Re: [Savannah-help-public] Problem with ssh access to git

[Sylvain Beucler]

Hi,

> Thanks.  That confirms that the ssh tunnel and my keys
> are not the problem, right?

Yes.


This reminds me of MTU networking issues - as soon as there's a big
enough packet, the connection hangs.

To precise what that means technically and give you a few keywords, I
usually need to add this to my router to work-around the problem:

  iptables -A FORWARD -p tcp --tcp-flags SYN,RST SYN -j TCPMSS -o ppp0 
--clamp-mss-to-pmtu

(I'm not able to explain the details)


It could be that either the ms woe routing, or your ISP, changed
something in the IP packet size recently, which triggers your problem
due to various NATing in your network route (Linux -> vmware -> woe ->
router -> isp -> inet).

I have no idea on how to fix that on ms woe though.  Probably you
could lookup "MTU" in a search engine and start from here.

Checking if the problem appears when running git from a LiveCD would
also help you diagnose where the culprit is.

-- 
Sylvain

On Sat, Feb 27, 2010 at 09:31:02AM -0000, Trevor Daniels wrote:
> 
> Sylvain, you wrote Saturday, February 27, 2010 7:12 AM
> 
> 
> >We do get logs of your connection:
> >
> >Feb 27 00:04:14 vcs-noshell sshd[17954]: Accepted publickey for
> >trevord from 86.138.108.87 port 55534 ssh2
> >Feb 27 00:04:14 vcs-noshell sshd[17954]: pam_env(sshd:setcred):
> >Unable to open env file: /etc/default/locale: No such file or
> >directory
> >Feb 27 00:04:14 vcs-noshell sshd[17954]: pam_unix(sshd:session):
> >session opened for user trevord by (uid=0)
> >Feb 27 00:22:01 vcs-noshell sshd[17954]: pam_env(sshd:setcred):
> >Unable to open env file: /etc/default/locale: No such file or
> >directory
> >Feb 27 00:22:01 vcs-noshell sshd[17954]: pam_unix(sshd:session):
> >session closed for user trevord
> >
> >(/etc/default/locale stuff can be ignored, but I just `touch`ed
> >the
> >file just in case)
> 
> Thanks.  That confirms that the ssh tunnel and my keys
> are not the problem, right?
> 
> >Your setup is a bit weird, they might be an issue with a recent MS
> >Woe
> >update, but that sounds far fetched.
> 
> Yes, but it used to work fine.  However, I did apply
> several security patches to Vista on 16 Feb, between
> it working and not working.  I've already examined
> these closely and uninstalled one that seemed to affect
> the TCP stack, to no avail.  The next step is maybe to
> uninstall them all one by one.
> 
> >Is there also a problem with other repositories?
> >e.g.
> > git clone ssh://address@hidden/srv/git/freedink.git
> 
> I tried this.  Interesting!  It got a little further.
> Here's what I did.  First, at c. 09:00 I tried
> $ git clone ssh://address@hidden/srv/git/lilypond.git
> which produced just
> >Initialized empty Git repository in
> >/home/trevor/testgit/lilypond/.git/
> and hung.  I chopped the session at around 09:05 and tried
> $ git clone ssh://address@hidden/srv/git/freedink.git
> This installed several directories and files, with console output:
> >Initialized empty Git repository in
> >/home/trevor/testgit/freedink/.git/
> >remote: Counting objects: 5272, done.
> >compressing objects:   8% (107/1329)
> and then hung.
> I tried again at 09:15.  This hung again while compressing
> but at 3% complete rather than 8%.
> Two more attempts also hung at 3% complete.
> 
> I'm not familiar with git clone processing.  Does this
> mean the download is complete?  Compressing sounds like
> it is an activity on my system.  Hhm.  Disk space??
> No, it's tight, but there is 1.5Gb free.
> 
> >If nothing works, I would suggest:
> >
> >- installing wireshark and analysing the network traffic for that
> > connection, just in case
> 
> OK, I'll investigate that.  Unless you suggest it
> now looks like I have a local problem.
> 
> >- contact the Git developers to try and understand the problem at
> >a
> > lower lowel
> 
> OK, as a last resort.  Thanks again for your help.
> 
> >Sylvain
> 
> Trevor
> 
> >
> >On Sat, Feb 27, 2010 at 12:26:18AM -0000, Trevor Daniels wrote:
> >>
> >>Sylvain, you wrote Friday, February 26, 2010 10:07 PM
> >>
> >>
> >>>I would suggest trying without relying on .ssh/config, and
> >>>making
> >>>sure
> >>>there's nothing weird in /etc/hosts.
> >>>
> >>>You should see something like this:
> >>>$ git clone ssh://address@hidden/srv/git/lilypond.git
> >>>Initialized empty Git repository in /tmp/lilypond/.git/
> >>>remote: Counting objects: 189704
> >>>Receiving objects:   7% (20118/287391), 3.83 MiB | 716 KiB/s
> >>
> >>OK, at 00:05 GMT on 27 Feb I tried
> >>$ git clone ssh://address@hidden/srv/git/lilypond.git
> >>
> >>I saw
> >>>Initialized empty Git repository in
> >>>/home/trevor/testgit/lilypond/.git/
> >>then nothing more.  No prompt even.  The session is still
> >>hanging 20 minutes later.  Rather strangely it doesn't time
> >>out.  I'll do nothing else at this time so the log at your
> >>end should be clearly related to this attempt.  Could you
> >>check if this connection was made successfully?
> >>
> >>>Aside from that I can see connections from you as lately as Feb
> >>>25
> >>>23:59:38.
> >>
> >>I think this might have been a
> >>$ ssh -v address@hidden
> >>command.  I tried that (with variations) two or three times
> >>around that time.  They all successfully connected although
> >>the session was immediately terminated of course.
> >>
> >>>What bandwidth do you have?
> >>
> >>I have a broadband connection, circa 1 Mb/s.  Not as fast
> >>as it should be as the wiring in my village is not very
> >>good.  In case it's relevant I'm using ubuntu running in
> >>a VM under VirtualBox within MS Vista Home Premium.  As
> >>I said earlier, this set-up has worked fine before.
> >>
> >>>Sylvain
> >>
> >>Thanks for helping - Trevor
> >>
> >>------------ history below
> >>
> >>>On Thu, Feb 25, 2010 at 09:00:46AM -0000, Trevor Daniels wrote:
> >>>>
> >>>>Sylvain Beucler wrote Thursday, February 25, 2010 7:03 AM
> >>>>>
> >>>>>This works for me.
> >>>>
> >>>>Yes, it seems to work for everyone else, but not for
> >>>>me.
> >>>>
> >>>>>I issued a 'git gc' just in case.
> >>>>
> >>>>Tried that.  No change.
> >>>>
> >>>>I've checked that the call set-up packet is getting
> >>>>to and through my router, and I've tried using nc.
> >>>>Still no luck.  I've now exhausted everything in the
> >>>>SshAccess page and I've run out of ideas.  What else
> >>>>can I try to diagnose this problem (described below)?
> >>>>
> >>>>Trevor
> >>>>
> >>>>>
> >>>>>On Thu, Feb 25, 2010 at 12:44:44AM -0000, Trevor Daniels
> >>>>>wrote:
> >>>>>>Hi
> >>>>>>
> >>>>>>I have been able to use ssh to pull and push to lilypond.git
> >>>>>>at
> >>>>>>199.232.41.69 for many months, but sometime between 8 Feb
> >>>>>>2010
> >>>>>>and
> >>>>>>16 Feb 2010 this stopped working with the attempt timing out.
> >>>>>>I've
> >>>>>>tried to resolve this by moving to 140.186.70.72, but I still
> >>>>>>cannot
> >>>>>>push or pull with ssh.  Here's what happens:
> >>>>>>
> >>>>>>$ ssh -v sv
> >>>>>>gives
> >>>>>>>...
> >>>>>>>debug1: Next authentication method: publickey
> >>>>>>>debug1: Offering public key: /home/trevor/.ssh/id_dsa
> >>>>>>>debug1: Server accepts key: pkalg ssh-dss blen 433
> >>>>>>>debug1: Authentication succeeded (publickey).
> >>>>>>>...
> >>>>>>so my key must be acceptable to savannah.
> >>>>>>
> >>>>>>Also
> >>>>>>$ git pull git://git.sv.gnu.org/lilypond.git master
> >>>>>>pulls correctly, so access to lilypond.git looks fine.
> >>>>>>
> >>>>>>But
> >>>>>>$ git pull ssh://sv/srv/git/lilypond.git master
> >>>>>>hangs, and
> >>>>>>$ git pull ssh://sv/lilypond.git master
> >>>>>>returns
> >>>>>>>fatal: '/lilypond.git' does not appear to be a git
> >>>>>>>repository
> >>>>>>>fatal: The remote end hung up unexpectedly
> >>>>>>
> >>>>>>My ssh config file contains
> >>>>>>
> >>>>>>IdentityFile ~/.ssh/id_dsa
> >>>>>>Host sv
> >>>>>>Hostname git.sv.gnu.org
> >>>>>>User trevord
> >>>>>>
> >>>>>>Can anyone suggest what I'm doing wrong?
> >>>>>>
> >>>>>>Trevor