[Savannah-hackers] Re: suddenly lost CVS access to subversions.gnu.org

[Mathieu Roy]

Karl Fogel <address@hidden> said:

> Mathieu Roy <address@hidden> writes:
> > >    $ cat ~/.ssh/config
> > >    Protocol 2,1
> > >    Host cvs.red-bean.com
> > >     EscapeChar none
> > >     ForwardX11 no
> > >    Host subversions.gnu.org
> > >     Protocol 1
> > 
> > Normally it should work.
> > Please replace 
> > Host subversions.gnu.org by Host *gnu.org
> > 
> > and retry CVS connection.
> 
> Nope, still the same problem.  I get prompted for a password:
> 
>    $ echo $CVS_RSH
>    ssh
>    $ cd emacs-working-copy
>    $ cat CVS/Root
>    address@hidden:/cvsroot/emacs
>    $ cvs up
>    address@hidden's password: [*** try one password ***]
>    Permission denied, please try again.
>    address@hidden's password: [*** try a second password ***]
>    Permission denied, please try again.
>    address@hidden's password: [*** try a third password ***]
>    Permission denied (publickey,password,keyboard-interactive).
>    cvs [update aborted]: end of file from server \
>       (consult above messages if any)
>    $ cd ..
>    $ cvs -d :ext:address@hidden:/cvsroot/emacs co -d tmp emacs
>    address@hidden's password:   ^C ^C
>       cvs [checkout aborted]: received interrupt signal
>    $ cat ~/.ssh/config
>    Protocol 2,1
>    Host cvs.red-bean.com
>     EscapeChar none
>     ForwardX11 no
>    Host *.gnu.org
>     Protocol 1
>    $ 

I'm puzzled as we got
        Accepted rsa for kfogel from 65.42.95.175 port 37964
in the logs.

But


> 
> This is with OpenSSH in a relatively recent installation of Debian
> GNU/Linux.  Here's the out put of 'ssh -v -v -v sv.gnu.org' again,
> with "Host *.gnu.org" in my ~/.ssh/config:
> 
>    $ ssh -v -v -v sv.gnu.org
>    OpenSSH_3.0.2p1 Debian 1:3.0.2p1-8, SSH protocols 1.5/2.0, OpenSSL 
> 0x0090603f
>    debug1: Reading configuration data /home/kfogel/.ssh/config
>    debug1: Applying options for *.gnu.org
>    debug1: Reading configuration data /etc/ssh/ssh_config
>    debug1: Seeding random number generator
>    debug1: Rhosts Authentication disabled, originating port will not be 
> trusted.
>    debug1: restore_uid
>    debug1: ssh_connect: getuid 1000 geteuid 0 anon 1

Can you provide the content of /etc/ssh/ssh_config

>    debug1: Connecting to sv.gnu.org [199.232.41.3] port 22.
>    debug1: temporarily_use_uid: 1000/1000 (e=0)
>    debug1: restore_uid
>    debug1: temporarily_use_uid: 1000/1000 (e=0)
>    debug1: restore_uid
>    debug1: Connection established.
>    debug1: read PEM private key done: type DSA
>    debug1: read PEM private key done: type RSA
>    debug1: identity file /home/kfogel/.ssh/identity type 0

-> type 0 is what we are looking for

>    debug1: identity file /home/kfogel/.ssh/id_rsa type -1
>    debug3: Not a RSA1 key file /home/kfogel/.ssh/id_dsa.
>    debug2: key_type_from_name: unknown key type '-----BEGIN'
>    debug3: key_read: no key found
>    debug2: key_type_from_name: unknown key type 'Proc-Type:'
>    debug3: key_read: no key found
>    debug2: key_type_from_name: unknown key type 'DEK-Info:'
>    debug3: key_read: no key found
>    debug3: key_read: no space
>    debug3: key_read: no space
>    debug3: key_read: no space
>    debug3: key_read: no space
>    debug3: key_read: no space
>    debug3: key_read: no space
>    debug3: key_read: no space
>    debug3: key_read: no space
>    debug3: key_read: no space
>    debug3: key_read: no space
>    debug2: key_type_from_name: unknown key type '-----END'
>    debug3: key_read: no key found
>    debug1: identity file /home/kfogel/.ssh/id_dsa type 2
>    debug1: Remote protocol version 1.99, remote software version 
> OpenSSH_3.4p1 Debian 1:3.4p1-0.0woody1
>    debug1: match: OpenSSH_3.4p1 Debian 1:3.4p1-0.0woody1 pat ^OpenSSH
>    Enabling compatibility mode for protocol 2.0

-> protocol 2.0? 

>    debug1: Local version string SSH-2.0-OpenSSH_3.0.2p1 Debian 1:3.0.2p1-8
>    debug1: SSH2_MSG_KEXINIT sent
>    debug1: SSH2_MSG_KEXINIT received

-> idem

>    debug2: kex_parse_kexinit: 
> diffie-hellman-group-exchange-sha1,diffie-hellman-group1-sha1
>    debug2: kex_parse_kexinit: ssh-rsa,ssh-dss
>    debug2: kex_parse_kexinit: 
> aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour,aes192-cbc,aes256-cbc,rijndael128-cbc,rijndael192-cbc,rijndael256-cbc,address@hidden
>    debug2: kex_parse_kexinit: 
> aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour,aes192-cbc,aes256-cbc,rijndael128-cbc,rijndael192-cbc,rijndael256-cbc,address@hidden
>    debug2: kex_parse_kexinit: 
> hmac-md5,hmac-sha1,hmac-ripemd160,address@hidden,hmac-sha1-96,hmac-md5-96
>    debug2: kex_parse_kexinit: 
> hmac-md5,hmac-sha1,hmac-ripemd160,address@hidden,hmac-sha1-96,hmac-md5-96
>    debug2: kex_parse_kexinit: none
>    debug2: kex_parse_kexinit: none
>    debug2: kex_parse_kexinit: 
>    debug2: kex_parse_kexinit: 
>    debug2: kex_parse_kexinit: first_kex_follows 0 
>    debug2: kex_parse_kexinit: reserved 0 
>    debug2: kex_parse_kexinit: 
> diffie-hellman-group-exchange-sha1,diffie-hellman-group1-sha1
>    debug2: kex_parse_kexinit: ssh-rsa,ssh-dss
>    debug2: kex_parse_kexinit: 
> aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour,aes192-cbc,aes256-cbc,address@hidden
>    debug2: kex_parse_kexinit: 
> aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour,aes192-cbc,aes256-cbc,address@hidden
>    debug2: kex_parse_kexinit: 
> hmac-md5,hmac-sha1,hmac-ripemd160,address@hidden,hmac-sha1-96,hmac-md5-96
>    debug2: kex_parse_kexinit: 
> hmac-md5,hmac-sha1,hmac-ripemd160,address@hidden,hmac-sha1-96,hmac-md5-96
>    debug2: kex_parse_kexinit: none,zlib
>    debug2: kex_parse_kexinit: none,zlib
>    debug2: kex_parse_kexinit: 
>    debug2: kex_parse_kexinit: 
>    debug2: kex_parse_kexinit: first_kex_follows 0 
>    debug2: kex_parse_kexinit: reserved 0 
>    debug2: mac_init: found hmac-md5
>    debug1: kex: server->client aes128-cbc hmac-md5 none
>    debug2: mac_init: found hmac-md5
>    debug1: kex: client->server aes128-cbc hmac-md5 none
>    debug1: SSH2_MSG_KEX_DH_GEX_REQUEST sent
>    debug1: expecting SSH2_MSG_KEX_DH_GEX_GROUP
>    debug1: dh_gen_key: priv key bits set: 134/256
>    debug1: bits set: 1625/3191
>    debug1: SSH2_MSG_KEX_DH_GEX_INIT sent
>    debug1: expecting SSH2_MSG_KEX_DH_GEX_REPLY
>    debug3: check_host_in_hostfile: filename /home/kfogel/.ssh/known_hosts
>    debug2: key_type_from_name: unknown key type '1024'
>    debug3: key_read: no key found
>    debug3: check_host_in_hostfile: match line 149
>    debug3: check_host_in_hostfile: filename /home/kfogel/.ssh/known_hosts
>    debug2: key_type_from_name: unknown key type '1024'
>    debug3: key_read: no key found
>    debug3: check_host_in_hostfile: match line 149
>    debug1: Host 'sv.gnu.org' is known and matches the RSA host key.
>    debug1: Found key in /home/kfogel/.ssh/known_hosts:149

Authentication of the server is ok.


After that, your ssh does not try the rsa1 key (identity). 


Normally, you should get a
debug1: Trying RSA authentication with key '/home/xxx/.ssh/identity'



>    debug1: bits set: 1567/3191
>    debug1: ssh_rsa_verify: signature correct
>    debug1: kex_derive_keys
>    debug1: newkeys: mode 1
>    debug1: SSH2_MSG_NEWKEYS sent
>    debug1: waiting for SSH2_MSG_NEWKEYS
>    debug1: newkeys: mode 0
>    debug1: SSH2_MSG_NEWKEYS received
>    debug1: done: ssh_kex2.
>    debug1: send SSH2_MSG_SERVICE_REQUEST
>    debug1: service_accept: ssh-userauth
>    debug1: got SSH2_MSG_SERVICE_ACCEPT
>    debug1: authentications that can continue: 
> publickey,password,keyboard-interactive
>    debug3: start over, passed a different list 
> publickey,password,keyboard-interactive
>    debug3: preferred publickey,keyboard-interactive,password
>    debug3: authmethod_lookup publickey
>    debug3: remaining preferred: keyboard-interactive,password
>    debug3: authmethod_is_enabled publickey
>    debug1: next auth method to try is publickey
>    debug1: userauth_pubkey_agent: testing agent key .ssh/id_dsa
>    debug3: send_pubkey_test
>    debug2: we sent a publickey packet, wait for reply
>    debug1: authentications that can continue: 
> publickey,password,keyboard-interactive
>    debug3: clear_auth_state: key_free 0x8092878
>    debug2: userauth_pubkey_agent: no more keys
>    debug2: userauth_pubkey_agent: no message sent
>    debug1: try privkey: /home/kfogel/.ssh/id_rsa
>    debug3: no such identity: /home/kfogel/.ssh/id_rsa
>    debug1: try pubkey: /home/kfogel/.ssh/id_dsa
>    debug3: send_pubkey_test
>    debug2: we sent a publickey packet, wait for reply
>    debug1: authentications that can continue: 
> publickey,password,keyboard-interactive
>    debug2: userauth_pubkey_agent: no more keys
>    debug2: userauth_pubkey_agent: no message sent
>    debug2: we did not send a packet, disable method
>    debug3: authmethod_lookup keyboard-interactive
>    debug3: remaining preferred: password
>    debug3: authmethod_is_enabled keyboard-interactive
>    debug1: next auth method to try is keyboard-interactive
>    debug2: userauth_kbdint
>    debug2: we sent a keyboard-interactive packet, wait for reply
>    debug1: authentications that can continue: 
> publickey,password,keyboard-interactive
>    debug3: userauth_kbdint: disable: no info_req_seen
>    debug2: we did not send a packet, disable method
>    debug3: authmethod_lookup password
>    debug3: remaining preferred: 
>    debug3: authmethod_is_enabled password
>    debug1: next auth method to try is password
>    address@hidden's password: 
>       ^C ^C ^C  [on seeing the password prompt, I hit ^C to exit]
>    $ 
> 
> Any ideas?,

Does your connection with your rsa1 keys (identity) works somewhere
else?
Maybe an explanation is in /etc/ssh/ssh_config

Regards,

-- 
Mathieu Roy
 
 << Profile  << http://savannah.gnu.org/users/yeupou <<
 >> Homepage >> http://yeupou.coleumes.org           >>
 << GPG Key  << http://stock.coleumes.org/gpg        <<