Hi, Thanks for explaining what went wrong - and how to fix it :)
Would you like to add explanations for people with the same problem in the Savannah wiki, for example at http://savannah.gnu.org/maintenance/SshAccess ? -- Sylvain On Tue, Jul 29, 2008 at 10:47:20AM +0100, Peter Hoppe wrote: > Hi, > > this message is just for information purposes. > > I had problems accessing the project's cvs repository using ssh. I am member > of the resp. project, so I have a valid > savannah account. I also had uploaded my public ssh key to the savannah > website and an ssh test session showed that the > savannah cvs server accepted my login credentials. > > The problem turned out to be that I am located behind a D-Link ADSL router > (which is a NAT router) plus using OpenSSH. > OpenSSH sets the 'type of service' field in the IP datagram after the > password has been given; some routers are known to > choke on that (my D-Link ADSL router is amongst them), so the session hangs > after the password has been given: > > > [EMAIL PROTECTED]:~$ ssh -vvv [EMAIL PROTECTED] > > OpenSSH_4.7p1 Debian-8ubuntu1.2, OpenSSL 0.9.8g 19 Oct 2007 > > debug1: Reading configuration data /etc/ssh/ssh_config > > [...] > > Enter passphrase for key '/home/peter/.ssh/id_dsa': > > debug1: read PEM private key done: type DSA > > debug1: Authentication succeeded (publickey). > > [...] > > debug2: fd 5 setting TCP_NODELAY > > debug2: callback done > > debug2: channel 0: open confirm rwindow 0 rmax 32768 > > and from here on the session hangs. > > > The fix is to make ssh send all its traffic via netcat. netcat won't set the > TOS field. Therefore, add a directive to > the ssh config file '~/.ssh/config' (or, if that file doesn't exist, create > it): > > > ProxyCommand nc %h %p > > > I set up my own ssh config file (/home/peter/.ssh/config), and it looks like > this: > > > # This is the ssh client user configuration file. See > > # ssh_config(5) for more information. This file provides defaults for > > # this user, and the values can be changed on the command line. > > > > # Configuration data is parsed as follows: > > # 1. command line options > > # 2. user-specific file > > # 3. system-wide file > > # Any configuration value is only changed the first time it is set. > > # Thus, host-specific definitions should be at the beginning of the > > # configuration file, and defaults at the end. > > > > # Directive to overcome TOS issue with our D-Link NAT router. During > > session setup, OpenSSH sets the TOS > > # (type of service) field after the user has submitted the password. Some > > routers are known to choke on this, > > # with the result that the session hangs during buildup. > > # As workaround we send our traffic via netcat which doesn't set the TOS > > field. > > ProxyCommand nc %h %p > > With this config file I was able to perform a cvs checkout from the project > repository via ssh. > > Obviously, the developer needs to install netcat on his/her machine. To test > whether it's installed, one can type > > > which nc > > on the command line shell. If that command yields something like '/bin/nc/' > then most likely netcat is installed. If > nothing is returned then netcat isn't installed. > > I hope this helps any poor developer who sits behind one of those NAT routers > and cannot access the Savannah cvs > repositories using ssh. > > P > > -- > Fame is probably the second most dangerous occupation after working in a coal > mine > - Moby
