LINUX.ORG.RU
ФорумGeneral

Помогите разобраться с dante

 , , ,


0

2

Всем доброго дня! установил из репов dante. Никак не получается подключится из телеграм.

Dante v1.4.1. Copyright (c) 1997 - 2014 Inferno Nettverk A/S, Norway
Linux 4.9.0-8-amd64 #1 SMP Debian 4.9.144-3.1 (2019-02-19) x86_64 GNU/Linux

root@silicon:/home/simon# ps aux |grep danted
nobody    1732  0.0  0.0  48552  2104 ?        Ss   10:41   0:05 /usr/sbin/danted -D
[cut]nobody    1733  0.0  0.0  48552   316 ?        S    10:41   0:00 danted: monitor-ch
nobody    1735  0.0  0.0  48552   324 ?        S    10:41   0:00 danted: request-ch
nobody    1736  0.0  0.0  48552   324 ?        S    10:41   0:00 danted: request-ch
nobody    1737  0.0  0.0  48552   324 ?        S    10:41   0:00 danted: request-ch
nobody    1738  0.0  0.0  48552   324 ?        S    10:41   0:00 danted: request-ch
nobody    1739  0.0  0.0  48552   324 ?        S    10:41   0:00 danted: request-ch
nobody    1740  0.0  0.0  48552   324 ?        S    10:41   0:00 danted: request-ch
nobody    1741  0.0  0.0  48552   324 ?        S    10:41   0:00 danted: request-ch
nobody    1742  0.0  0.0  48552   324 ?        S    10:41   0:00 danted: request-ch
nobody    1743  0.0  0.0  48552   324 ?        S    10:41   0:00 danted: request-ch
nobody    1744  0.0  0.0  48552   324 ?        S    10:41   0:00 danted: request-ch
nobody    1745  0.0  0.0  48552   324 ?        S    10:41   0:00 danted: request-ch
nobody    1746  0.0  0.0  48552   324 ?        S    10:41   0:00 danted: request-ch
nobody    1747  0.0  0.0  48552   324 ?        S    10:41   0:00 danted: request-ch
nobody    1748  0.0  0.0  48552   324 ?        S    10:41   0:00 danted: request-ch
nobody    1749  0.0  0.0  48552   324 ?        S    10:41   0:00 danted: request-ch
nobody    1750  0.0  0.0  48552   324 ?        S    10:41   0:00 danted: request-ch
nobody    1751  0.0  0.0  48552  1848 ?        S    10:41   0:00 danted: io-child:
root      3876  0.0  0.0  68264  4468 ?        S    14:04   0:00 danted: negotiate-
nobody    3913  0.0  0.0  48552  1920 ?        S    14:07   0:00 danted: negotiate-
root      3917  0.0  0.0  12780   928 pts/1    S+   14:07   0:00 grep danted[/cut]

/etc/danted.conf 

logoutput: /var/log/socks.log
errorlog: var/log/socks-err.log
internal: enp4s0f0 port = 4949
external: enp4s0f0

debug: 1

socksmethod: pam
clientmethod: none
user.privileged: root
user.unprivileged: nobody
user.libwrap: nobody

client pass {
    from: 0.0.0.0/0 to: 0.0.0.0/0
    log: connect error
    method: none
}

useradd -s /usr/sbin/nologin socks
-------------------------------------------------------------------------------------------------------------------------------
ls -l /etc/pam.d/sockd
-rw-r--r-- 1 root root 166 мар 31 10:40 /etc/pam.d/sockd
-------------------------------------------------------------------------------------------------------------------------------

cat /etc/pam.d/sockd
#%PAM-1.0
auth required  /lib/x86_64-linux-gnu/security/pam_pwdfile.so pwdfile=/opt/dante/sockd.passwd
account required  /lib/x86_64-linux-gnu/security/pam_permit.so

htpasswd -c -b -m /opt/dante/sockd.passwd socks passcode
-------------------------------------------------------------------------------------------------------------------------------
ls -l /opt/dante/sockd.passwd
-rw-r--r-- 1 root root 44 мар 31 10:38 /opt/dante/sockd.passwd
-------------------------------------------------------------------------------------------------------------------------------
cat /opt/dante/sockd.passwd
socks:$apr1$m/eveFgf$Zu3xIM7HzRpCxfgIVxdMy1
-------------------------------------------------------------------------------------------------------------------------------

Mar 31 10:46:18  danted[1734]: debug: rulespermit(): 192.168.1.10.52348 -> 192.168.1.17.4949, clientauth N/A, srcauth notset, command accept, fd 13 from 192.168.1.10.52348, accepted on 192.168.1.17.4949
Mar 31 10:46:18  danted[1734]: debug: rulespermit(): trying to match against client-rule-rule #1, verdict = pass
Mar 31 10:46:18  danted[1734]: debug: addrmatch(): matching ruleaddress IPv4 address 0.0.0.0/0 against IPv4 address 192.168.1.10.52348 for protocol tcp, without alias
Mar 31 10:46:18  danted[1734]: debug: addrmatch(): matching ruleaddress IPv4 address 0.0.0.0/0 against IPv4 address 192.168.1.17.4949 for protocol tcp, without alias
Mar 31 10:46:18  danted[1734]: debug: methodisset(): checking if method notset is set in the list (1) "none"
Mar 31 10:46:18  danted[1734]: debug: rulespermit(): changing authmethod from -1 to 0
Mar 31 10:46:18  danted[1734]: debug: methodisset(): checking if method none is set in the list (1) "none"
Mar 31 10:46:18  danted[1734]: debug: accesscheck(): method: none, 192.168.1.10.52348 -> 192.168.1.17.4949 
Mar 31 10:46:18  danted[1734]: debug: methodisset(): checking if method none is set in the list (0) ""
Mar 31 10:46:18  danted[1734]: debug: methodisset(): checking if method none is set in the list (0) ""
Mar 31 10:46:18  danted[1734]: debug: accesscheck(): authentication matched
Mar 31 10:46:18  danted[1734]: debug: rulespermit(): rule matched: 1 (client-rule), verdict pass
Mar 31 10:46:18  danted[1734]: debug: setconfsockoptions(): going through options, looking for tcp socket options for fd 13 (in: 13) on the internal side
Mar 31 10:46:18  danted[1734]: debug: setconfsockoptions(): going through global array with 0 options, looking for globals matching 6 (post-establishment or any time)
Mar 31 10:46:18  danted[1734]: debug: setconfsockoptions(): going through local array with 0 options, looking for locals matching 6
Mar 31 10:46:18  danted[1734]: debug: shmem_userule(): cinfo: 192.168.1.10.52348
Mar 31 10:46:18  danted[1734]: debug: shmem_userule(): shmids in client-rule #1: bw_shmid 0 ((nil)), mstats_shmid 0 ((nil)), ss_shmid 0 ((nil))
Mar 31 10:46:18  danted[1734]: info: pass(1): tcp/accept [: 192.168.1.10.52348 192.168.1.17.4949
Mar 31 10:46:18  danted[1734]: debug: socks_allocbuffer(): fd 13, stype = 1
Mar 31 10:46:18  danted[1734]: debug: recvmsgn(): recvmsg() on fd 7 failed, received -1 bytes: Resource temporarily unavailable
Mar 31 10:46:18  danted[1734]: debug: recv_negotiate(): recvmsg() from mother returned -1 after having received 2 new clients (0 failed/blocked clients).  errno = 11 (Resource temporarily unavailable)
Mar 31 10:46:18  danted[1734]: debug: recv_clientrequest(): fd 17, client 192.168.1.10.52346, state->complete: 0, read so far: 3
Mar 31 10:46:18  danted[1734]: debug: methodisset(): checking if method username is set in the list (1) "pam.username"
Mar 31 10:46:18  danted[1734]: debug: methodisset(): checking if method pam.username is set in the list (1) "pam.username"
Mar 31 10:46:18  danted[1734]: debug: methodisset(): checking if method username is set in the list (1) "pam.username"
Mar 31 10:46:18  danted[1734]: debug: passworddbisunique(): returning 259
Mar 31 10:46:18  danted[1734]: debug: accesscheck(): method: pam.username, 192.168.1.10.52346 -> 192.168.1.17.4949 
Mar 31 10:46:18  danted[1734]: debug: methodisset(): checking if method pam.username is set in the list (1) "none"
Mar 31 10:46:18  danted[1734]: debug: methodisset(): checking if method pam.username is set in the list (0) ""
Mar 31 10:46:18  danted[1734]: debug: pam_passwordcheck(): src 192.168.1.10.52346, user "socks", servicename "sockd", emsgsize 512
Mar 31 10:46:18  danted[1734]: debug: sockd_priv(): switching privilege 9 on
Mar 31 10:46:18  danted[1734]: debug: sockd_setugid(): old uid/gid: 65534/65534, new: 0/0
Mar 31 10:46:18  danted[1734]: debug: sockd_priv(): switching privilege 9 off
Mar 31 10:46:18  danted[1734]: debug: sockd_setugid(): old uid/gid: 0/0, new: 65534/65534
Mar 31 10:46:18  danted[1734]: debug: pam_passwordcheck(): setting item PAM_CONV
Mar 31 10:46:18  danted[1734]: debug: pam_passwordcheck(): setting item "PAM_RHOST" to value "192.168.1.10"
Mar 31 10:46:18  danted[1734]: debug: pam_passwordcheck(): setting item "PAM_USER" to value "socks"
Mar 31 10:46:18  danted[1734]: debug: pam_passwordcheck(): setting item "PAM_RUSER" to value "rhostusr"
Mar 31 10:46:18  danted[1734]: debug: sockd_priv(): switching privilege 9 on
Mar 31 10:46:18  danted[1734]: debug: sockd_setugid(): old uid/gid: 65534/65534, new: 0/0
Mar 31 10:46:18  danted[1734]: debug: pam_conversation(): msg_style = 1
Mar 31 10:46:18  danted[1732]: debug: main(): selectn() returned 1 (no system error)
Mar 31 10:46:18  danted[1732]: debug: handlechildcommand(): command 1 from negotiate-child 1734
Mar 31 10:46:18  danted[1732]: debug: handlechildcommand(): negotiate-child 1734 has freed a TCP slot, now has 93 slots free
Mar 31 10:46:18  danted[1732]: debug: calling select().  Free negc: 189, reqc: 16, ioc: 32
Mar 31 10:46:20  danted[1732]: debug: main(): selectn() returned 1 (no system error)
Mar 31 10:46:20  danted[1732]: debug: accepted tcp client 192.168.1.10.52349 on address 192.168.1.17.4949, fd 10
Mar 31 10:46:20  danted[1732]: debug: sending client 192.168.1.10.52349 to negotiate-child (pid 1734 with 93 slots free)
Mar 31 10:46:20  danted[1732]: debug: send_client(): buflen = 0
Mar 31 10:46:20  danted[1732]: debug: accepted tcp client 192.168.1.10.52350 on address 192.168.1.17.4949, fd 10
Mar 31 10:46:20  danted[1732]: debug: sending client 192.168.1.10.52350 to negotiate-child (pid 1734 with 92 slots free)
Mar 31 10:46:20  danted[1732]: debug: send_client(): buflen = 0
Mar 31 10:46:20  danted[1732]: debug: calling select().  Free negc: 187, reqc: 16, ioc: 32
Mar 31 10:46:20  danted[1734]: debug: sockd_priv(): switching privilege 9 off
Mar 31 10:46:20  danted[1734]: debug: sockd_setugid(): old uid/gid: 0/0, new: 65534/65534
Mar 31 10:46:20  danted[1734]: debug: pam_passwordcheck(): pam_authenticate() failed: Authentication failure
Mar 31 10:46:20  danted[1734]: debug: accesscheck(): no match for authentication: pam_authenticate() for user "socks" failed: Authentication failure
Mar 31 10:46:20  danted[1734]: debug: run_negotiate(): recv_clientrequest() from client 192.168.1.10.52346 returned 1, errno is -131 (fatal error)
Mar 31 10:46:20  danted[1734]: info: block(1): tcp/accept ]: 192.168.1.10.52346 192.168.1.17.4949: error after reading 17 bytes in 5 seconds: pam_authenticate() for user "socks" failed: Authentication failure
Mar 31 10:46:20  danted[1734]: debug: delete_negotiate(): forwardedtomother: 0
Mar 31 10:46:20  danted[1734]: debug: socks_freebuffer(): fd 17
alexbalkan
() автор топика
Ответ на: комментарий от mandala

Нихрена и curl-ом не цепляет. И странно tcpdump вообще молчит на это curl --socks5 $user:$pass@$myIP:4949 icanhazip.com В логах ему что-то не нравится верификация пароля для учетки, если не ошибаюсь. Как будто не видит файл с паролем. ХЗ уже пробовал и владельца менял и права, без толку.

alexbalkan
() автор топика
Ответ на: комментарий от alexbalkan

Не пойму в чём прикол 

Mar 31 10:46:20  danted[1732]: debug: calling select().  Free negc: 187, reqc: 16, ioc: 32
Mar 31 10:46:20  danted[1734]: debug: sockd_priv(): switching privilege 9 off
Mar 31 10:46:20  danted[1734]: debug: sockd_setugid(): old uid/gid: 0/0, new: 65534/65534
Mar 31 10:46:20  danted[1734]: debug: pam_passwordcheck(): pam_authenticate() failed: Authentication failure
Mar 31 10:46:20  danted[1734]: debug: accesscheck(): no match for authentication: pam_authenticate() for user "socks" failed: Authentication failure
Mar 31 10:46:20  danted[1734]: debug: run_negotiate(): recv_clientrequest() from client 192.168.1.10.52346 returned 1, errno is -131 (fatal error)
Mar 31 10:46:20  danted[1734]: info: block(1): tcp/accept ]: 192.168.1.10.52346 192.168.1.17.4949: error after reading 17 bytes in 5 seconds: pam_authenticate() for user "socks" failed: Authentication failure
Mar 31 10:46:20  danted[1734]: debug: delete_negotiate(): forwardedtomother: 0

alexbalkan
() автор топика
Ответ на: комментарий от alexbalkan

root@silicon:/home/simon# curl --socks5 socks:sososo@192.168.1.17:4949 icanhazip.com

curl: (7) User was rejected by the SOCKS5 server (1 1).

alexbalkan
() автор топика
Вы не можете добавлять комментарии в эту тему. Тема перемещена в архив.
General