Comment #1 on issue 1750 by mountainmilk: Unable to dd svn+ssh repository when host requires rsa cert auth & disallows password auth
http://code.google.com/p/reviewboard/issues/detail?id=1750

I continued to work on this problem on my own for a bit and came up with some new findings:

I commented out the uper(SVNTool, cls).check_repository(path, username, password) line in check_repository function of svn.py. In doing so, reviewboard automatically adds the svn repo without checking first which involves use of paramiko and bypassing the publickey failure. Reviewing the reviewboard logs, I could see that the repository could successfully be connected to by reviewboard, although this time through pysvn.
The logs showed the following line:
2010-08-06 15:40:31,793 - DEBUG - SVN: Got repository information for svn+ssh://xxx.com/yyy: [('yyy', <PysvnInfo ”>)]

I then proceded by creating a test review to verify that reviewboard could fetch files from the repo. This was also a success: 2010-08-06 15:43:58,061 - DEBUG - Fetching file '/trunk/path/to/file/in/repo' r113 from repo took 0.831398 seconds

From here I decided to dig into the check_repository function of SVNTool as well as SSHUtils' check_host. The check_host function uses paramiko to verify the ssh connection to the server. This is where the public key authentication failure was originating from.

First I wanted to verify that I could connect with paramiko by itself. So I su'ed into wwwrun (the apache user) and used the python console and did the following commands:
python
import paramiko
client = paramiko.SSHClient()
client.set_missing_host_key_policy(paramiko.AutoAddPolicy())
client.connect('xxx.com',username=None,password=None)

I was able to successfully connect using this method.

After this started to try and figure out why paramiko was not working. I did a lot of modifications in the sshutils.py to try and separate out the problematic components. And at a later time I may try some new tests with a clean file again. One of the main things I was testing was the proper user. I used os.getguid to verify that the reviewboard was running as wwwrun and would therefore attempt to authenticate as this user with paramiko. This function returned the expected uid. However if one does the following:

import getpass
getpass.getuser()

It returns a different (wrong) user (at least in my case). To my understanding this function references the environment variables to get its return value. I'm not too familiar with paramiko, however, if it uses this function internally this could be part of the problem.

This made me think to try changing which private key I provided reviewboard with. So I gave reviewboard the private key of the user that was returned incorrectly by getpass.getuser().

This resulted in the following logs:
2010-08-07 01:55:52,859 - INFO - Authentication (publickey) successful!
2010-08-07 01:55:52,959 - DEBUG - EOF in transport thread
2010-08-07 01:55:53,138 - ERROR - SVN: Failed to get repository information for svn+ssh://xxx.com/path/to/repo: Network connection closed unexpectedly

The authentication was succesfully, meaning reviewboard (or paramiko) was trying to connect to the wrong user. I'm not sure why after this it reports that it failed to get the repository information.




--
You received this message because you are subscribed to the Google Groups 
"reviewboard-issues" group.
To post to this group, send email to reviewboard-iss...@googlegroups.com.
To unsubscribe from this group, send email to 
reviewboard-issues+unsubscr...@googlegroups.com.
For more options, visit this group at 
http://groups.google.com/group/reviewboard-issues?hl=en.

Reply via email to