[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[Savannah-cvs] [328] SshAccess: Refresh some ssh information to be more
From: |
bob |
Subject: |
[Savannah-cvs] [328] SshAccess: Refresh some ssh information to be more current. |
Date: |
Fri, 3 Mar 2017 16:29:39 -0500 (EST) |
Revision: 328
http://svn.sv.gnu.org/viewvc/?view=rev&root=administration&revision=328
Author: rwp
Date: 2017-03-03 16:27:31 -0500 (Fri, 03 Mar 2017)
Log Message:
-----------
SshAccess: Refresh some ssh information to be more current.
Modified Paths:
--------------
trunk/sviki/HomepageUpload.mdwn
trunk/sviki/SshAccess.mdwn
Modified: trunk/sviki/HomepageUpload.mdwn
===================================================================
--- trunk/sviki/HomepageUpload.mdwn 2017-03-03 21:25:19 UTC (rev 327)
+++ trunk/sviki/HomepageUpload.mdwn 2017-03-03 21:27:31 UTC (rev 328)
@@ -22,7 +22,6 @@
4. Download the CVS HTML tree structure (substitute developername with
your login and projectname with your project system name):
- export CVS_RSH=ssh
cvs -z3 -d:ext:address@hidden:/web/projectname co projectname
5. Then, in the directory \~/project/www/projectname, copy all the
Modified: trunk/sviki/SshAccess.mdwn
===================================================================
--- trunk/sviki/SshAccess.mdwn 2017-03-03 21:25:19 UTC (rev 327)
+++ trunk/sviki/SshAccess.mdwn 2017-03-03 21:27:31 UTC (rev 328)
@@ -13,29 +13,41 @@
Debugging
---------
-Zeroth: if you just registered your ssh key a few minutes ago, please
-wait for an hour and try again.
-First: ssh != gpg. GPG keys are not used for Savannah operations. You
-have to create and register an ssh key.
+If you just registered your ssh key a few minutes ago, please wait for
+an hour and try again. Many tasks are implemented by hourly cron jobs
+that scan for queued tasks every hour.
-Second: ssh access is relevant only for members of a given project,
-primarily to access the source and webpages repositories. If you are
-not a project member, you can do anonymous checkouts, but not member
-checkouts using ssh; details on the various Source Code Manager pages.
+GPG keys are not used for Savannah operations. We suggest you upload
+a GPG key because it is used by the FSF for file uploads elsewhere.
+But for version control repository access you have to create and
+register an ssh key.
+SSH access is allowed for registered members who are a member of at
+least one project. If you are not a member of any project then you
+will need to use anonymous https access.
+
Third: you can test whether the problem is with your ssh setup or
something on Savannah by running:
- ssh vcs.savannah.gnu.org
+ ssh cvs.savannah.gnu.org
-If you get a message "Permission denied", ssh is almost certainly set up
-improperly: to repeat, either your ssh key does not exist on your host,
-or is not registered on Savannah. Running `ssh -vvv` might yield more
-clues. (If, on the other hand, you get a human-written message from the
-host about "Interactive shell login is not allowed ...", that means the
-ssh connection succeeded and something else is awry.)
+If you get the following message:
+ You tried to execute:
+ Sorry, you are not allowed to execute that command.
+ Connection to cvs.savannah.gnu.org closed.
+
+Then things are working okay for you. That illustrates that the login
+was successful and the access security on the server prevented the action.
+
+If you fail an ssh login too many times in a short period of time then
+your IP address may be banned for a short time. Currently this is
+implemented by fail2ban using the default six failures in one minute
+bans your IP for ten minutes. This is only a temporary ban for ten
+minutes to rate limit hostile attacks. Wait ten minutes and try
+again.
+
Detailed version
----------------
Usually, if you can't access your version control (= VC, that is, cvs,
@@ -53,9 +65,16 @@
ssh-keygen
-It will ask you for a passphrase. Only this passphrase will be accepted
-for VC or scp authentication, not the Savannah password. The public key
-will be created in the file `~/.ssh/id_rsa.pub` by default.
+The public key will be created in the file `~/.ssh/id_rsa.pub` by
+default. It will ask you for a passphrase. This passphrase is used
+to encrypt your private key. Only you knowing this passphrase will be
+able to decrypt your private key and therefore only you will be able
+to use your private key. When using ssh for version control your
+passphrase is used locally by ssh. Savannah is NOT sent this
+passphrase. The passphrase decrypts your local ssh key which is used
+to authenticate your identity to the ssh daemon on Savannah. Your
+Savannah web password is not used for version control access. Only
+ssh is used for authenticated access for version control.
You must register your public key on the "My Account Configuration:
Change Authorized Keys" page
@@ -98,9 +117,15 @@
`ssh-agent` may be already started for you (that's the case for most
distros). Check its present using:
- $ echo $SSH_AGENT_PID - $SSH_AUTH_SOCK
- 3536 - /tmp/keyring-6Q9l0p/ssh
+ $ ssh-add -l
+ 2048 e4:ff:b0:0c:ec:93:66:29:49:7e:04:2b:fd:ba:bf:d9 $HOME/.ssh/id_rsa
(RSA)
+If it says:
+
+ Could not open a connection to your authentication agent.
+
+Then your ssh-agent is not configured properly. Fix that first.
+
Once `ssh-agent` is started, you need to register your password using
`ssh-add`:
[Prev in Thread] |
Current Thread |
[Next in Thread] |
- [Savannah-cvs] [328] SshAccess: Refresh some ssh information to be more current.,
bob <=