[savannah-help-public] [sr #109210] I can't connect to my repository via ssh, but cvs can?

[Bob Proulx]

Follow-up Comment #4, sr #109210 (project administration):

After seeing your other ticket 109246 I wanted to ask here what the status of
this problem is for you. All okay now?

My summary of your problem report is that users are allowed to run version
control commands such as cvs commands (or svn or git or others) but are not
allowed general ssh shell access.  The vcs server is reserved for vcs commands
and not a command line host. That is why you can connect using cvs for a
version control command but not using ssh for a full shell. That is what the
error message is telling you.

It is sometimes useful for us to use command line ssh as a debugging tool just
the same. Because if it tells you that message then we know things about what
parts are working and what parts are not working. Making that useful for
debugging.

Because scp is part of ssh and uses ssh it uses ssh rsa keys not passwords.
Passwords are not used at Savananah. Instead ssh rsa keys are used. On your
client side your ssh rsa key will have a passphrase encrypting it. What you
have been entering into your client is your ssh rsa decryption passphrase to
unlock your ssh rsa key for authentication at Savannah. Savannah doesn't see
the passphrase in that case. Your ssh client sees the passphrase and uses it
to unlock the rsa key and then it sends the rsa key.  Savannah sees the rsa
key.

When you try to connect directly to vcs.savannah.gnu.org using ssh this first
challenges for an rsa "pubkey" key. Something wrong happened there because you
did not see the "Interactive shell login is not possible for security reasons.
VCS commands are allowed" message. Because you did not see that message we
suspect some problem with your ssh configuration. Therefore the request for
debug testing of it. However because cvs directly works I would simply stop
there now that you know command line access is not allowed. There was some
initial error but I don't think it is worth trying to figure it out. I looked
at your log of it and your rsa key was rejected which is the root cause of
that problem. I don't know why. Maybe there was a transient network failure on
the internal network between the vcs system and the database account server.
It is impossible to know after all of this time.

Meanwhile the original reason you were asking was:

> I was attempting to log in via ssh, so I can delete an empty directory which
used to contain a duplicate file. I needed to do this via ssh, since [cvs
can't remove empty directories]

That is simply a basic limitation of cvs. On the cvs server side of things
there is an Attic directory which holds deleted files.  That way the history
can be browsed. That way older tagged versions can be checked out. Otherwise
they couldn't be and people would no longer be able to check out older tagged
versions.

As the reference you cited notes the usual thing is to use the cvs update -P
option.  That tells cvs update to prune empty directories. Then in your local
copy they will not be present. I put that in my ~/.cvsrc file.

If you have something wrong with your repository that needs more than this
then please let us know. One of us will look at your repository and do
whatever needs to be done to it. That is fine. It is okay to ask us to help
you on the server side of things.

I am hoping this helps explain what is happening. Please let us know if you
have your problem solved or not. The ticket is still open on it.




    _______________________________________________________

Reply to this item at:

  <http://savannah.gnu.org/support/?109210>

_______________________________________________
  Message sent via/by Savannah
  http://savannah.gnu.org/