Windows: FW install gets password error-pscp

MrPete
2010-10-12
2013-03-05
  • MrPete

    MrPete - 2010-10-12

    I have a FWbuilder firewall that installs correctly from a remote Linux system, using FWbuilder 2.0.10 (!), ssh with a custom port.
    Now I'm attempting to move to Windows (or possibly Mac server) to accomplish the same thing.
    I added -P xyzzy to the end of the pscp command, and it correctly connects to the subject system, prompting for password etc.

    Unfortunately, the installer script always fails, getting multiple password requests and timing out after five failures.

    Any hints on debugging this? Could there be a bug in the Windows version of the firewall installer subsystem?

     
  • Vadim Kurland

    Vadim Kurland - 2010-10-12

    if installer connects to the firewall and you see password prompt, but it fails to authenticate, this must be wrong password. Are you sure it connects to the right firewall machine ?

     
  • MrPete

    MrPete - 2010-10-12

    The log on the target machine shows failed password, so I'm certain I have the correct machine.
    And yes I've attempted multiple times to re-enter the password. I'm quite certain I typed it correctly.
    Can't use wireshark to diagnose because everything's encrypted…

    Is there a debug mode that would reveal the PW FWbuilder is using? Perhaps a full interactive-script log that shows what was sent/received?

     
  • Vadim Kurland

    Vadim Kurland - 2010-10-12

    you can turn verbose mode on in the installer dialog, this will reveal full command line that it is using in the log window. You can then copy/paste it to the command line prompt and to try and test. The password is passed as a command line parameter to plink.exe (but is obfuscated in the log line). Pscp.exe does not take password on the command line so installer waits for the prompt to appear in the output and enters password then. May be the prompt has different format than what it expects ? What version of pscp.exe you are using ? Note that Windows package of fwbuilder 4.1.2 comes with a copy of plink.exe and pscp.exe so you don't need to install your own.

     
  • MrPete

    MrPete - 2010-10-12

    SOLVED IT.

    FYI:
    1) It's using the FWbuilder-supplied versions (although I do have my own install of PuTTy)

    2) The command line in verbose mode appears to think that PW *can* be provided on the command line:

    C:\apps\Utils\Net\FWBuilder41\pscp.exe -P 32222  -load fwb_session_with_keepalive -pw XXXXXX -q C:/apps/Utils/Net/FWBuilder41/tester-1eth-temp2010.fw root@192.168.0.10:/etc/fwbuilder/tester-1eth-temp2010.fw
    

    BUT… none of that was the real issue.

    I looked around some more and found what has changed:
    * In the old version, command line params for sh/etc were configured with the application itself in Preferences->Installer.
    * I didn't see that anymore, so I added -P 32222 to the command line. It appeared to work…
    * BUT then I found, the firewall specific popup Firewall Settings -> Installer tab, which now has the command line params for sh and scp.
    * Removed -P 32222 from the command line and put it in the per-firewall settings.
    * Now it works… and does not prompt for the password.

    No idea WHY that fixed anything, but it works.

    Whew!

     
  • MrPete

    MrPete - 2010-10-12

    Typo: with -P 32222 inserted manually in the command line (2nd bullet above), I should have said: it appeared to work but did not. I got those password prompts and login failure every time.

    Moving the -P 32222 to the Firewall Settings->Installer location, everything works.

     

Get latest updates about Open Source Projects, Conferences and News.

Sign up for the SourceForge newsletter:





No, thanks