savannah-hackers
[Top][All Lists]
Advanced
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Savannah-help-public] Problems logging in via ssh

From: Sylvain Beucler
Subject: Re: [Savannah-help-public] Problems logging in via ssh
Date: Wed, 21 May 2008 22:08:28 +0200
User-agent: Mutt/1.5.17+20080114 (2008-01-14) 
Hi,

Try:
  export CVS_RSH=ssh
before running CVS.

Your cvs is trying to use rsh instead of ssh for connection.

Nowadays most systems symlink 'rsh' to 'ssh' and the issue is solved
automatically, but apparently not in this version of osx.


Incidentally, option '-i' is an ssh (not cvs) option. If you need to
use it in combination with cvs, you need to use an ssh wrapper, but
that's another story :)

-- 
Sylvain

On Wed, May 21, 2008 at 12:04:07PM -0700, David Hill wrote:
> Hi Sylvain,
>
> Thanks for the fast reply.
>
> On May 21, 2008, at 10:42 AM, Sylvain Beucler wrote:
>
>> Hi,
>>
>> "Permission denied" means SSH couldn't find a key to match the one at
>> Savannah.
>>
>> "Connection refused" means you probably attempted to connect during a
>> server maintenance.
>>
>> The most likely cause of failure is that SSH doesn't know where to
>> find your private key. You can manually specify where your private key
>> is using the '-i' option for SSH. By default, SSH looks at
>> ~/.ssh/id_dsa and ~/.ssh/id_rsa .
>
> As I mentioned in my initial email, that's where they are.  Using the  
> '-i' option gave me a "cvs: invalid option -- i".  Both the 'man' pages 
> and Fogel & Bar (Open Source Development with CVS) seem to think it is an 
> obsolete option, but I shouldn't need it, since the keys are in the 
> default location -- right?
>
>>
>>
>> The reference documentation is here:
>> http://savannah.gnu.org/maintenance/SshAccess
>
> Thanks.  I had checked and used that.
>
>>
>>
>> To further diagnose your problem, please send us the output of these
>> commands in a terminal:
>>
>> cvs -t -d:ext:address@hidden/cvsroot/yourproject co  
>> yourproject
>> ssh -v address@hidden
>
> Here it is -- you'll notice that, with the second command,  
> authentication does eventually succeed (public key), and I bracketed the 
> session with two 'date' commands so you can figure out whether the 
> "Connection refused" on the first command was during server maintenance:
>
> [eldorado:~/.ssh] david% date
> Wed May 21 11:27:46 PDT 2008
> [eldorado:~/.ssh] david% cvs -t -d:ext:address@hidden/ 
> cvsroot/gnuspeech co gnuspeech
>  -> main loop with CVSROOT=:ext:address@hidden/ 
> cvsroot/gnuspeech
>  -> safe_location( where=(null) )
>  -> Starting server: rsh -l davidhill cvs.savannah.gnu.org cvs server
> cvs.savannah.gnu.org: Connection refused
> cvs [checkout aborted]: end of file from server (consult above messages 
> if any)
>  -> Lock_Cleanup()
> [eldorado:~/.ssh] david% ssh -v address@hidden
> OpenSSH_4.7p1, OpenSSL 0.9.7l 28 Sep 2006
> debug1: Reading configuration data /Users/david/.ssh/config
> debug1: Reading configuration data /etc/ssh_config
> debug1: Connecting to cvs.savannah.gnu.org [199.232.41.69] port 22.
> debug1: Connection established.
> debug1: identity file /Users/david/.ssh/id_rsa type -1
> debug1: identity file /Users/david/.ssh/id_dsa type 2
> debug1: Remote protocol version 2.0, remote software version  
> OpenSSH_4.3p2 Debian-9etch2
> debug1: match: OpenSSH_4.3p2 Debian-9etch2 pat OpenSSH*
> debug1: Enabling compatibility mode for protocol 2.0
> debug1: Local version string SSH-2.0-OpenSSH_4.7
> debug1: Miscellaneous failure
> No credentials cache found
>
> debug1: Miscellaneous failure
> No credentials cache found
>
> debug1: SSH2_MSG_KEXINIT sent
> debug1: SSH2_MSG_KEXINIT received
> debug1: kex: server->client aes128-cbc hmac-md5 none
> debug1: kex: client->server aes128-cbc hmac-md5 none
> debug1: SSH2_MSG_KEX_DH_GEX_REQUEST(1024<1024<8192) sent
> debug1: expecting SSH2_MSG_KEX_DH_GEX_GROUP
> debug1: SSH2_MSG_KEX_DH_GEX_INIT sent
> debug1: expecting SSH2_MSG_KEX_DH_GEX_REPLY
> The authenticity of host 'cvs.savannah.gnu.org (199.232.41.69)' can't be 
> established.
> RSA key fingerprint is 80:5a:b0:0c:ec:93:66:29:49:7e:04:2b:fd:ba:2c:d5.
> Are you sure you want to continue connecting (yes/no)? yes
> Warning: Permanently added 'cvs.savannah.gnu.org' (RSA) to the list of 
> known hosts.
> debug1: ssh_rsa_verify: signature correct
> debug1: SSH2_MSG_NEWKEYS sent
> debug1: expecting SSH2_MSG_NEWKEYS
> debug1: SSH2_MSG_NEWKEYS received
> debug1: SSH2_MSG_SERVICE_REQUEST sent
> debug1: SSH2_MSG_SERVICE_ACCEPT received
> debug1: Authentications that can continue: publickey
> debug1: Next authentication method: publickey
> debug1: Trying private key: /Users/david/.ssh/id_rsa
> debug1: Offering public key: /Users/david/.ssh/id_dsa
> debug1: Server accepts key: pkalg ssh-dss blen 433
> debug1: PEM_read_PrivateKey failed
> debug1: read PEM private key done: type <unknown>
> Enter passphrase for key '/Users/david/.ssh/id_dsa':
> debug1: read PEM private key done: type DSA
> debug1: Authentication succeeded (publickey).
> debug1: channel 0: new [client-session]
> debug1: Entering interactive session.
> You tried to execute:
> Sorry, you are not allowed to execute that command.
> debug1: client_input_channel_req: channel 0 rtype exit-status reply 0
> debug1: channel 0: free: client-session, nchannels 1
> Connection to cvs.savannah.gnu.org closed.
> debug1: Transferred: stdin 0, stdout 0, stderr 44 bytes in 0.5 seconds
> debug1: Bytes per second: stdin 0.0, stdout 0.0, stderr 97.2
> debug1: Exit status 1
> [eldorado:~/.ssh] david% date
> Wed May 21 11:30:16 PDT 2008
> [eldorado:~/.ssh] david%
>
> ---------
>
> Thanks for your help.
>
> david
> -----
> David Hill
> address@hidden
> http://savannah.gnu.org/projects/gnuspeech
> --------
>  The only function of economic forecasting is to make astrology look
> respectable. (J.K. Galbraith)
> --------
>
>
>>
>>
>> Cheers!
>>
>> -- 
>> Sylvain
>>
>> On Tue, May 20, 2008 at 11:59:45AM -0700, David Hill wrote:
>>> Hi people,
>>>
>>> I am the administrator for the "gnuspeech" project.  I have had  
>>> problems
>>> logging into the gnu webcvs pages and the repository for quite some 
>>> time
>>> now and have tried various measures including changing my keys (the 
>>> most
>>> recent change being yesterday, May 19 2008) and updating my account 
>>> keys
>>> to correspond.  I have checked there are no line feeds in my  
>>> registered
>>> ssh key and I have made sure 'cvs.sv.gnu.org' (RSA)  has been added
>>> correctly  to the list of known hosts .  The entry reads:
>>>
>>> --------
>>> cvs.sv.gnu.org ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAIEAzFQovi+67xa
>>> +wymRz9u3plx0ntQnELBoNU4SCl3RkwSFZkrZsRTC0fTpOKatQNs1r/
>>> BLFoVt21oVFwIXVevGQwB+Lf0Z+5w9qwVAQNu/YUAFHBPTqBze4wYK/
>>> gSWqQOLoj7rOhZk0xtAS6USqcfKdzMdRWgeuZ550P6gSzEHfv0=
>>> --------
>>>
>>> I believe I have checked the most current documentation carefully,  
>>> but
>>> such a process is notoriously prone to wishful thinking :-(
>>>
>>> Whether going directly from the command line, or using MacCvsX I get 
>>> the
>>> same "Permission denied (publickey)" or "Connection refused" errors 
>>> as in
>>> the following copied transactions from the MacCvsX console window and
>>> terminal window:
>>>
>>> MacCvsX console
>>> -------
>>> cvs -d :ext:address@hidden:/webcvs/gnuspeech checkout --
>>> cvs.sv.gnu.org:/webcvs/gnuspeech (in directory /Users/david/ 
>>> gnuspeech/
>>> www/)
>>> Permission denied (publickey).
>>>
>>> cvsnt [checkout aborted]: end of file from server (consult above
>>> messages if any)
>>>
>>> ***** CVS exited normally with code 1 *****
>>> -----
>>>
>>> Terminal window:
>>> -------
>>> [eldorado:~/gnuspeech/www/software] david% cvs -z3 -
>>> d:ext:address@hidden:/webcvs/gnuspeech co gnuspeech
>>> cvs.savannah.gnu.org: Connection refused
>>> cvs [checkout aborted]: end of file from server (consult above  
>>> messages
>>> if any)
>>> [eldorado:~/gnuspeech/www/software] david%
>>> --------
>>>
>>> the "software" directory contains:
>>>
>>> ------
>>> [eldorado:~/gnuspeech/www/software] david% ls
>>> CVS             gnuspeech
>>> [eldorado:~/gnuspeech/www/software] david%
>>> ------
>>>
>>> My ~/.ssh directory contains:
>>>
>>> ------
>>> [eldorado:~/.ssh] david% ls
>>> config          id_dsa.pub      identity.pub
>>> id_dsa          identity        known_hosts
>>> [eldorado:~/.ssh] david%
>>> ------
>>>
>>> The ssh dsa keys are in the "id_dsa*" files, not in the "identity*"
>>> files.  The config file contains "Protocol 2"
>>>
>>> Long experience tells me that the problem is something *I* am doing
>>> wrong or missing, but I don't see it, and am therefore checking with 
>>> you
>>> on the off-chance that something has changed, or some kind of block 
>>> has
>>> been placed on my access.  If there are no changes or blocks, and  
>>> you can
>>> spot my error, that would be very helpful too.
>>>
>>> I am using the standard Openssh that comes with the Mac, dated  
>>> February
>>> 26 2008, though I believe there was an update to Openssh to deal  
>>> with a
>>> vulnerability as recently as last month.  It has not made it to my
>>> machine so far.
>>>
>>> Many thanks in anticipation of your help --  I hope I have provided 
>>> all
>>> the information you may need for this.
>>>
>>> david
>>> ------
>>> David Hill
>>> address@hidden
>>> http://savannah.gnu.org/projects/gnuspeech
>>> --------
>>>  The only function of economic forecasting is to make astrology look
>>> respectable. (J.K. Galbraith)
>>> --------
>>
>
reply via email to
[Prev in Thread] Current Thread [Next in Thread]