.ixtab ought to be getting tired of karma fortunes by now.ixtab ought to be getting tired of karma fortunes by now.ixtab ought to be getting tired of karma fortunes by now.ixtab ought to be getting tired of karma fortunes by now.ixtab ought to be getting tired of karma fortunes by now.ixtab ought to be getting tired of karma fortunes by now.ixtab ought to be getting tired of karma fortunes by now.
 
ixtab's Avatar
 
Posts: 2,903
Karma: 6677485
Join Date: Dec 2011
Device: K3, K4, K5, KPW, KPW2
No, it's not Linux being broken, it's you not understanding it.

There is no directory "/us". There is a directory "/mnt/us". If you are inside "/mnt", "cd us" will get you into that directory. "cd /mnt/us" will get you into that directory whereever you currently are. "cd mnt/us" will get you into that directory if you are currently in "/".

It's all very logical, but it requires a little bit of learning and understanding. If you're not up to that task, then the developer's forum might be the wrong place.

I'm sorry if you are offended by this (I realize that I'm stating things quite bluntly), but the purpose of this forum is not to help newbies find their way around. Of course we try to help each other in gaining new insights, but at least a minimum of effort is also expected from your side.

This forum is mostly about the internals of the Kindle, that's why it's called the "developer's forum". Before poking around with the internals of a Linux system (which the Kindle is), you are at least expected to understand the basics of the system.
ixtab is offline   Reply With Quote
Old 02-18-2012, 09:07 AM   #63
knc1
Embedded Cheerleader
knc1 ought to be getting tired of karma fortunes by now.knc1 ought to be getting tired of karma fortunes by now.knc1 ought to be getting tired of karma fortunes by now.knc1 ought to be getting tired of karma fortunes by now.knc1 ought to be getting tired of karma fortunes by now.knc1 ought to be getting tired of karma fortunes by now.knc1 ought to be getting tired of karma fortunes by now.knc1 ought to be getting tired of karma fortunes by now.knc1 ought to be getting tired of karma fortunes by now.knc1 ought to be getting tired of karma fortunes by now.knc1 ought to be getting tired of karma fortunes by now.
 
knc1's Avatar
 
Posts: 6,502
Karma: 5840130
Join Date: Feb 2012
Device: Too many.
Quote:
Originally Posted by sjheiss View Post
What I meant with Telnet, was that when I entered "cd /mnt" it would work, but if I tried, say, "cd /mnt/us" it would complain that no such file or directory existed.

Now that I try it again, I get this:

Code:
[root@kindle /mnt]# ls
base-mmc  base-us   mmc       rwfs      us
[root@kindle /mnt]# cd /us
-sh: cd: can't cd to /us
Before it said that the directory /us/ doesn't exist, now it just says it can't cd to it.
Some general feedback first, then a more specific answer -

There are many good Linux Newbie sites on the net, one of them being:
http://www.linuxquestions.org/questions/

One thing to keep in mind when reading those sites, is that when dealing with a "Linux Powered Device" you are then dealing with something called: "Embedded Linux".

You will not find many web sites for "Embedded Linux Newbies" - embedded Linux isn't a newbie subject, not hardly.

Now the basics behind your posted confusion, this may help you past your current frustration point:

Linux uses a "Single Rooted" file system tree, rooted at the highest level directory seperator "/".
Operating systems based on Unix all have this sort of file system tree, not just Linux and Mac OSx.

Some other common operating systems use "Multiple Rooted" file system trees.
Those systems have a file system tree rooted at each storage device.
On those systems, a fully specified path includes the device name (that file system's root) as in C:, D:, E:, etc.

Likewise, on a single rooted system, a fully specified path includes the file system's root. In Linux, that file system root is written: / the same as a path seperator character.

So any time you enter a path that includes the root of the file system, the path is considered by the system as "absolute".

Any time you do not include the root of the file system in the path entered, the path is considered by the system as "relative to current location in the tree".

Where you are currently in the file system tree in a *nix system can be found with the:
pwd

The cd command works a bit differently between *nix systems and some other common systems.
In *nix, cd without any arguments changes the current directory to the "home" directory of the current user.
In some other common systems, cd without any arguments displays your current working directory.

This difference can get a user who isn't familar with the *nix behavior lost in the file tree in a hurry.

Now you should be able to navigate either type of file system if you know how to navigate in one of them.

Last edited by knc1; 02-18-2012 at 10:30 AM. Reason: corrections
knc1 is offline   Reply With Quote
Old 02-18-2012, 02:08 PM   #64
sjheiss
Connoisseur
sjheiss began at the beginning.
 
Posts: 58
Karma: 26
Join Date: Dec 2011
Device: K3G, KF2
Thank you for the explanation knc1. Sometimes I can get Telnet to work, but sometimes it just wants to give me errors all the time.

But, I had to uninstall Ubuntu since I couldn't boot into it anymore. Upon boot it said some partitions/drives were not ready or not responding, and to sip with S, except it had yet to load the drivers for my keyboard, so I couldn't press S.

So far I've tried Linux Mint and Ubuntu, and both wouldn't boot. Mint installed fine, but after 30 minutes, would freeze when I tried to boot into it. Now I'm thinking CentOS, for stability (hopefully more stability than I've experienced). Any suggestions for which distro to use would be appreciated.

Obviously if I'm going to learn to program for my Kindle than it'd be better to have a Linux OS on my computer; if only one would work!

I'm trying my best to learn how to use (embedded) Linux, since mobile devices have always been more alluring to me than desktops and laptops.

Last edited by sjheiss; 02-18-2012 at 02:30 PM.
sjheiss is offline   Reply With Quote
Old 02-18-2012, 11:29 PM   #65
sjheiss
Connoisseur
sjheiss began at the beginning.
 
Posts: 58
Karma: 26
Join Date: Dec 2011
Device: K3G, KF2
Does anyone know why WinSCP would say "host is not communicating for more than 15 seconds" and take over 1 minute to connect to my Kindle, for no [offensive word deleted - MODERATOR] reason?

Last edited by Dr. Drib; 05-11-2012 at 07:30 AM.
sjheiss is offline   Reply With Quote
Old 02-18-2012, 11:57 PM   #66
idoit
Plus
idoit ought to be getting tired of karma fortunes by now.idoit ought to be getting tired of karma fortunes by now.idoit ought to be getting tired of karma fortunes by now.idoit ought to be getting tired of karma fortunes by now.idoit ought to be getting tired of karma fortunes by now.idoit ought to be getting tired of karma fortunes by now.idoit ought to be getting tired of karma fortunes by now.idoit ought to be getting tired of karma fortunes by now.idoit ought to be getting tired of karma fortunes by now.idoit ought to be getting tired of karma fortunes by now.idoit ought to be getting tired of karma fortunes by now.
 
idoit's Avatar
 
Posts: 365
Karma: 262144
Join Date: Jan 2012
Location: Tehran, Iran - Halifax, Canada
Device: iPhone 5s
Quote:
Originally Posted by sjheiss View Post
Does anyone know why WinSCP would say "host is not communicating for more than 15 seconds" and take over 1 minute to connect to my Kindle, for no [offensive word deleted - MODERATOR] reason?
If you are connecting via WiFi, your Kindle might have gone to sleep mode. In case of Kindle Touch, when it goes to sleep mode, the WiFi is disabled, therefore disconnected.

PLUS: calm down dude!

Last edited by Dr. Drib; 05-11-2012 at 07:30 AM.
idoit is offline   Reply With Quote
Old 02-19-2012, 12:11 AM   #67
sjheiss
Connoisseur
sjheiss began at the beginning.
 
Posts: 58
Karma: 26
Join Date: Dec 2011
Device: K3G, KF2
Quote:
Originally Posted by cscat View Post
If you are connecting via WiFi, your Kindle might have gone to sleep mode. In case of Kindle Touch, when it goes to sleep mode, the WiFi is disabled, therefore disconnected.

PLUS: calm down dude!
No, it's over USB, not wifi. I forgot to mention, that telnet connects instantly, although every once in a while it will lose the connection.

Sorry, all these problems and issues with getting stuff to work is frustrating me. :P I'm calm now.
sjheiss is offline   Reply With Quote
Old 02-19-2012, 12:32 PM   #68
knc1
Embedded Cheerleader
knc1 ought to be getting tired of karma fortunes by now.knc1 ought to be getting tired of karma fortunes by now.knc1 ought to be getting tired of karma fortunes by now.knc1 ought to be getting tired of karma fortunes by now.knc1 ought to be getting tired of karma fortunes by now.knc1 ought to be getting tired of karma fortunes by now.knc1 ought to be getting tired of karma fortunes by now.knc1 ought to be getting tired of karma fortunes by now.knc1 ought to be getting tired of karma fortunes by now.knc1 ought to be getting tired of karma fortunes by now.knc1 ought to be getting tired of karma fortunes by now.
 
knc1's Avatar
 
Posts: 6,502
Karma: 5840130
Join Date: Feb 2012
Device: Too many.
Quote:
Originally Posted by sjheiss View Post
Thank you for the explanation knc1. Sometimes I can get Telnet to work, but sometimes it just wants to give me errors all the time.

But, I had to uninstall Ubuntu since I couldn't boot into it anymore. Upon boot it said some partitions/drives were not ready or not responding, and to sip with S, except it had yet to load the drivers for my keyboard, so I couldn't press S.

So far I've tried Linux Mint and Ubuntu, and both wouldn't boot. Mint installed fine, but after 30 minutes, would freeze when I tried to boot into it. Now I'm thinking CentOS, for stability (hopefully more stability than I've experienced). Any suggestions for which distro to use would be appreciated.

Obviously if I'm going to learn to program for my Kindle than it'd be better to have a Linux OS on my computer; if only one would work!

I'm trying my best to learn how to use (embedded) Linux, since mobile devices have always been more alluring to me than desktops and laptops.
There seems to be a common thread in all of that, "hardware trouble" -
A failing disk drive would account for all that you mention above.

Rather than try to install a Linux distribution to this machine, why not run from a LiveCD or LiveDVD?
Those run in RAM (some support a persistent file), either boot from plastic or USB.
Since these releases run in RAM, they usually need at least 500Mbyte installed on your machine.
But, if something screws up - just power cycle the machine and start over.

There are hundreds of those things on the net to choose from, a good starter one is:
http://knopper.net/knoppix-mirrors/index-en.html

Edit:
Some of the links on that page are really out of date copies, if in the US, try this one:
http://ftp.linux.kiev.ua/pub/Linux/Knoppix/current/

Or any of the other links that have a "current/*.6.7.1.*" in their file tree.

You can fit the small (CD) version on a 4Gbyte usb stick with 3Gbyte of user filespace;
You can fit the large (DVD) version on a 8Gbyte usb stick with 3Gbyte of user filespace;
If your machine can't boot from USB (check your bios settings), then there is a "boot only" CD image that will let you use your cd drive to boot the system installed on USB stick.

That should elimenate any possible harddrive problems for the troubleshooting.

Now, the "connection refused" message -
Usually means that sshd (the server side) isn't running on the Kindle.

Try (dash double v):
ssh -vv where-ever
And post enough of the taling lines so we can see where it is failing at in the connection process.

Last edited by knc1; 02-19-2012 at 12:42 PM.
knc1 is offline   Reply With Quote
Old 02-21-2012, 01:21 PM   #69
geekmaster
Всё гениальное просто.
geekmaster ought to be getting tired of karma fortunes by now.geekmaster ought to be getting tired of karma fortunes by now.geekmaster ought to be getting tired of karma fortunes by now.geekmaster ought to be getting tired of karma fortunes by now.geekmaster ought to be getting tired of karma fortunes by now.geekmaster ought to be getting tired of karma fortunes by now.geekmaster ought to be getting tired of karma fortunes by now.geekmaster ought to be getting tired of karma fortunes by now.geekmaster ought to be getting tired of karma fortunes by now.geekmaster ought to be getting tired of karma fortunes by now.geekmaster ought to be getting tired of karma fortunes by now.
 
geekmaster's Avatar
 
Posts: 5,069
Karma: 6789001
Join Date: Nov 2011
Location: Щедрость не имеет пределов.
Device: *.*
Quote:
Originally Posted by sjheiss View Post
No, it's over USB, not wifi. I forgot to mention, that telnet connects instantly, although every once in a while it will lose the connection.

Sorry, all these problems and issues with getting stuff to work is frustrating me. :P I'm calm now.
Yes, SSH over USB can be incredibly slow to connect on the DX and DXG as well as the K3. I usually just telnet in to save time. It was explained to me by another developer that this may be due to the version of openssl being used here requiring more CPU power than is available on these devices. SSL authentication requires a lot of CPU power by DESIGN, to make brute-forcing of SSL keys take a long time even with very fast computers. As I understand this, some versions of openssl for embedded systems use weaker security so that small devices can connect more quickly. Perhaps SSH connections can be made faster by using a faster openssl library in a static-linked dropbear package.

Last edited by geekmaster; 02-21-2012 at 01:23 PM.
geekmaster is offline   Reply With Quote
Old 02-21-2012, 01:49 PM   #70
sjheiss
Connoisseur
sjheiss began at the beginning.
 
Posts: 58
Karma: 26
Join Date: Dec 2011
Device: K3G, KF2
Well, it's working fine again now, so I won't worry about it (for now).
sjheiss is offline   Reply With Quote
Old 02-21-2012, 03:42 PM   #71
knc1
Embedded Cheerleader
knc1 ought to be getting tired of karma fortunes by now.knc1 ought to be getting tired of karma fortunes by now.knc1 ought to be getting tired of karma fortunes by now.knc1 ought to be getting tired of karma fortunes by now.knc1 ought to be getting tired of karma fortunes by now.knc1 ought to be getting tired of karma fortunes by now.knc1 ought to be getting tired of karma fortunes by now.knc1 ought to be getting tired of karma fortunes by now.knc1 ought to be getting tired of karma fortunes by now.knc1 ought to be getting tired of karma fortunes by now.knc1 ought to be getting tired of karma fortunes by now.
 
knc1's Avatar
 
Posts: 6,502
Karma: 5840130
Join Date: Feb 2012
Device: Too many.
Quote:
Originally Posted by geekmaster View Post
Yes, SSH over USB can be incredibly slow to connect on the DX and DXG as well as the K3. I usually just telnet in to save time.
- - snip - -
It was explained to me by another developer that this may be due to the version of openssl being used here requiring more CPU power than is available on these devices.
Close to most likely reason.

Subject came up this past week on the OpenSSL mailing list (again).

The most likely cause in these small, inactive, embedded devices is getting enough bytes out of /dev/random. Those bytes are needed while generating per-session keys, meaning the connection will not complete (whole process will stall) until /dev/random fills back up.
That can take a long time on an embedded device under Linux without other events happening.

Now if any reader here running into this "slow to connect" problem would just post the output of ssh -vv what-ever, we could see where the connection process is stalling.

Without the info from people having the problem we can only speculate.
knc1 is offline   Reply With Quote
Old 02-21-2012, 06:11 PM   #72
sjheiss
Connoisseur
sjheiss began at the beginning.
 
Posts: 58
Karma: 26
Join Date: Dec 2011
Device: K3G, KF2
Quote:
Originally Posted by knc1 View Post
Close to most likely reason.

Subject came up this past week on the OpenSSL mailing list (again).

The most likely cause in these small, inactive, embedded devices is getting enough bytes out of /dev/random. Those bytes are needed while generating per-session keys, meaning the connection will not complete (whole process will stall) until /dev/random fills back up.
That can take a long time on an embedded device under Linux without other events happening.

Now if any reader here running into this "slow to connect" problem would just post the output of ssh -vv what-ever, we could see where the connection process is stalling.

Without the info from people having the problem we can only speculate.
It was working fine for awhile, but now it's back to taking a long time to connect, if ever connecting, so I'll try that now that I have a working Linux distro available to me.

EDIT: OK, Here is my log:

Code:
[root@Sean-Fedora sean]# ssh -vv 192.168.2.2
OpenSSH_5.8p1, OpenSSL 1.0.0g-fips 18 Jan 2012
debug1: Reading configuration data /etc/ssh/ssh_config
debug1: Applying options for *
debug2: ssh_connect: needpriv 0
debug1: Connecting to 192.168.2.2 [192.168.2.2] port 22.
debug1: Connection established.
debug1: permanently_set_uid: 0/0
debug1: SELinux support enabled
debug1: identity file /root/.ssh/id_rsa type -1
debug1: identity file /root/.ssh/id_rsa-cert type -1
debug1: identity file /root/.ssh/id_dsa type -1
debug1: identity file /root/.ssh/id_dsa-cert type -1
debug1: Remote protocol version 2.0, remote software version dropbear_0.53.1
debug1: no match: dropbear_0.53.1
debug1: Enabling compatibility mode for protocol 2.0
debug1: Local version string SSH-2.0-OpenSSH_5.8
debug2: fd 3 setting O_NONBLOCK
debug1: SSH2_MSG_KEXINIT sent
debug1: SSH2_MSG_KEXINIT received
debug2: kex_parse_kexinit: diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1
debug2: kex_parse_kexinit: ssh-rsa-cert-v01@openssh.com,ssh-dss-cert-v01@openssh.com,ssh-rsa-cert-v00@openssh.com,ssh-dss-cert-v00@openssh.com,ssh-rsa,ssh-dss
debug2: kex_parse_kexinit: aes128-ctr,aes192-ctr,aes256-ctr,arcfour256,arcfour128,aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,aes192-cbc,aes256-cbc,arcfour,rijndael-cbc@lysator.liu.se
debug2: kex_parse_kexinit: aes128-ctr,aes192-ctr,aes256-ctr,arcfour256,arcfour128,aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,aes192-cbc,aes256-cbc,arcfour,rijndael-cbc@lysator.liu.se
debug2: kex_parse_kexinit: hmac-md5,hmac-sha1,umac-64@openssh.com,hmac-ripemd160,hmac-ripemd160@openssh.com,hmac-sha1-96,hmac-md5-96
debug2: kex_parse_kexinit: hmac-md5,hmac-sha1,umac-64@openssh.com,hmac-ripemd160,hmac-ripemd160@openssh.com,hmac-sha1-96,hmac-md5-96
debug2: kex_parse_kexinit: none,zlib@openssh.com,zlib
debug2: kex_parse_kexinit: none,zlib@openssh.com,zlib
debug2: kex_parse_kexinit: 
debug2: kex_parse_kexinit: 
debug2: kex_parse_kexinit: first_kex_follows 0 
debug2: kex_parse_kexinit: reserved 0 
debug2: kex_parse_kexinit: diffie-hellman-group1-sha1,diffie-hellman-group14-sha1
debug2: kex_parse_kexinit: ssh-rsa,ssh-dss
debug2: kex_parse_kexinit: aes128-ctr,3des-ctr,aes256-ctr,aes128-cbc,3des-cbc,aes256-cbc,twofish256-cbc,twofish-cbc,twofish128-cbc
debug2: kex_parse_kexinit: aes128-ctr,3des-ctr,aes256-ctr,aes128-cbc,3des-cbc,aes256-cbc,twofish256-cbc,twofish-cbc,twofish128-cbc
debug2: kex_parse_kexinit: hmac-sha1-96,hmac-sha1,hmac-md5
debug2: kex_parse_kexinit: hmac-sha1-96,hmac-sha1,hmac-md5
debug2: kex_parse_kexinit: zlib,zlib@openssh.com,none
debug2: kex_parse_kexinit: zlib,zlib@openssh.com,none
debug2: kex_parse_kexinit: 
debug2: kex_parse_kexinit: 
debug2: kex_parse_kexinit: first_kex_follows 0 
debug2: kex_parse_kexinit: reserved 0 
debug2: mac_setup: found hmac-md5
debug1: kex: server->client aes128-ctr hmac-md5 none
debug2: mac_setup: found hmac-md5
debug1: kex: client->server aes128-ctr hmac-md5 none
debug2: dh_gen_key: priv key bits set: 138/256
debug2: bits set: 965/2048
debug1: sending SSH2_MSG_KEXDH_INIT
debug1: expecting SSH2_MSG_KEXDH_REPLY
debug1: Server host key: RSA 4e:30:f8:bf:3e:92:b6:ad:18:21:b3:47:95:9e:02:30
The authenticity of host '192.168.2.2 (192.168.2.2)' can't be established.
RSA key fingerprint is 4e:30:f8:bf:3e:92:b6:ad:18:21:b3:47:95:9e:02:30.
Are you sure you want to continue connecting (yes/no)? yes

Warning: Permanently added '192.168.2.2' (RSA) to the list of known hosts.
debug2: bits set: 1013/2048
debug1: ssh_rsa_verify: signature correct
debug2: kex_derive_keys
debug2: set_newkeys: mode 1
debug1: SSH2_MSG_NEWKEYS sent
debug1: expecting SSH2_MSG_NEWKEYS
debug2: set_newkeys: mode 0
debug1: SSH2_MSG_NEWKEYS received
debug1: Roaming not allowed by server
debug1: SSH2_MSG_SERVICE_REQUEST sent
debug2: service_accept: ssh-userauth
debug1: SSH2_MSG_SERVICE_ACCEPT received
debug2: key: /root/.ssh/id_rsa ((nil))
debug2: key: /root/.ssh/id_dsa ((nil))


Welcome to Kindle!

debug1: Authentications that can continue: publickey,password
debug1: Next authentication method: publickey
debug1: Trying private key: /root/.ssh/id_rsa
debug1: Trying private key: /root/.ssh/id_dsa
debug2: we did not send a packet, disable method
debug1: Next authentication method: password
root@192.168.2.2's password: 
debug2: we sent a password packet, wait for reply
debug1: Authentication succeeded (password).
Authenticated to 192.168.2.2 ([192.168.2.2]:22).
debug1: channel 0: new [client-session]
debug2: channel 0: send open
debug1: Entering interactive session.
debug2: callback start
debug2: client_session2_setup: id 0
debug2: fd 3 setting TCP_NODELAY
debug2: channel 0: request pty-req confirm 1
debug1: Sending environment.
debug1: Sending env XMODIFIERS = @im=none
debug2: channel 0: request env confirm 0
debug1: Sending env LANG = en_US.UTF-8
debug2: channel 0: request env confirm 0
debug2: channel 0: request shell confirm 1
debug2: callback done
debug2: channel 0: open confirm rwindow 24576 rmax 32768
debug2: channel_input_status_confirm: type 99 id 0
debug2: PTY allocation request accepted on channel 0
debug2: channel_input_status_confirm: type 99 id 0
debug2: shell request accepted on channel 0
#################################################
#  N O T I C E  *  N O T I C E  *  N O T I C E  # 
#################################################
Rootfs is mounted read-only. Invoke mntroot rw to
switch back to a writable rootfs.
#################################################
[root@kindle root]#

Last edited by sjheiss; 02-21-2012 at 06:48 PM.
sjheiss is offline   Reply With Quote
Old 02-23-2012, 09:53 PM   #73
ixtab
(offline)
ixtab ought to be getting tired of karma fortunes by now.ixtab ought to be getting tired of karma fortunes by now.ixtab ought to be getting tired of karma fortunes by now.ixtab ought to be getting tired of karma fortunes by now.ixtab ought to be getting tired of karma fortunes by now.ixtab ought to be getting tired of karma fortunes by now.ixtab ought to be getting tired of karma fortunes by now.ixtab ought to be getting tired of karma fortunes by now.ixtab ought to be getting tired of karma fortunes by now.ixtab ought to be getting tired of karma fortunes by now.ixtab ought to be getting tired of karma fortunes by now.
 
ixtab's Avatar
 
Posts: 2,903
Karma: 6677485
Join Date: Dec 2011
Device: K3, K4, K5, KPW, KPW2
The long delay on connection *might* simply be caused by sshd trying to reverse-lookup the connecting IP address (trying to resolve it to a name mostly for logging purposes).

Not sure if this is the cause, but I have personally encountered this kind of gotchas many many times.

If that is the case, fix your DNS setup. Or, if it's for local connections only, edit /etc/hosts.
ixtab is offline   Reply With Quote
Old 02-24-2012, 07:42 AM   #74
knc1
Embedded Cheerleader
knc1 ought to be getting tired of karma fortunes by now.knc1 ought to be getting tired of karma fortunes by now.knc1 ought to be getting tired of karma fortunes by now.knc1 ought to be getting tired of karma fortunes by now.knc1 ought to be getting tired of karma fortunes by now.knc1 ought to be getting tired of karma fortunes by now.knc1 ought to be getting tired of karma fortunes by now.knc1 ought to be getting tired of karma fortunes by now.knc1 ought to be getting tired of karma fortunes by now.knc1 ought to be getting tired of karma fortunes by now.knc1 ought to be getting tired of karma fortunes by now.
 
knc1's Avatar
 
Posts: 6,502
Karma: 5840130
Join Date: Feb 2012
Device: Too many.
Quote:
Originally Posted by sjheiss View Post
It was working fine for awhile, but now it's back to taking a long time to connect, if ever connecting, so I'll try that now that I have a working Linux distro available to me.

EDIT: OK, Here is my log:

Code:
[root@Sean-Fedora sean]# ssh -vv 192.168.2.2
OpenSSH_5.8p1, OpenSSL 1.0.0g-fips 18 Jan 2012
That is one cause of the delay, your OpenSSH is built against the FIPS validated OpenSSL which has to undergo its self testing at every startup of every instance even if OpenSSH never sets "FIPS_MODE=1" (check your environment strings).

Unless you are in an environment that demands the use of the FIPS validated OpenSSL library (such as a private or government agency) - try a copy of OpenSSH built against the non-validated OpenSSL.

Code:
debug1: Reading configuration data /etc/ssh/ssh_config
debug1: Applying options for *
debug2: ssh_connect: needpriv 0
debug1: Connecting to 192.168.2.2 [192.168.2.2] port 22.
This is where a reverse lookup was attempted. Put (your choice of names):
# IP ADDRESS # FQD - unregistered is ok # local name(s) - more than one allowed.
192.168.2.2 kindle.my.domain kindle
in your client side, /etc/hosts

Code:
debug1: Connection established.
debug1: permanently_set_uid: 0/0
debug1: SELinux support enabled
This is part of having the OpenSSH built for use in a high security environment.
Same comment as above about FIPS. If your not required to use it....

Code:
debug1: identity file /root/.ssh/id_rsa type -1
debug1: identity file /root/.ssh/id_rsa-cert type -1
debug1: identity file /root/.ssh/id_dsa type -1
debug1: identity file /root/.ssh/id_dsa-cert type -1
Using a local identity file and public key authentication is __much__ faster.
I am surprised that no one has written up a how-to on this, will see if I can fill that void later today.

Code:
debug1: Remote protocol version 2.0, remote software version dropbear_0.53.1
debug1: no match: dropbear_0.53.1
debug1: Enabling compatibility mode for protocol 2.0
debug1: Local version string SSH-2.0-OpenSSH_5.8
That is the version string of a "locally built" OpenSSH, probably done by your security manager when they built the FIPS-enabled OpenSSH.
Edit: My eye just caught your PS1 prompt - this is a copy of Fedora, a very security aware distribution. Well somebody has to deal with it, I guess we can tackle it in this thread.

Code:
debug2: fd 3 setting O_NONBLOCK
debug1: SSH2_MSG_KEXINIT sent
debug1: SSH2_MSG_KEXINIT received
debug2: kex_parse_kexinit: diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1
debug2: kex_parse_kexinit: ssh-rsa-cert-v01@openssh.com,ssh-dss-cert-v01@openssh.com,ssh-rsa-cert-v00@openssh.com,ssh-dss-cert-v00@openssh.com,ssh-rsa,ssh-dss
debug2: kex_parse_kexinit: aes128-ctr,aes192-ctr,aes256-ctr,arcfour256,arcfour128,aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,aes192-cbc,aes256-cbc,arcfour,rijndael-cbc@lysator.liu.se
debug2: kex_parse_kexinit: aes128-ctr,aes192-ctr,aes256-ctr,arcfour256,arcfour128,aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,aes192-cbc,aes256-cbc,arcfour,rijndael-cbc@lysator.liu.se
debug2: kex_parse_kexinit: hmac-md5,hmac-sha1,umac-64@openssh.com,hmac-ripemd160,hmac-ripemd160@openssh.com,hmac-sha1-96,hmac-md5-96
debug2: kex_parse_kexinit: hmac-md5,hmac-sha1,umac-64@openssh.com,hmac-ripemd160,hmac-ripemd160@openssh.com,hmac-sha1-96,hmac-md5-96
debug2: kex_parse_kexinit: none,zlib@openssh.com,zlib
debug2: kex_parse_kexinit: none,zlib@openssh.com,zlib
debug2: kex_parse_kexinit: 
debug2: kex_parse_kexinit: 
debug2: kex_parse_kexinit: first_kex_follows 0 
debug2: kex_parse_kexinit: reserved 0 
debug2: kex_parse_kexinit: diffie-hellman-group1-sha1,diffie-hellman-group14-sha1
debug2: kex_parse_kexinit: ssh-rsa,ssh-dss
debug2: kex_parse_kexinit: aes128-ctr,3des-ctr,aes256-ctr,aes128-cbc,3des-cbc,aes256-cbc,twofish256-cbc,twofish-cbc,twofish128-cbc
debug2: kex_parse_kexinit: aes128-ctr,3des-ctr,aes256-ctr,aes128-cbc,3des-cbc,aes256-cbc,twofish256-cbc,twofish-cbc,twofish128-cbc
debug2: kex_parse_kexinit: hmac-sha1-96,hmac-sha1,hmac-md5
debug2: kex_parse_kexinit: hmac-sha1-96,hmac-sha1,hmac-md5
debug2: kex_parse_kexinit: zlib,zlib@openssh.com,none
debug2: kex_parse_kexinit: zlib,zlib@openssh.com,none
debug2: kex_parse_kexinit: 
debug2: kex_parse_kexinit: 
debug2: kex_parse_kexinit: first_kex_follows 0 
debug2: kex_parse_kexinit: reserved 0 
debug2: mac_setup: found hmac-md5
debug1: kex: server->client aes128-ctr hmac-md5 none
debug2: mac_setup: found hmac-md5
debug1: kex: client->server aes128-ctr hmac-md5 none
debug2: dh_gen_key: priv key bits set: 138/256
debug2: bits set: 965/2048
The FIPS enabled library -
Non-FIPS would have set 125/256 and 502/1024
It takes significant cpu and /dev/random to find and set these larger keys.

Code:
debug1: sending SSH2_MSG_KEXDH_INIT
debug1: expecting SSH2_MSG_KEXDH_REPLY
debug1: Server host key: RSA 4e:30:f8:bf:3e:92:b6:ad:18:21:b3:47:95:9e:02:30
The authenticity of host '192.168.2.2 (192.168.2.2)' can't be established.
RSA key fingerprint is 4e:30:f8:bf:3e:92:b6:ad:18:21:b3:47:95:9e:02:30.
Are you sure you want to continue connecting (yes/no)? yes

Warning: Permanently added '192.168.2.2' (RSA) to the list of known hosts.
debug2: bits set: 1013/2048
Would be 522/1024 for a non-FIPS build. Same comment as above.

Code:
debug1: ssh_rsa_verify: signature correct
debug2: kex_derive_keys
debug2: set_newkeys: mode 1
debug1: SSH2_MSG_NEWKEYS sent
debug1: expecting SSH2_MSG_NEWKEYS
debug2: set_newkeys: mode 0
debug1: SSH2_MSG_NEWKEYS received
debug1: Roaming not allowed by server
debug1: SSH2_MSG_SERVICE_REQUEST sent
debug2: service_accept: ssh-userauth
debug1: SSH2_MSG_SERVICE_ACCEPT received
debug2: key: /root/.ssh/id_rsa ((nil))
debug2: key: /root/.ssh/id_dsa ((nil))

Welcome to Kindle!

debug1: Authentications that can continue: publickey,password
debug1: Next authentication method: publickey
debug1: Trying private key: /root/.ssh/id_rsa
debug1: Trying private key: /root/.ssh/id_dsa
debug2: we did not send a packet, disable method
With an identity file and public key access, you would be done here.

Code:
debug1: Next authentication method: password
root@192.168.2.2's password: 
debug2: we sent a password packet, wait for reply
debug1: Authentication succeeded (password).
Authenticated to 192.168.2.2 ([192.168.2.2]:22).
Another reverse lookup that could be fixed by the /etc/hosts entry.

Code:
debug1: channel 0: new [client-session]
debug2: channel 0: send open
debug1: Entering interactive session.
debug2: callback start
debug2: client_session2_setup: id 0
debug2: fd 3 setting TCP_NODELAY
debug2: channel 0: request pty-req confirm 1
debug1: Sending environment.
debug1: Sending env XMODIFIERS = @im=none
debug2: channel 0: request env confirm 0
debug1: Sending env LANG = en_US.UTF-8
debug2: channel 0: request env confirm 0
debug2: channel 0: request shell confirm 1
debug2: callback done
debug2: channel 0: open confirm rwindow 24576 rmax 32768
debug2: channel_input_status_confirm: type 99 id 0
debug2: PTY allocation request accepted on channel 0
debug2: channel_input_status_confirm: type 99 id 0
debug2: shell request accepted on channel 0
#################################################
#  N O T I C E  *  N O T I C E  *  N O T I C E  # 
#################################################
Rootfs is mounted read-only. Invoke mntroot rw to
switch back to a writable rootfs.
#################################################
[root@kindle root]#

Translation:
Set a address/name pair in /etc/hosts (as the other poster suggested)

Use public key authentication with an identity file on your client machine, the public key on the Kindle.

Find a copy of OpenSSH not built against the FIPS-140 validated OpenSSL and use that (if allowed within your organization).
Edit: Under the Fedora distribution, this last may not be practical, but it is still valid, general advice.

Last edited by knc1; 02-24-2012 at 08:29 AM.
knc1 is offline   Reply With Quote
Reply

Thread Tools Search this Thread
Search this Thread:

Advanced Search

Forum Jump

Similar Threads
Thread Thread Starter Forum Replies Last Post
ssh from Kindle 3 aKarma Kindle Developer's Corner 6 09-21-2010 08:59 PM
SSH to Kindle Zorz Kindle Developer's Corner 16 01-15-2010 01:18 AM
ubuntu 9.04 ssh help please lampadena OpenInkpot 9 08-18-2009 11:21 PM
Kindle + SSH? Elegant Forkbomb Amazon Kindle 3 03-05-2009 08:12 AM
iLiad How do I get ssh access to my 2.7.1 iLiad? narve iRex Developer's Corner 3 11-28-2006 05:59 PM


All times are GMT -4. The time now is 04:20 PM.


MobileRead.com is a privately owned, operated and funded community.