[Savannah-hackers] Re: [ 101401 ] SSH connection is dropped (fwd)

[Mathieu Roy]

Hi, 

Pavel is right, my answer is boring. I completely missed the
point. Please accept my apologizes. I rode it to fastly and only
checked the ssh output, that seemed fine to me:

> debug1: Trying RSA authentication with key
> '/home/tmphome/proski/.ssh/identity'
> debug1: Received RSA challenge from server.
> debug1: Sending response to host key RSA challenge.
> debug1: Remote: RSA authentication accepted.
> debug1: RSA authentication accepted by server.

Without re-reading the beginning of the mail, I thought that Pavel was
trying to access the server on an another way that normal user should
do, as GNU project leaders sometimes try to do (and may need to).

The fact is I spent almost 11 hours today to finish to work on
somekind of public speech I have to do tomorrow and I'm pretty
tired. And in this state of mind, it happens that I squish some part
of what I read -that's bad, I know- andusually focus on the
debug output and not on the first line of a support request.



Concerning you problem, here is the trouble log :

 cat /var/log/auth.log* | grep proski
Oct 15 11:31:34 subversions PAM_unix[31958]: authentication failure; (uid=0) -> 
proski for ssh service
Oct 15 11:31:36 subversions sshd[31958]: Failed password for proski from 
135.207.19.174 port 32930 ssh2
Oct 15 11:31:44 subversions sshd[31958]: Failed password for proski from 
135.207.19.174 port 32930 ssh2
Oct 15 11:31:44 subversions PAM_unix[31958]: 1 more authentication failure; 
(uid=0) -> proski for ssh service
Oct 15 11:36:27 subversions PAM_unix[32410]: authentication failure; (uid=0) -> 
proski for ssh service
Oct 15 11:36:29 subversions sshd[32410]: Failed password for proski
from 216.127.237.131 port 3158 ssh2

Have you waited from the next cron job, ~6 hours ?


Also, your demonstration about your cvs problem is 

> $ cvs -f -d
> :ext:address@hidden:/cvsroot/openap co .
> Connection to subversions.gnu.org closed by remote host.
> cvs [checkout aborted]: end of file from server
> (consult above messages if any)

http://savannah.nongnu.org/cvs/?group=openap

Why do you type :ext: before your developer name?

Regards,







Pavel Roskin <address@hidden> said:

> Hello!
> 
> According to https://savannah.nongnu.org/cvs/?group=openap, I should use
> cvs over ssh for read-write access.  I have reported (see below) that I
> cannot use cvs over ssh because ssh drops connection.  I have demonstrated
> how ssh drops connection when it's run with "cvs server" as the remote
> command, which is how cvs runs ssh.  I also have demonstrated how cvs
> fails when ssh drops connection.
> 
> The reply by address@hidden is unsatisfactory for the following 
> reasons:
> 
> 1) The reply says "Normal user can only use _cvs_ sftp rsync and scp over
> SSH", but ignores that fact that I have demonstrated that cvs over ssh
> fails.
> 
> 2) The reply ignores the first sentence of my request: "I cannot use CVS
> over ssh."
> 
> 3) The reply says "In any other case, connection is dropped", ignoring the
> fact that specifying "cvs server" on the ssh command line is not an "other
> case", it's exactly what cvs runs, except that cvs doesn't add "-v" flag,
> which I added to demonstrate that the problem is not with authentication.
> 
> I have read the reply several times and I strongly believe that its author
> didn't take time to read and understand my request.  I understand that
> your time is limited, but this attitude is much more frustrating than a
> late, but competent reply.
> 
> I wrote to address@hidden before and didn't get any answer.  I
> wrote to address@hidden and got an answer that I should contact
> address@hidden  My request in "Support Manager" has been
> answered the same day, but I leave you to judge if it can be called and
> answer.
> 
> In case it's still not clear, I need ssh access to savannah.gnu.org _only_
> for read-write access to the projects I'm authorized to access.  If (and
> only if) the people who are supposed to give me that access are unable to
> do it, then I want any other way to access cvs repository for writing,
> such as unrestricted ssh access to subversions.gnu.org or Kerberos or
> anything else.
> 
> -- 
> Regards,
> Pavel Roskin
> 
> ---------- Forwarded message ----------
> Date: Tue, 15 Oct 2002 16:15:34 -0400
> From: address@hidden
> To: address@hidden, address@hidden, address@hidden
> Subject: [ 101401 ] SSH connection is dropped
> 
> Support Request #101401, was updated on 2002-Oct-15 17:46
> You can respond by visiting: 
> http://savannah.gnu.org/support/?func=detailsupport&support_id=101401&group_id=11
> 
> Category: SSH Connection
> Status: Closed
> Priority: 5
> Summary: SSH connection is dropped
> 
> By: yeupou
> Date: 2002-Oct-15 22:15
> Logged In: YES 
> user_id=1896
> Browser: Mozilla/5.0 Galeon/1.2.5 (X11 ; GNU / Linux 2.4.18-3custom i686 ; 
> fr_FR)
> 
> Hi,
> 
> Normal user can only use cvs sftp rsync and scp over SSH.
> And normally, no other access is required to use Savannah,
> only for subversion administration.
> 
> In any other case, connection is dropped.
> 
> If there is a particular reason to give you privileges on
> subversion, please write a mail to address@hidden and
> address@hidden
> 
> ----------------------------------------------------------------------
> 
> By: proski
> Date: 2002-Oct-15 17:46
> Logged In: YES 
> user_id=118
> Browser: Mozilla/5.0 (compatible; MSIE 5.0; Windows 1984; Genuine Mozilla)
> 
> I cannot use CVS over ssh. It stopped working when GNU
> was cracked last time. I uploaded the new ssh1 key
> since then. The connection is closed as soon as ssh
> authenticates me:
> 
> $ ssh -1 -v subversions.gnu.org cvs server
> OpenSSH_3.4p1 Debian 1:3.4p1-0.0woody1, SSH protocols
> 1.5/2.0, OpenSSL 0x0090603f
> debug1: Reading configuration data /etc/ssh/ssh_config
> debug1: Rhosts Authentication disabled, originating
> port will not be trusted.
> debug1: ssh_connect: needpriv 0
> debug1: Connecting to subversions.gnu.org
> [199.232.41.2] port 22.
> debug1: Connection established.
> debug1: identity file
> /home/tmphome/proski/.ssh/identity type 0
> debug1: Remote protocol version 1.99, remote software
> version OpenSSH_3.4p1 Debian 1:3.4p1-0.0woody1
> debug1: match: OpenSSH_3.4p1 Debian 1:3.4p1-0.0woody1
> pat OpenSSH*
> debug1: Local version string SSH-1.5-OpenSSH_3.4p1
> Debian 1:3.4p1-0.0woody1
> debug1: Waiting for server public key.
> debug1: Received server public key (768 bits) and host
> key (1024 bits).
> debug1: Host 'subversions.gnu.org' is known and matches
> the RSA1 host key.
> debug1: Found key in
> /home/tmphome/proski/.ssh/known_hosts:2
> debug1: Encryption type: 3des
> debug1: Sent encrypted session key.
> debug1: cipher_init: set keylen (16 -> 32)
> debug1: cipher_init: set keylen (16 -> 32)
> debug1: Installing crc compensation attack detector.
> debug1: Received encrypted confirmation.
> debug1: Trying RSA authentication with key
> '/home/tmphome/proski/.ssh/identity'
> debug1: Received RSA challenge from server.
> debug1: Sending response to host key RSA challenge.
> debug1: Remote: RSA authentication accepted.
> debug1: RSA authentication accepted by server.
> debug1: Sending command: cvs server
> debug1: Entering interactive session.
> Connection to subversions.gnu.org closed by remote host.
> debug1: Transferred: stdin 0, stdout 0, stderr 58 bytes
> in 0.0 seconds
> debug1: Bytes per second: stdin 0.0, stdout 0.0, stderr
> 88141.2
> debug1: Exit status -1
> $
> 
> That's how it looks like when running cvs:
> 
> $ cvs -f -d
> :ext:address@hidden:/cvsroot/openap co .
> Connection to subversions.gnu.org closed by remote host.
> cvs [checkout aborted]: end of file from server
> (consult above messages if any)
> 
> I know that ssh authenticates me. Using a wrong 
> private key causes ssh to ask my password.
> 
> My username is "proski".  I tried ssh 3.4p1 on Red Hat
> 8.0 for Intal and on Debian for SPARC. I even tried it
> on fencepost.gnu.org, and it still didn't work.
> 
> ----------------------------------------------------------------------
> You can respond by visiting: 
> http://savannah.gnu.org/support/?func=detailsupport&support_id=101401&group_id=11

-- 
Mathieu Roy
 
 << Profile  << http://savannah.gnu.org/users/yeupou <<
 >> Homepage >> http://yeupou.coleumes.org           >>
 << GPG Key  << http://gpg.coleumes.org              <<