Gateone doesnt work anymore after dsm 6

[Oxize]

Can anybody from SynoCommunity compile a new Gateone package for DSM 6? After the release of DSM 6, GateOne isnt working anymore. I used this webbased ssh client alot.

DS214+
DSM 6.0-7321 Update 6
Problem: Package fails to run after clicking "Run" in package center, and automatically stops again.

Tried to reinstall gateone several times, and rebooting NAS. Doesnt work. If i need to test something, let me know.

gateone.log
[I 160523 13:33:35 server:4179] Gate One License: AGPLv3 (http://www.gnu.org/licenses/agpl-.0.html) [I 160523 13:33:35 server:4188] Imported applications: Terminal [I 160523 13:33:35 server:4340] Version: 1.2.0 (20151116212858) [I 160523 13:33:35 server:4341] Tornado version 4.3 [I 160523 13:33:35 server:4361] Connections to this server will be allowed from the following origins: '*' [I 160523 13:33:35 server:4380] No SSL private key found. One will be generated. [I 160523 13:33:47 server:4384] No SSL certificate found. One will be generated. [I 160523 13:33:49 server:3678] No authentication method configured. All users will be ANONYMOUS [I 160523 13:33:49 server:3759] Loaded global plugins: gateone.plugins.editor, gateone.plugins.help

[Dr-Bean]

Waiting on #2216 and there's probably another issue where the SSL certificate location has changed in DSM6 (here and there)

[Oxize]

no workaround?

[joutain]

same issue here

[Oxize]

Dr-Bean, can i somehow get this working, or do we really need to wait on Synology for this adduser command problem?

[Dr-Bean]

Simply put, you have three choices at this point: wait for someone else to (help) add DSM6 compatibility, contribute and help solve the aforementioned issues yourself or downgrade to/do a clean install of a supported DSM version.

[Oxize]

Well i wished i had more knowledge about the used code, but i dont, otherwise i would try to help whereever i could. Its only anoyying, because i used Gateone alot from the web when i was at costumers, when i need to ssh into something. I like it more then putty.

Guess i have to wait. Downgrading my Synology isnt possible so far i know, i asked that already Synology Support.

[patrikhuber]

@Diaoul, any plans to have a look at this and update the package? ;-)

[dextouu]

Dsm 6 : ssl_certificate : /usr/syno/etc/certificate/system/default/fullchain.pem
ssl_certificate_key : /usr/syno/etc/certificate/system/default/privkey.pem

Hello Mr.bean wants you access to the repository, can one make a commit, with information about certificates that I have published?

[Alderaaan]

Hi, Any news about this compilation ? GateOne is very powerful software I think it should be fixed.
Tks a lot.

[Oxize]

Guess Synology doesnt wanna change their path stuff. I think the solution have to come from someone out of SynoCommunity. Were almost 6 months further.

I tried running the package as root, but cant still start the package. Still hope someone can look into this and get gateone working again.

@kanjusei : did you get gateone working?

[joshlawless]

A workaround that I used to get the package functioning was to edit the start-stop-status script (located in /var/packages/gateone/scripts/) to comment out the line that attempts to copy the certificate into the SSL folder (i.e., put a # in front of this line in the function start_daemon():
cp /usr/syno/etc/ssl/ssl.crt/server.crt /usr/syno/etc/ssl/ssl.key/server.key ${INSTALL_DIR}/ssl/

then I manually copied the ssl certificates from the system location into the folder gateone is looking for them:

cp /usr/syno/etc/certificate/system/default/cert.pem /usr/local/gateone/ssl/server.crt
cp /usr/syno/etc/certificate/system/default/privkey.pem /usr/local/gateone/ssl/server.key

Alternatively, you could edit the start-stop-status script to replace the cp command with one that looks in the right place (and renames appropriately). I don't really know how git works very well, but I've attempted to create a pull request that does this: #2504

[Oxize]

@joshlawless: Got the Gateone running also now with your workaround. But i cant access the Gateone webinterface on 8271.

Edit, it worked before i uninstalled it. Used your code again, but now it doesnt start anymore. Sigh :(

Where can i package config file after its being downloaded? Package center says port 8271 is being used. Gateone cant be installed.

@joshlawless: Where does write gateone his port information? \etc.. ? (which file)

Nevermind found the gateone.sc file under /usr/local/etc/services.d

[Oxize]

Another try

• Uninstalled Gateone
• Installed Gateone
• Blocked the old certficate copy line.
• copied certificates to new location as stated above.
• Tried starting running the service; It doesnt start
• Nothing get logged (gateone.startup.log is empty).

Any other possible fixes to get it started or to see where it fails?

[ujle]

I also got this issue after upgrading to DSM6 some weeks ago. Finally I found some time to have a closer look - and now fixed it on my DS214play running 6.0.2-8451 Update 1.

This is what i did:

• uninstalled all Python and GateOne packages
• fresh install of GateOne (including automated installation of 2.7.11-15 synocommunity Python)
• copied certifificates as mentioned above

Then installed/upgraded some (whyever) missing python packages using:
$ sudo /usr/local/python/bin/pip install html5lib tornado

And after doing another
$ sudo /var/packages/gateone/scripts/start-stop-status start

GateOne is alive again :-)

addendum: changes survived upgrade to 6.0.2-8451 Update 2.

[Oxize]

Thanks your awesome! That worked like a charm!

[tlc]

Should a 5 step work-around close this issue?

[Oxize]

Why should i leave it open? Nobody wants to make it compatible for DSM 6.0.

[cytec]

@Oxize @Dr-Bean and @GoodOmens83 are working on an global DSM6 fix... This is not something that should be done on a per package base but globally to provide DSM6 support for all Packages. feel free to join the discussion over here: #2345 or #2216 if you have something usefull... all of this was already stated by @Dr-Bean here: #2340 (comment)

[UglyAnimal]

@ujle Your method didn't work for me. But i find a workaround. Just need to edit a few strings:

start_daemon ()
{
    # Copy certificate
#    cp /usr/syno/etc/ssl/ssl.crt/server.crt /usr/syno/etc/ssl/ssl.key/server.key ${INSTALL_DIR}/ssl/
#    chown ${USER} ${INSTALL_DIR}/ssl/*

#    su ${USER} -c "PATH=${PATH} nohup ${PYTHON} ${GATEONE} --settings_dir=${SETTINGS_DIR} > ${INSTALL_DIR}/var/gateone_startup.log &"

sudo -u ${USER} /bin/sh -c "PATH=${PATH} nohup ${PYTHON} ${GATEONE} --settings_dir=${SETTINGS_DIR} > ${INSTALL_DIR}/var/gateone_startup.log &"

}

stop_daemon ()
{
#    su ${USER} -c "PATH=${PATH} ${PYTHON} ${GATEONE} --kill --settings_dir=${SETTINGS_DIR}"
sudo -u ${USER} /bin/sh -c "PATH=${PATH} ${PYTHON} ${GATEONE} --kill --settings_dir=${SETTINGS_DIR}"
 wait_for_status 1 20 || kill -9 `cat ${PID_FILE}`
    rm -f ${PID_FILE}
}

[strikekat]

The above script modification worked great for me (thank you), but I had to leave the chown line uncommented to let gateone take control of the files. Otherwise, you'll get a bunch of non-obvious permission errors from Tornado when you attempt to access GateOne and the page won't load.

[danielesegato]

For me none of this worked.

the log in /usr/local/gateone/var/gateone_startup.log contains this:

/usr/local/gateone/env/bin/python: can't open file '/usr/local/gateone/env/bin/gateone': [Errno 2] No such file or directory

and if you look at the script this:

su ${USER} -c "PATH=${PATH} nohup ${PYTHON} ${GATEONE} \
       --settings_dir=${SETTINGS_DIR} > ${INSTALL_DIR}/var/gateone_startup.log &"

with these variables:

# Package
PACKAGE="gateone"
DNAME="GateOne"

# Others
INSTALL_DIR="/usr/local/${PACKAGE}"
PYTHON_DIR="/usr/local/python"
PATH="${INSTALL_DIR}/bin:${INSTALL_DIR}/env/bin:${PYTHON_DIR}/bin:${PATH}"
PYTHON="${INSTALL_DIR}/env/bin/python"
GATEONE="${INSTALL_DIR}/env/bin/gateone"
SETTINGS_DIR="${INSTALL_DIR}/var/conf.d"
PID_FILE="${INSTALL_DIR}/var/gateone.pid"
USER="gateone"

map to this:

su gateone -c "PATH=/usr/local/gateone/bin:/usr/local/gateone/env/bin:/usr/local/python/bin:${PATH} \
    nohup /usr/local/python/bin/python /usr/local/gateone/env/bin/gateone \
    --settings_dir=/usr/local/gateone/var/conf.d > /usr/local/gateone/var/gateone_startup.log &"

as you can see the actual command start python with python /usr/local/gateone/env/bin/gateone which is a file that doesn't exist

[danielesegato]

Post scriptum:

if I execute the start-stop script from root (after sudo -i) I get a permission denied on the su command but if I execute it with sudo /var/packages/gateone/scripts/start-stop-status start it execute just fine (just give the error stated above).

[tparvais]

is there a chance to have this problem solved in the coming days via a new package ? Tx

[bickycheese]

Joining in, +1 for a fix.

[Mickroz]

Joining too.

[flip111]

@ymartin59 problem arises with only admin user on system

[Hardtarget24]

About "missing icon", please follow instruction at https://www.synology.com/en-global/knowledgebase/DSM/help/DSM/AdminCenter/application_appprivilege
to grant non admin users to access applications.

as @flip111 just said, this issue is occurring for me, where I only had 1 account (and is a admin account). There's something else broken here.

This is on the latest version of DSM and I had never installed gateone before.

[m4tt075]

@Hardtarget24 , @flip111 : OK, might be related to recent DSM changes, but not sure. Could you please do the following:

1. ssh into your NAS as admin user (enter your root password)
2. sudo su - (enter root password again)
3. cd /usr/syno/synoman/webman/3rdparty
4. ls -l * <-- Please report the output here
5. cd gateone
6. cat config <-- Please report the output here

[paicl01]

@vletroye : I was trying to install your modified GateOne package on my DS216+II / DSM 6.2.1, but it was rejected. On your download page it is not listed for this particular Synology model, so I assume that this is the reason, that it is only made for particular models/architectures.

Do you plan to extend the available versions to other models? Or do you see another explanation for the fault?
Would be great to have it working, as there seems to be not other simple solution for getting SSH access from behind a firewall.

[vletroye]

Indeed, your DS216+II is a Braswell while my repackaging of GateOne was for the Avoton.

As I see that original package was made for apollolake avoton braswell broadwell broadwellnk bromolow cedarview denverton dockerx64 grantley kvmx64 x86 x86_64, I did publish a new version of my package.

Notice that I didn't test this package on any other architecture than mine... But as of now, you should see it available on my SSPK server for your DS216+II

V.

[Realmagnum]

Notice that I didn't test this package on any other architecture than mine... But as of now, you should see it available on my SSPK server for your DS216+II
https://github.com/vletroye/SynoPackages/blob/master/MODS%20GateOne/MODS_GateOne.spk

trying on DSM 6.1.3 Xpenology 3615xs intel i3-7100 apollolake.
"This package is not supported on this platform..."

[paicl01]

yes, I found now that it works and I can open a terminal window in the browser by directly typing the address:port.
There is no icon in the DSM windows, but that is a minor problem.
The bigger one for me is to set up a working configuration for access to GatOne via Nginx through a firewall.
I am struggling with a lot of hints on the web regarding configuration of certificates, sometime I will hopefully get this finished.
Again, thank you very much.

[vletroye]

Realmagnum, your firmware is 6.1.3. That's possibly the issue. The package is for a DSM >= 6.1-15047. No idea how DSM compare 6.1-15047 and 6.1.3 ?!

6.1-15047 is the minimal firmware specified in the original package.

V.

[flip111]

@m4tt075

lrwxrwxrwx 1 root root   37 Oct 25 06:13 AudioStation -> /var/packages/AudioStation/target/app
lrwxrwxrwx 1 root root   32 Oct 25 06:13 gateone -> /var/packages/gateone/target/app
lrwxrwxrwx 1 root root   33 Oct 25 06:13 LogCenter -> /var/packages/LogCenter/target/ui
lrwxrwxrwx 1 root root   37 Oct 25 06:13 OAuthService -> /var/packages/OAuthService/target/app
-rw-r--r-- 1 root root 3901 Jul  3 16:10 README
lrwxrwxrwx 1 root root   39 Oct 25 06:13 StorageAnalyzer -> /var/packages/StorageAnalyzer/target/ui
lrwxrwxrwx 1 root root   34 Oct 25 06:13 SynoFinder -> /var/packages/SynoFinder/target/ui
lrwxrwxrwx 1 root root   50 Oct 25 06:13 SynologyApplicationService -> /var/packages/SynologyApplicationService/target/ui
lrwxrwxrwx 1 root root   37 Oct 25 06:13 SynologyDrive -> /var/packages/SynologyDrive/target/ui
lrwxrwxrwx 1 root root   40 Oct 25 06:13 SynologyDrive-Drive -> /var/packages/SynologyDrive/target/drive
lrwxrwxrwx 1 root root   39 Oct 25 06:13 SynologyMoments -> /var/packages/SynologyMoments/target/ui
lrwxrwxrwx 1 root root   37 Oct 25 06:13 WebDAVServer -> /var/packages/WebDAVServer/target/app

{ ".url": { 
  "com.synocommunity.packages.gateone": {
    "title": "GateOne",
    "desc": "Gate One is an HTML5-powered terminal emulator and SSH client",
    "icon": "images/gateone-{0}.png",
    "type": "url",
    "protocol": "http",
    "port": "8271",
    "url": "/",
    "allUsers": true,
    "grantPrivilege": "all",
    "advanceGrantPrivilege": true
} } }

[flip111]

@vletroye directly connecting to port 8271 by browser works to show GateOne .. but i like it to be part of DSM. Not sure if it's a good idea to setup NAT for port 8271

[vletroye]

@flip111
I finally succeeded in upgrading my DSM to the latest version (DSM 6.2.1-23824 Update 1). And after reinstalling GateOne (my own package), I still see the icon in the menu....

Now, because the package Gate-one is using an "admin port", you have no choice but configure a NAT for that port, even if the "window" is embedded into the DSM. The embedding of the window is purely "aesthetic" ...

[flip111]

What's an "admin port"? Either gateone running on my DS connects from the DS to SSH on the DS in which case I don't need NAT. Or it opens the connection from my browser and connects to the ssh port on my DS. in which case I might just as well use my OS terminal to connect over SSH.

…

On Wed, Nov 21, 2018, 19:15 Valéry Letroye ***@***.*** wrote: @flip111 <https://github.com/flip111> I finally succeeded in upgrading my DSM to the latest version (DSM 6.2.1-23824 Update 1). And after reinstalling GateOne (my own package), I still see the icon in the menu.... Now, because the package Gate-one is using an "admin port", you have no choice but configure a NAT for that port, even if the "window" is embedded into the DSM. The embedding of the window is purely "aesthetic" ... — You are receiving this because you were mentioned. Reply to this email directly, view it on GitHub <#2340 (comment)>, or mute the thread <https://github.com/notifications/unsubscribe-auth/ACI_gN7sjSbGaAtiVN3Yocd1Ts8z5ohIks5uxaZngaJpZM4IkbWA> .

[vletroye]

The "adminport" of a package for Synology is the port on which the DSM will connect to get the Web interface. See doc here: https://originhelp.synology.com/developer-guide/synology_package/INFO_optional_fields.html : 'A package listens to a specific port to display its own UI. If the package is defined by a port, a link will be opened when the package is started.'

So, a NAT must be configured for that adminport.

Next, once you enter into the web interface of GateOne (via its adminport), all commands will be executed over SSH. But GateOne is not connecting over SSH from its web interface (client side). It's executing the commands from its backend (the part running on the DS). So there is no need to configure a NAT for the port used by SSH.

[flip111]

The "adminport" of a package for Synology is the port on which the DSM will connect to get the Web interface.

If it's DSM that is connecting to the package (which runs on another port) they are both on localhost and don't need NAT for the package-port.

[Realmagnum]

Realmagnum, your firmware is 6.1.3. That's possibly the issue. The package is for a DSM >= 6.1-15047. No idea how DSM compare 6.1-15047 and 6.1.3 ?!

my version - DSM 6.1.3-15152 Update 4

[vletroye]

@flip111 : the connection onto the admin port is made from the client (The web UI of DSM, running in the browser). You can verify that by opening the debug window of your Browser (F12).

[vletroye]

@Realmagnum : I am not sure how to configure the package to be compatible with 6.1.3-15152. Indeed, according to the documentation, the minimum version of DSM (os_min_ver) to run a package must be like X.Y-Z with X=DSM major number, Y=DSM minor number, Z=DSM build number

https://originhelp.synology.com/developer-guide/synology_package/INFO_necessary_fields.html

I would expect the package installer to be able to see that 6.1.3-15152 is higher than 6.1-15047. But I can't confirm that...

[m4tt075]

@flip111 The config file refers to protocol "http", but it should be "https". That's a bug and I can fix it. Not sure it fixes your problem as well though. Which NAS model and DSM version do you have? Let me know and I will build a test version for you.
While at it, I'd like to exclude another problem. Could you please enter into your DSM web-interface. Go into the System Control Center, scroll down and enter Permissions, click on Gateone and then edit. Please send a screenshot of what you get.

[flip111]

the connection onto the admin port is made from the client (The web UI of DSM, running in the browser). You can verify that by opening the debug window of your Browser (F12).

@vletroye
Ok when starting to try this package i wrongly assumed i would have to open only the DSM port. What is the benefit of using GateOne? With a strong password the security of SSH is strong enough so i can just as well open that port then and use my own terminal.

Let me know and I will build a test version for you.

@m4tt075
Ok since there are other people who don't have an icon i can do some testing and see what the problem is.
I have DS918+ with 6.2.1-23824 Update 1. What's System Control Center? I can't find this.

[m4tt075]

@flip111 Sorry, it's called "Control Panel" in English I believe. It is on the desktop, when you log into the web-interface of your NAS.

[flip111]

I searched my control panel for "permissions" the only thing that turned up was something about shared folders

…

On Wed, Nov 28, 2018, 18:39 m4tt075 ***@***.*** wrote: @flip111 <https://github.com/flip111> Sorry, it's called "Control Panel" in English I believe. It is on the desktop, when you log into the web-interface of your NAS. — You are receiving this because you were mentioned. Reply to this email directly, view it on GitHub <#2340 (comment)>, or mute the thread <https://github.com/notifications/unsubscribe-auth/ACI_gF1am85YVjP1B75H7h2aKhcy3iVEks5uzthrgaJpZM4IkbWA> .

[m4tt075]

argh Try "privileges", please...

[m4tt075]

@flip111 Here your apollolake test build:
https://www.dropbox.com/s/4rgz3bibwig69jx/gateone_apollolake-6.1_20171125-8.spk?dl=0
Thanks for testing!

[flip111]

@m4tt075 i checked it. Actually @vletroye suggested this before, but i forgot to get back to this comment when he asked 4 questions and i only answered 2 of them. So i saw a checkbox with my name unchecked and i checked it and the icon appeared.

problem arises with only admin user on system

I said this but it turns out not to be true, because Synology creates an admin user and guest user even though in the installation it asks the name of the admin user. So i was under the assumption that (because of the installation) the admin user was my user account.

[m4tt075]

@flip111 Thanks for reporting back. And glad that the solution was so straight-forward after all. I was seriously worried that Synology had changed intrinsics of their DSM system again. I'll PR the "https fix" and all should be fine. Thanks again for testing.

[m4tt075]

@ymartin59 ^^ FYI.

[paicl01]

after a few days of frustration, I was lucky and finally discovered the addtional knobs in the Synology Browser GUI which allow to open a GateOne terminal via the Nginx server of my Synology station, without going through nasty configuration files on the command line.
So it is now possible for me to connect from behind any Proxy server which allows https connections in the browser.
The first step to achieve this was the straightforward installation of @vletroye's package in the DSM package manager (which only needs python as additional package).
And the real trick is now to find the additional setting in the Setup Window for the Nginx Rules:

After adding these statements in the user-defined header, you open a browser window and connect to https://gateone.xxx.syyyt.eu using the address you defined before.
Et voily, the magic happens and the SSL terminal is established.
In my view, the only reason for this kind of terminal emulation is the fact that most proxies do not allow direct SSL connections. And now you can just ignore this restriction by tunneling through your browser, that's great!

[Floriszz]

@paicl01 I try to follow your tip. But although I have just like you the HSTS option NOT checkmarked, the browser(Chrome, Edge, FireFox) throws an the error 'Your connection is not private'. Under 'Advanced' it says; "You cannot visit gateone.MySynologyHomestationName.synology.me right now because the website uses HSTS." "MySynologyHomestationName" is a replacement of the real name of my synology NAS.