Jump to content
OMRON Forums

Problem with IDE and SSH...


KEJR

Recommended Posts

Hello,

 

Has anyone experienced problems connecting via the IDE and ssh? I can only connect with the PPMACserver option right now, but I have a vague recollection that ssh used to work for me.

 

I downloaded the putty ssh client for windows and it connects to the PPMAC just fine (nice program BTW, only one executable file.. no install).

 

Any ideas to try? Should I just use the ppmacserver?

 

Thanks,

KEJR

Link to comment
Share on other sites

  • Replies 24
  • Created
  • Last Reply

Top Posters In This Topic

You should not use the ppmacserver as it has many problems. The biggest being that there is no mechanism at the moment to handle the case that the IDE server and PPmac Server are different versions. You will not have this problem at the moment but a change of firmware could create it.

 

As for SSH I am not sure why you can not connect. You have been connected before but I guess this was not with SSH? In the putty terminal can you run gpascii -2 ??? Perhaps you can pkill all the capps you have running and try again?

Link to comment
Share on other sites

As for SSH I am not sure why you can not connect. You have been connected before but I guess this was not with SSH? In the putty terminal can you run gpascii -2 ??? Perhaps you can pkill all the capps you have running and try again?

 

Brad,

 

Thanks for the prompt reply. I just logged into the PPMAC with Putty and ran the "gpascii -2" program and was able to query variables just fine. I tried both symbolic and regular P vars with no problem. I also shut down all C applications of mine.

 

I also just tried running the ppmac IDE on a different computer/installation with ssh login and it failed there as well. Here is the message log from the connect dialog:

 

*******

 

Trying to ping to the device 192.168.169.40

 

Ping to the device 192.168.169.40 is successfull!

 

Trying gpascii connection to the device 192.168.169.40.

 

Gpascii connect failed for the device 192.168.169.40. Please Check the password.

 

********

 

The login in the default root with deltatau password (same I typed in with putty).

 

I would suspect a network or ssh server problem, but the fact that ssh and "gpascii -2" works with putty kind of shoots that down [i think].

 

Is there a way to make the login message more verbose? It doesn't really tell you an error code or what it failed on (i.e. gpascii or ssh login, etc)

 

Any other ideas?

 

Thanks,

KEJR

Link to comment
Share on other sites

I have a couple more data points on the ssh issue.

 

- I am able to connect from the IDE using ssh to a different ppmac CPU that is more or less as shipped from the factory (I upgraded the kernel and system deb files to match the Feb IDE on the nearly stock CPU).

 

- Both CPUs can connect to PuTTY using ssh.

 

- The ppmac scope tool cannot connect to the problem CPU using ssh or ppmacserver protocols (I didn't try the near virgin CPU).

 

Are there any ideas as to how to debug this? I can set my ppmac CPU back to factory defaults but I have alot invested in the setup and it would take a little while to recreate that. It also bothers me that ssh and gpascii seem to work from other programs.

 

Thanks,

KEJR

Link to comment
Share on other sites

1.) Verify the items in the INI file that the IDE uses

check that protocol is ssh,

IPAddress=No Device

 

Protocol=SSH

 

PortNumber=22

 

UserName=root

 

Password=deltatau

C:/Program Files/Delta Tau Data Systems Inc/2.0/Power PMAC Suite/INI

 

there are quite a few INI files you will see.

 

2.) Try changing your ip address. I know in linux a known_hosts file is saved and if you switch from card A to card B and they both have the same ip address the second one won't connect.

 

 

I have a couple more data points on the ssh issue.

 

- I am able to connect from the IDE using ssh to a different ppmac CPU that is more or less as shipped from the factory (I upgraded the kernel and system deb files to match the Feb IDE on the nearly stock CPU).

 

- Both CPUs can connect to PuTTY using ssh.

 

- The ppmac scope tool cannot connect to the problem CPU using ssh or ppmacserver protocols (I didn't try the near virgin CPU).

 

Are there any ideas as to how to debug this? I can set my ppmac CPU back to factory defaults but I have alot invested in the setup and it would take a little while to recreate that. It also bothers me that ssh and gpascii seem to work from other programs.

 

Thanks,

KEJR

 

 

Link to comment
Share on other sites

Hello,

 

Has anyone experienced problems connecting via the IDE and ssh? I can only connect with the PPMACserver option right now, but I have a vague recollection that ssh used to work for me.

 

I downloaded the putty ssh client for windows and it connects to the PPMAC just fine (nice program BTW, only one executable file.. no install).

 

Any ideas to try? Should I just use the ppmacserver?

 

Thanks,

KEJR

 

When you start the IDE what values you see in the first environment dialog box for Ipaddress, Port, User Name and Password?

It needs to be ...

Your Ip Address

port = 22

protocol = ssh

username = root

pwd = deltatau

if this is not true then that is the reason you are not able to connect.If you see different values please delete the registry...

HKEY_LOCAL_MACHINE\SOFTWARE\Delta Tau Data Systems Inc\2.0\Power PMAC Suite\Enum. We recreate the registry.

 

Atul

 

Link to comment
Share on other sites

1.) Verify the items in the INI file that the IDE uses

check that protocol is ssh,

 

I checked the ini files, but it seems that the dialog box used to connect doesn't always use these files. I did verify on the dialog box that the protocol was "ssh", port was 22, login was "root" and password was "deltatau". The IP address was correct as well, and is the same IP address I use to connect with Telnet, PuTTY, etc.

 

2.) Try changing your ip address. I know in linux a known_hosts file is saved and if you switch from card A to card B and they both have the same ip address the second one won't connect.

 

I changed my IP address to a different one of the same subnet I'm on and it made no difference. I could still connect with ssh using Putty, but not the IDE. I have the RSA 2 key fingerprint that putty is reporting, is it possible that the fingerprint changed and the IDE doesn't know about the new one? The IDE never has displayed the fingerprint for me to check out and save to its equivalent of "known_hosts". The fact that I was never asked if the fingerprint is OK by the IDE is suspicious.

 

KEJR

Link to comment
Share on other sites

1.) Verify the items in the INI file that the IDE uses

check that protocol is ssh,

 

I checked the ini files, but it seems that the dialog box used to connect doesn't always use these files. I did verify on the dialog box that the protocol was "ssh", port was 22, login was "root" and password was "deltatau". The IP address was correct as well, and is the same IP address I use to connect with Telnet, PuTTY, etc.

 

2.) Try changing your ip address. I know in linux a known_hosts file is saved and if you switch from card A to card B and they both have the same ip address the second one won't connect.

 

I changed my IP address to a different one of the same subnet I'm on and it made no difference. I could still connect with ssh using Putty, but not the IDE. I have the RSA 2 key fingerprint that putty is reporting, is it possible that the fingerprint changed and the IDE doesn't know about the new one? The IDE never has displayed the fingerprint for me to check out and save to its equivalent of "known_hosts". The fact that I was never asked if the fingerprint is OK by the IDE is suspicious.

 

KEJR

 

Do you have another PowerPMAC board you can try? Did you change any sssd settings?

Atul

 

Link to comment
Share on other sites

Do you have another PowerPMAC board you can try? Did you change any sssd settings?

 

Yes, as mentioned previously a relatively virgin ppmac CPU is working with ssh. I did not intentionally change the sshd settings, but I did at one point install the debian package "rsh-server" to get rlogin, rexec, etc. I don't know if debian modifies sshd when you do this.

 

As I keep mentioning though, ssh connections are being made via PuTTY. Is there a reason why the DT IDE login would be different?

 

KEJR

 

Link to comment
Share on other sites

Do you have another PowerPMAC board you can try? Did you change any sssd settings?

 

Yes, as mentioned previously a relatively virgin ppmac CPU is working with ssh. I did not intentionally change the sshd settings, but I did at one point install the debian package "rsh-server" to get rlogin, rexec, etc. I don't know if debian modifies sshd when you do this.

 

As I keep mentioning though, ssh connections are being made via PuTTY. Is there a reason why the DT IDE login would be different?

 

KEJR

 

I am sure the because of rsh-server the sssd is changed.

We only support DSA and RSA as Host algorithmand the default is DSA.

If you can reset the ssd settings back to default your board will work.

Atul

Link to comment
Share on other sites

  • 1 year later...

I am experiencing essentially the same problems.

Pinging, using Telnet or SSH to talk it works just fine;

 

I think that I finally found out what was going on with this but forgot that I did not post this to the discussion on the forum. I had a few incremental backups of the PPMAC disk image which helped me piece together where things where broken.

 

To make a long story short, the IDE would not work if I added color to the command line. (Its been a while, but I believe it was an alias to the "ls" commmand to be "ls --color" that killed it). I suspect that the IDE code does some tests on the connection and whatever control codes that are used in the "ls --color" command are what killed it. Did you do any customizations to your user login scripts for root or anything like that?

 

KEJR

Link to comment
Share on other sites

KEJR,

 

I can confirm that the Power PMAC IDE will not connect if you change the format of the prompt (including adding colors, etc). I had the same thing happen to me a month or so ago. The IDE expects a certain format of response string, and will not connect unless it gets an exact match.

Link to comment
Share on other sites

YIKES! How did this one get past the scrum? So, the good folks at Delta Tau are going to change that reject message to "Did you change the password or root prompt?", right? And they're going to warn about this in the user's guide, right? Because basically EVERYBODY wants to either put color in their prompt, or at least make SOME sort of customization to $PS1. Maybe the warning can more discreetly placed in the shell script where $IPPROMPT is defined (i.e., that it's required for the root prompt, and BTW, don't you dare mess with the root prompt, or else the IDE will reject it).
Link to comment
Share on other sites

Lets be nice. Delta Tau could take the standpoint of most manufacturers and not let us have any customizations under the hood (It would save them money in support I am sure).

 

I like the open nature of the power pmac quite a bit. I would hope that the longer term solution is that the IDE code could be changed to be less sensitive to these things. I haven't picked any battles with them over this because it is not something I really need. They have come through for me on things I needed or were very helpful and I feel that is more important.

Link to comment
Share on other sites

OK, just so everybody knows, my issue was that both the format of the root prompt (which includes '\w' - reporting the current working directory), AND THE INITIAL DIRECTORY ITSELF - /opt/ppmac - have to be exact for the "format" of the prompt string to be considered a match by the IDE. The hard-coded change to /opt/ppmac really stood out as an oddity when I studied the login scripts (especially since it wasn't done via chaning the $HOME environment variable, but simply via a 'cd' to a hard-coded directory other than home) - - so I "fixed" it. Then I altered the prompt string to display the "journalism" items (who, what, where, when; er... in this case, root@IP_address//$PWD ), put each field in a different color... and before you know it - - the IDE would have nothing to do with it. I guess this all goes back to somebody telling me, "and it's also a general-purpose R/T linux system", instead of, "it's a turnkey system based on a R/T linux system - DO NOT MESS WITH IT".
Link to comment
Share on other sites

I guess this all goes back to somebody telling me, "and it's also a general-purpose R/T linux system", instead of, "it's a turnkey system based on a R/T linux system - DO NOT MESS WITH IT".

 

Like I said, I do hope they make the IDE less picky about these things. There are limitations to the PPMAC as compared to out of the box Linux systems such as the read only filesystem and needing root access but they are a necessary evil to make things run reliably.

 

I've decided to use the PPMAC as an appliance in some ways, and use the underlying OS where it makes sense (I've been using an embedded windows touch HMI attached to it over ethernet). At some point getting it into a general purpose computer has diminishing returns, but that is probably a debate for a different thread.

 

KEJR

Link to comment
Share on other sites

The PowerPMAC is a motion controller and not a general purpose Linux system. The intension of the IDE is to hide the Linux and be able to setup the powerPMAC.

In-house we are discussing the issue and figuring out how can we handle this and not look for specific prompt.

I know more and more people will be misguided and treat it as a Linux computer.

Thanks,

Atul

Link to comment
Share on other sites

Here's one suggestion I made to my own development team in a report "closing" this issue:

 

If we're ever in a position to make a recommendation to Delta Tau, I feel that both a more resilient and even surer means of distinguishing a valid & functioning PPMAC is for the login script (~/.profile) to define a special shell function that echos a specific identifying string. The IDE, after connecting, rather than examining the prompt, would invoke the special shell function (of a very uncommon name), and then would validate against the expected response. A simple - if somewhat cynical - example follows:

 

challenge_RU_a_PPMAC() #Put this into /root/.pofile

{

echo "I solemny swear that I am indeed, a wholly-legitimate and properly-functioning PPMAC."

}

 

The IDE could then test for this string, rather expect a specific prompt AND a specific pre-positioning to a dedicated directory away from the login home. It could also incorporate $IPPROMPT, etc, if deemed necessary.

 

This is even surer from a security standpoint because it functions as a bi-directional password: the challenge phrase (in this case, the function name) must also match as well as the expected reply.

Link to comment
Share on other sites

The PowerPMAC is a motion controller and not a general purpose Linux system.

 

Of course, but it is the standard operating system, standard file system, standard communications protocols, and standard programming language that makes the Power PMAC more powerful and desirable to Delta Tau's customers than earlier PMACs. Locking down the operating system would be a mistake, regardless of whether it is Linux or Windows.

 

The question for this thread is why the PMAC IDE doesn't have its own account and set up the prompt the way it needs. Or conversely, why don't the users who want to customize the prompt set up special user accounts to do so?

Link to comment
Share on other sites

The PowerPMAC is a motion controller and not a general purpose Linux system.

 

The question for this thread is why the PMAC IDE doesn't have its own account and set up the prompt the way it needs. Or conversely, why don't the users who want to customize the prompt set up special user accounts to do so?

 

Good point. We did, in fact, add user accounts for 'developer' and 'operator'; we just didn't know that the IDE used the root account. In that regard, we concurr with your suggestion that the IDE should have its own account. In fact, we note there's already an account there called 'deltatau'.

Link to comment
Share on other sites

  • 1 year later...

Or conversely, why don't the users who want to customize the prompt set up special user accounts to do so?

 

You cannot create any accounts other than the existing root account and be able to talk to the power pmac. I tried setting up another account and without wrapping the entire gpascii there is no way to communicate to the Power pmac with an account other than the factory default root account. Try it!

 

I agree with what's been said that the Power PMAC is a powerful motion controller that just happens to be running on an embedded Linux OS. I enjoy the openness that DT has provided with the control but clearly they can expand on that to give end users more "rope to hang themselves" or freedom, however you see it. ;-)

 

Anything DT does to cripple the system is like giving someone a sports car and installing a throttle limiter. Not nearly as fun, but I will still take one!

Link to comment
Share on other sites

MClement, have you seen this link?

 

http://forums.deltatau.com/archive/index.php?thread-466.html

 

Not to get this discussion too far off track, but I'll add my two cents. I understand that Delta Tau has to put limits on the Power PMAC because in the end they have to support the product. There are many individuals out there who would take a fully unlocked Power PMAC and install tons of third party software, ruin the system's determinism, and then demand that DT fix the errors that they themselves caused.

 

As DT only has a fixed number of resources for customer support (as do all companies), they tend to lock products down so uninformed users can't get themselves into to much trouble.

 

That being said, my experiences with the Power PMAC have proven to me that there are work-arounds for almost every issue. The freedom to write custom code down to the kernel level has allowed my company to:

 

1) create a custom Ethernet protocol specifically to suit our needs

2) develop a new gpascii-like program that can parse custom commands

3) eschew the DT IDE altogether in favor of third party IDEs

4) interface to many fieldbus protocols without having to drag Delta Tau through the muck (because we can write the code ourselves!)

 

Using MClement's car analogy, sometimes you just have to remove the rev limiter!

Link to comment
Share on other sites

shansen

 

Seems like sudo will give temporary root privilege which is the whole reason I wanted a non-root account in the first place? I want to be able to login and access say gpascii or maybe the IDE but not have access to the entire folder structure or select folders or PLCs etc.

 

Do you know of a way to do this?

Link to comment
Share on other sites

MClement:

 

I couldn't get it to work without some step requiring root access.

 

Perhaps this is a silly question, but do you need to have users on the Power PMAC other than root?

 

I only ask because our products support multiple user accounts, but it is done entirely via our code on the Power PMAC and the communications interface. By doing it this way, we can control exactly who gets to do what.

Link to comment
Share on other sites

Guest
This topic is now closed to further replies.

×
×
  • Create New...