[Savannah-cvs] [328] SshAccess: Refresh some ssh information to be more current.

[bob]

Revision: 328
          
http://svn.sv.gnu.org/viewvc/?view=rev&root=administration&revision=328
Author:   rwp
Date:     2017-03-03 16:27:31 -0500 (Fri, 03 Mar 2017)
Log Message:
-----------
SshAccess: Refresh some ssh information to be more current.

Modified Paths:
--------------
    trunk/sviki/HomepageUpload.mdwn
    trunk/sviki/SshAccess.mdwn

Modified: trunk/sviki/HomepageUpload.mdwn
===================================================================
--- trunk/sviki/HomepageUpload.mdwn     2017-03-03 21:25:19 UTC (rev 327)
+++ trunk/sviki/HomepageUpload.mdwn     2017-03-03 21:27:31 UTC (rev 328)
@@ -22,7 +22,6 @@
 4.  Download the CVS HTML tree structure (substitute developername with
     your login and projectname with your project system name):
 
-        export CVS_RSH=ssh
         cvs -z3 -d:ext:address@hidden:/web/projectname co projectname
 
 5.  Then, in the directory \~/project/www/projectname, copy all the

Modified: trunk/sviki/SshAccess.mdwn
===================================================================
--- trunk/sviki/SshAccess.mdwn  2017-03-03 21:25:19 UTC (rev 327)
+++ trunk/sviki/SshAccess.mdwn  2017-03-03 21:27:31 UTC (rev 328)
@@ -13,29 +13,41 @@
 
 Debugging
 ---------
-Zeroth: if you just registered your ssh key a few minutes ago, please
-wait for an hour and try again.
 
-First: ssh != gpg.  GPG keys are not used for Savannah operations.  You
-have to create and register an ssh key.
+If you just registered your ssh key a few minutes ago, please wait for
+an hour and try again.  Many tasks are implemented by hourly cron jobs
+that scan for queued tasks every hour.
 
-Second: ssh access is relevant only for members of a given project,
-primarily to access the source and webpages repositories.  If you are
-not a project member, you can do anonymous checkouts, but not member
-checkouts using ssh; details on the various Source Code Manager pages.
+GPG keys are not used for Savannah operations.  We suggest you upload
+a GPG key because it is used by the FSF for file uploads elsewhere.
+But for version control repository access you have to create and
+register an ssh key.
 
+SSH access is allowed for registered members who are a member of at
+least one project.  If you are not a member of any project then you
+will need to use anonymous https access.
+
 Third: you can test whether the problem is with your ssh setup or
 something on Savannah by running:
 
-   ssh vcs.savannah.gnu.org
+   ssh cvs.savannah.gnu.org
 
-If you get a message "Permission denied", ssh is almost certainly set up
-improperly: to repeat, either your ssh key does not exist on your host,
-or is not registered on Savannah.  Running `ssh -vvv` might yield more
-clues.  (If, on the other hand, you get a human-written message from the
-host about "Interactive shell login is not allowed ...", that means the
-ssh connection succeeded and something else is awry.)
+If you get the following message:
 
+    You tried to execute: 
+    Sorry, you are not allowed to execute that command.
+    Connection to cvs.savannah.gnu.org closed.
+
+Then things are working okay for you.  That illustrates that the login
+was successful and the access security on the server prevented the action.
+
+If you fail an ssh login too many times in a short period of time then
+your IP address may be banned for a short time.  Currently this is
+implemented by fail2ban using the default six failures in one minute
+bans your IP for ten minutes.  This is only a temporary ban for ten
+minutes to rate limit hostile attacks.  Wait ten minutes and try
+again.
+
 Detailed version
 ----------------
 Usually, if you can't access your version control (= VC, that is, cvs,
@@ -53,9 +65,16 @@
 
     ssh-keygen
 
-It will ask you for a passphrase. Only this passphrase will be accepted
-for VC or scp authentication, not the Savannah password. The public key
-will be created in the file `~/.ssh/id_rsa.pub` by default.
+The public key will be created in the file `~/.ssh/id_rsa.pub` by
+default.  It will ask you for a passphrase.  This passphrase is used
+to encrypt your private key.  Only you knowing this passphrase will be
+able to decrypt your private key and therefore only you will be able
+to use your private key.  When using ssh for version control your
+passphrase is used locally by ssh.  Savannah is NOT sent this
+passphrase.  The passphrase decrypts your local ssh key which is used
+to authenticate your identity to the ssh daemon on Savannah.  Your
+Savannah web password is not used for version control access.  Only
+ssh is used for authenticated access for version control.
 
 You must register your public key on the "My Account Configuration:
 Change Authorized Keys" page
@@ -98,9 +117,15 @@
 `ssh-agent` may be already started for you (that's the case for most
 distros). Check its present using:
 
-    $ echo $SSH_AGENT_PID - $SSH_AUTH_SOCK
-    3536 - /tmp/keyring-6Q9l0p/ssh
+    $ ssh-add -l
+    2048 e4:ff:b0:0c:ec:93:66:29:49:7e:04:2b:fd:ba:bf:d9 $HOME/.ssh/id_rsa 
(RSA)
 
+If it says:
+
+    Could not open a connection to your authentication agent.
+
+Then your ssh-agent is not configured properly.  Fix that first.
+
 Once `ssh-agent` is started, you need to register your password using
 `ssh-add`: