Re: [fossil-users] ForceCommand SSH key with fossil?
Thus said Rene on Sun, 30 Jun 2013 16:07:44 +0200: It could be an alternative way. But the urlShell seems to be much easier! Thanks, I actually looked at urlShell, but it didn't seem right, or was confusing, or both. I've actually made some progress in getting the fossil client to integrate better with SSH, and believe to have also succeeded in preserving backwards compatibility with older fossil servers, while deprecating urlShell at the same time. I have run into an authentication snag, however, that I have not yet been able to resolve: $ /usr/local/bin/fossil ver This is fossil version 1.22 [5dd5d39e7c] 2012-03-19 12:45:47 UTC $ /home/amb/bin/fossil ver This is fossil version 1.26 [c9cb6e7293] 2013-06-18 21:09:23 UTC The latter has the modifications I've made which allow one to easily integrate with SSH (without having any shell dependencies on the remote system). Specifically, transport_ssh_startup() is no longer needed and can be removed. The URL path is used to construct the SSH command (as seen in the output below) in transport_global_startup(). Here is an example: $ /home/amb/bin/fossil clone ssh://amb@localhost//tmp/test.fossil test.fossil ssh -e none -T amb@localhost fossil http /tmp/test.fossil amb@localhost's password: sent: 0 received: 0 Round-trips: 1 Artifacts sent: 0 received: 7 ssh -e none -T amb@localhost fossil http /tmp/test.fossil amb@localhost's password: sent: 0 received: 7 Round-trips: 2 Artifacts sent: 0 received: 8 Clone finished with 487 bytes sent, 1977 bytes received Rebuilding repository meta-data... 100.0% complete... project-id: e5619492ebdf0bf2dddf419544f3ccd230293ab1 admin-user: amb (password is 1afa92) Great, it works for cloning (after entering my SSH password). It also works with restricted force command SSH keys (note that the server that the SSH key dictates is running version 1.22). Also note that I attempted to request /tmp/another.fossil but the server forced me to fetch /tmp/test.fossil (as per SSH force command): $ grep fossil /home/amb/.ssh/authorized_keys command=/usr/local/bin/fossil http /tmp/test.fossil ssh-rsa B3NzaC1yc2EDAQABAAABAQDqKI393xubO69Rs+Y6fbnxDpAgX5kTe31qWepFyfu08wxNj5iX57vNIYFIcC7bwKW4EHMakuEIYr2eDzXl3e1pXLzteFESISaZkXrmspNIMRh4oW/3LqV+pGXfimA//YlmbJOMzEHerSCTi+QG0O6LNyvjlZgJmP8dJgc0ktzw6nAVcpdFxwoNa+tQJb+g7wLHGRCsl9uvf6rfdzXVUm/tAtD/TyPITU7Ni2q7aTm/m8YKsXDUif91UP9XUH8phwwEucQa3MagtIcmUKJzrkuwHT+rr2K/0W8vpjO3iq3g7ejONqaTfqEW2Rc5uydYsc1B5IjsmPm0bVkbB3B6ZBxF amb $ /home/amb/bin/fossil clone ssh://amb@localhost//tmp/another.fossil test.fossil ssh -e none -T amb@localhost fossil http /tmp/another.fossil Round-trips: 1 Artifacts sent: 0 received: 7 ssh -e none -T amb@localhost fossil http /tmp/another.fossil Round-trips: 2 Artifacts sent: 0 received: 8 Clone finished with 495 bytes sent, 1976 bytes received Rebuilding repository meta-data... 100.0% complete... project-id: e5619492ebdf0bf2dddf419544f3ccd230293ab1 admin-user: amb (password is 7ea596) $ ls -l test.fossil /tmp/*.fossil -rw-r--r-- 1 amb wheel 58368 Jul 1 00:00 /tmp/another.fossil -rw-r--r-- 1 amb wheel 60416 Jun 30 18:29 /tmp/test.fossil -rw-r--r-- 1 amb amb60416 Jul 1 00:19 test.fossil Now, on to the snag... I can open the cloned repository and commit changes, but autosync failes due to authorization problems. I'm not really sure why this doesn't work (the changes I've made are fairly trivial and I fail to see how they even affect authorization): $ f op test.fossil file ... $ f ci -m new Autosync: ssh://amb@localhost//tmp/test.fossil ssh -e none -T amb@localhost fossil http /tmp/test.fossil Round-trips: 1 Artifacts sent: 0 received: 0 Pull finished with 292 bytes sent, 433 bytes received New_Version: 7934407cf95c5936eb460a5ce3d166123dbcbdc7 Autosync: ssh://amb@localhost//tmp/test.fossil ssh -e none -T amb@localhost fossil http /tmp/test.fossil Round-trips: 1 Artifacts sent: 2 received: 0 Error: not authorized to write Round-trips: 1 Artifacts sent: 2 received: 0 Sync finished with 633 bytes sent, 465 bytes received Autosync failed I don't understand why it thinks my user account is not authorized to write. It has read/write access to the file. Is there something else that is missing? Any pointers? A patch follows with the changes I've made (needs a little clean up in actually outputting the newly added options in usage statements): diff -ur fossil-src-20130618210923.orig/src/clone.c fossil-src-20130618210923/src/clone.c --- fossil-src-20130618210923.orig/src/clone.c Tue Jun 18 15:57:11 2013 +++ fossil-src-20130618210923/src/clone.c Sun Jun 30 23:53:17 2013 @@ -105,6 +105,7 @@ int bPrivate = 0; /* Also clone private branches */ if( find_option(private,0,0)!=0 ) bPrivate = SYNC_PRIVATE; + clone_ssh_options(); url_proxy_options(); if( g.argc 4 ){ usage(?OPTIONS? FILE-OR-URL NEW-REPOSITORY);
Re: [fossil-users] ForceCommand SSH key with fossil?
On Mon, Jul 01, 2013 at 12:42:11AM -0600, Andy Bradford wrote: Thus said Rene on Sun, 30 Jun 2013 16:07:44 +0200: It could be an alternative way. But the urlShell seems to be much easier! Thanks, I actually looked at urlShell, but it didn't seem right, or was confusing, or both. snip Now, on to the snag... I can open the cloned repository and commit changes, but autosync failes due to authorization problems. I'm not really sure why this doesn't work (the changes I've made are fairly trivial and I fail to see how they even affect authorization): $ f op test.fossil file ... $ f ci -m new Autosync: ssh://amb@localhost//tmp/test.fossil ssh -e none -T amb@localhost fossil http /tmp/test.fossil Round-trips: 1 Artifacts sent: 0 received: 0 Pull finished with 292 bytes sent, 433 bytes received New_Version: 7934407cf95c5936eb460a5ce3d166123dbcbdc7 Autosync: ssh://amb@localhost//tmp/test.fossil ssh -e none -T amb@localhost fossil http /tmp/test.fossil Round-trips: 1 Artifacts sent: 2 received: 0 Error: not authorized to write Round-trips: 1 Artifacts sent: 2 received: 0 Sync finished with 633 bytes sent, 465 bytes received Autosync failed I don't understand why it thinks my user account is not authorized to write. It has read/write access to the file. Is there something else that is missing? Any pointers? Have you try with server running more recent version ? I remember there was a patch somewhere between version 1.24 and 1.25 that was forcing full right when syncing using ssh://. A patch follows with the changes I've made (needs a little clean up in actually outputting the newly added options in usage statements): snip Nice.. have you send your Contributor aggreement to Mr. Hipp ? http://www.fossil-scm.org/xfer/doc/trunk/www/contribute.wiki I'm very interested to see this kind of security enforcement for the ssh protocol.. With this patch, we can have fossil access via ssh without having full shell access to the server.. Eventually, sync permission could be honor as for http:// since accessing the repo via ssh would not mean anymore to have direct access to the .fossil file. Regards, -- Martin G. ___ fossil-users mailing list fossil-users@lists.fossil-scm.org http://lists.fossil-scm.org:8080/cgi-bin/mailman/listinfo/fossil-users
Re: [fossil-users] ForceCommand SSH key with fossil?
Thus said Martin Gagnon on Mon, 01 Jul 2013 09:08:54 -0400: Have you try with server running more recent version ? I remember there was a patch somewhere between version 1.24 and 1.25 that was forcing full right when syncing using ssh://. I've tried with both 1.22 and 1.26. Here it is with 1.26 against 1.26: $ fossil push Push to ssh://amb@localhost//tmp/test.fossil ssh -e none -T amb@localhost /home/amb/bin/fossil http /tmp/test.fossil amb@localhost's password: sent: 0 received: 0 Error: not authorized to write Round-trips: 1 Artifacts sent: 0 received: 0 Push finished with 373 bytes sent, 276 bytes received Nice.. have you send your Contributor aggreement to Mr. Hipp ? I have not---guess I'll need to do that if he intends to include my patch directly. The patch isn't complete yet (obviously because authentication is not working), so that gives me some time. I'm very interested to see this kind of security enforcement for the ssh protocol.. With this patch, we can have fossil access via ssh without having full shell access to the server.. Not to mention it does away with strange shell interaction problems (I ran into them the first time I tried to setup SSH), hopefully not introducing other problems. Andy -- TAI64 timestamp: 400051d19784 ___ fossil-users mailing list fossil-users@lists.fossil-scm.org http://lists.fossil-scm.org:8080/cgi-bin/mailman/listinfo/fossil-users
Re: [fossil-users] ForceCommand SSH key with fossil?
Just FYI, removing the dependency on the shell for ssh access would be *very* much appreciated. Being able to fossil access without full shell access will be fantastic. On Mon, Jul 1, 2013 at 7:51 AM, Andy Bradford amb-fos...@bradfords.orgwrote: Thus said Martin Gagnon on Mon, 01 Jul 2013 09:08:54 -0400: Have you try with server running more recent version ? I remember there was a patch somewhere between version 1.24 and 1.25 that was forcing full right when syncing using ssh://. I've tried with both 1.22 and 1.26. Here it is with 1.26 against 1.26: $ fossil push Push to ssh://amb@localhost//tmp/test.fossil ssh -e none -T amb@localhost /home/amb/bin/fossil http /tmp/test.fossil amb@localhost's password: sent: 0 received: 0 Error: not authorized to write Round-trips: 1 Artifacts sent: 0 received: 0 Push finished with 373 bytes sent, 276 bytes received Nice.. have you send your Contributor aggreement to Mr. Hipp ? I have not---guess I'll need to do that if he intends to include my patch directly. The patch isn't complete yet (obviously because authentication is not working), so that gives me some time. I'm very interested to see this kind of security enforcement for the ssh protocol.. With this patch, we can have fossil access via ssh without having full shell access to the server.. Not to mention it does away with strange shell interaction problems (I ran into them the first time I tried to setup SSH), hopefully not introducing other problems. Andy -- TAI64 timestamp: 400051d19784 ___ fossil-users mailing list fossil-users@lists.fossil-scm.org http://lists.fossil-scm.org:8080/cgi-bin/mailman/listinfo/fossil-users -- Matt -=- 90% of the nations wealth is held by 2% of the people. Bummer to be in the majority... ___ fossil-users mailing list fossil-users@lists.fossil-scm.org http://lists.fossil-scm.org:8080/cgi-bin/mailman/listinfo/fossil-users
Re: [fossil-users] ForceCommand SSH key with fossil?
If I have an account on the remote machine then autosync succeeds. I have this setup: archlinux running this is fossil version 1.25 [878f7008ab] 2013-05-31 17:41:25 UTC windows xp virtual machine arch fossil create andy.fsl fossil ui andy.fsl (add user zwart604 as developer) win fossil settings ssh-command plink -T fossil clone ssh://renez@arch/andy.fsl?fossil=bin/fossil andyclone.fsl --sshTrace plink -T renez@arch ==Using username renez. Round-trips: 2 Artifacts sent: 0 received: 6 Clone finished with 485 bytes sent, 1294 bytes received Rebuilding repository meta-data... 100.0% complete... project-id: 131a4040153ac69a6f4d1108b23f57eccef102b2 admin-user: zwart604 (password is 45004c) mkdir t cd t fossil open ..\andyclone.fsl echo #include stdfio.h a.c fossil add a.c temp\t..\fossil.exe commit -m did this as zwart604 Autosync: ssh://renez@arch/andy.fsl?fossil=bin/fossil plink -T renez@arch Using username renez. Round-trips: 1 Artifacts sent: 0 received: 0 Pull finished with 290 bytes sent, 286 bytes received ./a.c contains CR/NL line endings. Use --no-warnings or the crnl-glob setting to disable this warning. Commit anyhow (a=all/c=convert/y/N)? a New_Version: 9eeeca09475fc269e49c1864ec9ff5b669e5664a Autosync: ssh://renez@arch/andy.fsl?fossil=bin/fossil plink -T renez@arch == Using username renez. Round-trips: 1 Artifacts sent: 2 received: 0 Sync finished with 522 bytes sent, 340 bytes received What is annoying is that all the interaction is done with the name of the user who has the ssh-account. like the log is 2 2013-07-01 18:03:02 renez 127.0.0.1 1 2013-06-30 13:36:03 renez Number 2 is not true that came from zwart604 at ip xxx.xxx.xxx.xxx Maybe make the force command command=/usr/local/bin/fossil http /tmp/test.fossil --user zwart604 --ip x.x.x.x ssh-rsa if you have given the key to one person then the key will identify the user $SSH2_CLIENT, extract the IP address of the incoming client, which is the first (of three) value in the string. Or fossil could pick that up form cards sent. or from the environment or from both Why not a mode fossil ssh (which would be a special http) What seems weird if I drop the access of zwart604 to g(Clone) i can still sync and enter new files Is that expected behaviour? -- Rene ___ fossil-users mailing list fossil-users@lists.fossil-scm.org http://lists.fossil-scm.org:8080/cgi-bin/mailman/listinfo/fossil-users
Re: [fossil-users] ForceCommand SSH key with fossil?
On Mon, Jul 1, 2013 at 9:16 PM, Rene renew...@xs4all.nl wrote: What seems weird if I drop the access of zwart604 to g(Clone) i can still sync and enter new files Is that expected behaviour? The i (Inbound/write/checkin) permission controls that. Are you able to bypass that permission check? -- - stephan beal http://wanderinghorse.net/home/stephan/ http://gplus.to/sgbeal ___ fossil-users mailing list fossil-users@lists.fossil-scm.org http://lists.fossil-scm.org:8080/cgi-bin/mailman/listinfo/fossil-users
Re: [fossil-users] ForceCommand SSH key with fossil?
Yes, I dropt it from gjo to g. I now dropped of the g and my windows repo still sync succesful with the master repo. Where zwart604 now has no permissions at all see below the timeline the one at 20:49 is of zwart604 with no permissions on the master one. I probably do something wrong! 2013-07-01 20:49 [0887e49cf5] Leaf: did this as zwart604 (user: zwart604, tags: trunk) 20:48 [9e62c4aafe] did this as zwart604 (user: zwart604, tags: trunk) 19:06 [d5f8fc4fc9] did this as zwart604 (user: zwart604, tags: trunk) 19:03 [6cac74dbb7] did this as zwart604 (user: zwart604, tags: trunk) 19:01 [4576135d8c] did this as zwart604 (user: zwart604, tags: trunk) 18:02 [9eeeca0947] did this as zwart604 (user: zwart604, tags: trunk) On 2013-07-01 21:35, Stephan Beal wrote: On Mon, Jul 1, 2013 at 9:16 PM, Rene renew...@xs4all.nl wrote: What seems weird if I drop the access of zwart604 to g(Clone) i can still sync and enter new files Is that expected behaviour? The i (Inbound/write/checkin) permission controls that. Are you able to bypass that permission check? -- - stephan beal http://wanderinghorse.net/home/stephan/ [1] http://gplus.to/sgbeal [2] Links: -- [1] http://wanderinghorse.net/home/stephan/ [2] http://gplus.to/sgbeal ___ fossil-users mailing list fossil-users@lists.fossil-scm.org http://lists.fossil-scm.org:8080/cgi-bin/mailman/listinfo/fossil-users -- Rene ___ fossil-users mailing list fossil-users@lists.fossil-scm.org http://lists.fossil-scm.org:8080/cgi-bin/mailman/listinfo/fossil-users
Re: [fossil-users] ForceCommand SSH key with fossil?
On Mon, Jul 1, 2013 at 10:57 PM, Rene renew...@xs4all.nl wrote: see below the timeline the one at 20:49 is of zwart604 with no permissions on the master one. I probably do something wrong! If i'm not mistaken (and i might be - i'm not familiar with the details of fossil's ssh bits), a user running over ssh has all permissions (because that's what fossil uses when run in non-server/CGI mode). If, however, fossil is using its HTTP server over ssh (i don't know whether it does or not does, to be honest), then it should be setting up the permissions properly for the user. Based on my interpretation of your results, a user running over ssh has all permissions, as for a local user. i can't immediately say whether that's expected or not. Sorry, not very helpful :/. -- - stephan beal http://wanderinghorse.net/home/stephan/ http://gplus.to/sgbeal ___ fossil-users mailing list fossil-users@lists.fossil-scm.org http://lists.fossil-scm.org:8080/cgi-bin/mailman/listinfo/fossil-users
Re: [fossil-users] ForceCommand SSH key with fossil?
On Mon, Jul 1, 2013 at 5:01 PM, Stephan Beal sgb...@googlemail.com wrote: On Mon, Jul 1, 2013 at 10:57 PM, Rene renew...@xs4all.nl wrote: see below the timeline the one at 20:49 is of zwart604 with no permissions on the master one. I probably do something wrong! If i'm not mistaken (and i might be - i'm not familiar with the details of fossil's ssh bits), a user running over ssh has all permissions (because that's what fossil uses when run in non-server/CGI mode). If, however, fossil is using its HTTP server over ssh (i don't know whether it does or not does, to be honest), then it should be setting up the permissions properly for the user. Based on my interpretation of your results, a user running over ssh has all permissions, as for a local user. i can't immediately say whether that's expected or not. I think you are right. The default behavior when running fossil locally is to let the user do anything requested. Presumably, if the user can run Fossil, then they can also edit the repository database file at will, and so there really isn't any point in trying to enforce permissions in that scenario. When you run the fossil http command, the user identified by each HTTP request is used. However, ssh does not run fossil http, it uses fossil test-http instead (unless Andy has changed that in his local copy). And fossil test-http, since it was originally designed for testing, gives every request Admin privilege, meaning it can do anything it want. I have not been following this thread closely, but perhaps the solution is to change the test-http near lean 296 in http_transport.c to be just http. -- D. Richard Hipp d...@sqlite.org ___ fossil-users mailing list fossil-users@lists.fossil-scm.org http://lists.fossil-scm.org:8080/cgi-bin/mailman/listinfo/fossil-users
Re: [fossil-users] ForceCommand SSH key with fossil?
On 2013-07-01 23:01, Stephan Beal wrote: On Mon, Jul 1, 2013 at 10:57 PM, Rene renew...@xs4all.nl wrote: see below the timeline the one at 20:49 is of zwart604 with no permissions on the master one. I probably do something wrong! If i'm not mistaken (and i might be - i'm not familiar with the details of fossil's ssh bits), a user running over ssh has all permissions (because that's what fossil uses when run in non-server/CGI mode). If, however, fossil is using its HTTP server over ssh (i don't know whether it does or not does, to be honest), then it should be setting up the permissions properly for the user. Based on my interpretation of your results, a user running over ssh has all permissions, as for a local user. i can't immediately say whether that's expected or not. Sorry, not very helpful :/. -- - stephan beal http://wanderinghorse.net/home/stephan/ [1] http://gplus.to/sgbeal [2] Links: -- [1] http://wanderinghorse.net/home/stephan/ [2] http://gplus.to/sgbeal ___ fossil-users mailing list fossil-users@lists.fossil-scm.org http://lists.fossil-scm.org:8080/cgi-bin/mailman/listinfo/fossil-users Hm, This is what I see if I do: C:\temp\techo hallo g.c C:\temp\t..\fossil.exe add g.c ADDED g.c C:\temp\t..\fossil.exe commit -m did this as zwart604 --sshtrace Autosync: ssh://renez@arch/andy.fsl?fossil=bin/fossil plink -T renez@arch Sent: [echo probe-8b38afea112ef8b4a65dfb639b526c2c] Using username renez. Got back--- probe-8b38afea112ef8b4a65dfb639b526c2c --- Sent: [echo probe-7d8a878c308bc5f5ab12fa1baaf3609f] Got back--- probe-7d8a878c308bc5f5ab12fa1baaf3609f --- Sent: [bin/fossil test-http andy.fsl]eceived: 0 Got line: [HTTP/1.0 200 OK] Got line: [Date: Mon, 1 Jul 2013 21:05:21 GMT] Got line: [Connection: close] Got line: [X-Frame-Options: SAMEORIGIN] Got line: [Cache-control: no-cache] Got line: [Content-Type: application/x-fossil; charset=utf-8] Got line: [Content-Length: 280] Got line: [] Reading 280 bytes with 0 on hand... Got 280 bytes Round-trips: 1 Artifacts sent: 0 received: 0 Pull finished with 290 bytes sent, 480 bytes received ./g.c contains CR/NL line endings. Use --no-warnings or the crnl-glob setting to disable this warning. Commit anyhow (a=all/c=convert/y/N)? a New_Version: 50122ec07cb3c91d8910105f6a9c8050ddcae4c1 Autosync: ssh://renez@arch/andy.fsl?fossil=bin/fossil plink -T renez@arch Sent: [echo probe-d7c9e86da35acc3286ded3db70a416e4] Using username renez. Got back--- probe-d7c9e86da35acc3286ded3db70a416e4 --- Sent: [echo probe-f7e5b3ddbb9a59c5c9e6855723a29fde] Got back--- probe-f7e5b3ddbb9a59c5c9e6855723a29fde --- Sent: [bin/fossil test-http andy.fsl]eceived: 0 Got line: [HTTP/1.0 200 OK] Got line: [Date: Mon, 1 Jul 2013 21:05:28 GMT] Got line: [Connection: close] Got line: [X-Frame-Options: SAMEORIGIN] Got line: [Cache-control: no-cache] Got line: [Content-Type: application/x-fossil; charset=utf-8] Got line: [Content-Length: 305] Got line: [] Reading 305 bytes with 0 on hand... Got 305 bytes Round-trips: 1 Artifacts sent: 2 received: 0 Sync finished with 676 bytes sent, 505 bytes received C:\temp\t and the answer is /* ** Note that the following command is used by ssh:// processing. ** ** COMMAND: test-http ** Works like the http command but gives setup permission to all users. */ void cmd_test_http(void){ Th_InitTraceLog(); login_set_capabilities(sx, 0); g.useLocalauth = 1; cgi_set_parameter(REMOTE_ADDR, 127.0.0.1); g.httpIn = stdin; g.httpOut = stdout; find_server_repository(0); g.cgiOutput = 1; g.fullHttpReply = 1; cgi_handle_http_request(0); process_one_web_page(0, 0); } -- Rene ___ fossil-users mailing list fossil-users@lists.fossil-scm.org http://lists.fossil-scm.org:8080/cgi-bin/mailman/listinfo/fossil-users
Re: [fossil-users] ForceCommand SSH key with fossil?
Thus said Richard Hipp on Mon, 01 Jul 2013 17:23:58 -0400: When you run the fossil http command, the user identified by each HTTP request is used. However, ssh does not run fossil http, it uses fossil test-http instead (unless Andy has changed that in his local copy). And fossil test-http, since it was originally designed for testing, gives every request Admin privilege, meaning it can do anything it want. Bingo! The problem was that I failed to understand the significance of test-http and thought it was simply part of a test that the ``interactive'' shell initialization setup that it went through used to determine if the SSH connection was established. I wondered how the remote ``fossil http'' knew about the fact that the SSH connected user had permission. Thanks for clarifying. Andy -- TAI64 timestamp: 400051d21e57 ___ fossil-users mailing list fossil-users@lists.fossil-scm.org http://lists.fossil-scm.org:8080/cgi-bin/mailman/listinfo/fossil-users
Re: [fossil-users] ForceCommand SSH key with fossil?
Thus said Andy Bradford on 29 Jun 2013 20:34:07 -0600: So it seems to think that the server didn't respond, but it surely looks like it did. Will this approach even work? Ok, the problem was that the connection was closed (due to missing keep-alive, so SSH closed connection) in xfer.c:client_sync. I was able to workround it by moving the call to transport_global_startup() at the top of the while ( go ) loop, and adding a transport_global_shutdown() at the bottom. This now seems to work, but it seems like it's no the cleanest solution: $ fossil clone --sshserver ssh://amb@localhost//tmp/temp.fossil test.fossil ssh -e none -T amb@localhost Round-trips: 1 Artifacts sent: 0 received: 1 ssh -e none -T amb@localhost Round-trips: 2 Artifacts sent: 0 received: 2 Clone finished with 487 bytes sent, 1119 bytes received Rebuilding repository meta-data... 100.0% complete... project-id: b3fa0981e117c6a57a0850875f58973eec3a6453 admin-user: amb (password is 3c1aaf) But it fails at this point because it doesn't know about the --sshserver option: $ fossil open test.fossil $ touch file $ fossil add file ADDED file $ fossil ci -m test Autosync: ssh://amb@localhost//tmp/temp.fossil ssh -e none -T amb@localhost $ echo $? 141 So somehow it needs to be taught that when autosync'ing, it should use --sshserver. Guess I'll have to leave that for another day... Does this seem like a worthwhile addition? It seems that it would make handling SSH tunneling configurations much easier---no need to worry about parsing interactive shell responses. Thoughts? Thanks, Andy -- TAI64 timestamp: 400051cfda10 ___ fossil-users mailing list fossil-users@lists.fossil-scm.org http://lists.fossil-scm.org:8080/cgi-bin/mailman/listinfo/fossil-users
Re: [fossil-users] ForceCommand SSH key with fossil?
On 2013-06-30 02:19, Andy Bradford wrote: Hello, Next hurdle. SSL or SSH on Windows. I just discovered that fossil.exe does not have SSL support, so that kind of presents a hurdle. By the way, it works nicely in a chroot with stunnel and SSL client certificates on an OpenBSD server. So, now on to SSH... I'm trying to setup a force command with ssh keys that restricts access with that key to simply ``fossil http REPOSITORY''. Is there some trick I need to tell the client that it already has an open fossil http server waiting to be used on stdin/stdout and to just start talking HTTP? SSH will have already taken care of wiring up the stdin/stdout on the server side, so this really just seems to be a client side problem. I setup a ForceCommand SSH key but the client doesn't seem to know what to do with it and crashes: $ fossil ver This is fossil version 1.26 [c9cb6e7293] 2013-06-18 21:09:23 UTC $ fossil clone ssh://amb@localhost//tmp/test.fossil test.fossil ssh -e none -T amb@localhost ... debug1: Offering RSA public key: /home/amb/.ssh/id_rsa debug1: Server accepts key: pkalg ssh-rsa blen 279 debug1: Authentication succeeded (publickey). ... debug1: channel 1: new [client-session] debug1: Entering interactive session. debug1: Remote: Forced command. debug1: Remote: Forced command. ... debug1: Exit status 0 $ echo $? 141 As can be seen, when my SSH key is used, it will be forced into fossil http mode, but the client crashes. Here is what I have in my authorized_keys: $ grep fossil /home/amb/.ssh/authorized_keys command=/home/amb/bin/fossil http /tmp/test.fossil ssh-rsa B3NzaC1yc2EDAQABAAABAQDqKI393xubO69Rs+Y6fbnxDpAgX5kTe31qWepFyfu08wxNj5iX57vNIYFIcC7bwKW4EHMakuEIYr2eDzXl3e1pXLzteFESISaZkXrmspNIMRh4oW/3LqV+pGXfimA//YlmbJOMzEHerSCTi+QG0O6LNyvjlZgJmP8dJgc0ktzw6nAVcpdFxwoNa+tQJb+g7wLHGRCsl9uvf6rfdzXVUm/tAtD/TyPITU7Ni2q7aTm/m8YKsXDUif91UP9XUH8phwwEucQa3MagtIcmUKJzrkuwHT+rr2K/0W8vpjO3iq3g7ejONqaTfqEW2Rc5uydYsc1B5IjsmPm0bVkbB3B6ZBxF amb Is there any way to tell the local fossil client command that it just needs to start talking HTTP to whatever file descriptor it has open for SSH? Or, is there another mode that fossil has that will do this? I couldn't find it in the documentation. By the way, SSH keys, and just SSH with password authentication do work for cloning, but I want to restrict the access that users make to simply the fossil command (no shell access), but if I just use the SSH key without restricting the command, they gain full shell access. Thanks, Andy One possibility seems to be to use the urlShell : Wed, Feb 6, 2013 at 5:31 PM, Richard Hipp drh at sqlite.org wrote: I want to understand the problem before I put in the fix. To try to help better understand what is happening, I have added a new query parameter to the ssh: url scheme. You can now say: fossil clone ssh://user@host/path/to/repo?shell=/bin/bash new.fossil and that will cause Fossil to add the /bin/bash argument to the end of the ssh command. Please note that you can also do --sshtrace to get some interactive information on what the ssh command is doing. Tell you users that they can only acces fossil with: //user@host/path/to/repo?shell=/andy/sh make the line in authorized hosts command=/home/amb/bin/forcedcommand.sh check in the script if the command is /andy/sh in SSH_ORIGINAL_COMMAND. If so exec /bin/sh, otherwise close the connection. S Look in SSH_ORIGINAL_COMMAND. probably this is always /bin/sh or something like that. Maybe you can check on the ip number if its trusted and then you know. If not echo back something like you this is me and I want to know who you are If it's fossil it wil send you then make the dance with the fossil client. -- Rene ___ fossil-users mailing list fossil-users@lists.fossil-scm.org http://lists.fossil-scm.org:8080/cgi-bin/mailman/listinfo/fossil-users
Re: [fossil-users] ForceCommand SSH key with fossil?
On 2013-06-30 15:24, Rene wrote: [snip] Sorry this should have not been part of the message. It could be an alternative way. But the urlShell seems to be much easier! S Look in SSH_ORIGINAL_COMMAND. probably this is always /bin/sh or something like that. Maybe you can check on the ip number if its trusted and then you know. If not echo back something like you this is me and I want to know who you are If it's fossil it wil send you then make the dance with the fossil client. -- Rene ___ fossil-users mailing list fossil-users@lists.fossil-scm.org http://lists.fossil-scm.org:8080/cgi-bin/mailman/listinfo/fossil-users
[fossil-users] ForceCommand SSH key with fossil?
Hello, Next hurdle. SSL or SSH on Windows. I just discovered that fossil.exe does not have SSL support, so that kind of presents a hurdle. By the way, it works nicely in a chroot with stunnel and SSL client certificates on an OpenBSD server. So, now on to SSH... I'm trying to setup a force command with ssh keys that restricts access with that key to simply ``fossil http REPOSITORY''. Is there some trick I need to tell the client that it already has an open fossil http server waiting to be used on stdin/stdout and to just start talking HTTP? SSH will have already taken care of wiring up the stdin/stdout on the server side, so this really just seems to be a client side problem. I setup a ForceCommand SSH key but the client doesn't seem to know what to do with it and crashes: $ fossil ver This is fossil version 1.26 [c9cb6e7293] 2013-06-18 21:09:23 UTC $ fossil clone ssh://amb@localhost//tmp/test.fossil test.fossil ssh -e none -T amb@localhost ... debug1: Offering RSA public key: /home/amb/.ssh/id_rsa debug1: Server accepts key: pkalg ssh-rsa blen 279 debug1: Authentication succeeded (publickey). ... debug1: channel 1: new [client-session] debug1: Entering interactive session. debug1: Remote: Forced command. debug1: Remote: Forced command. ... debug1: Exit status 0 $ echo $? 141 As can be seen, when my SSH key is used, it will be forced into fossil http mode, but the client crashes. Here is what I have in my authorized_keys: $ grep fossil /home/amb/.ssh/authorized_keys command=/home/amb/bin/fossil http /tmp/test.fossil ssh-rsa B3NzaC1yc2EDAQABAAABAQDqKI393xubO69Rs+Y6fbnxDpAgX5kTe31qWepFyfu08wxNj5iX57vNIYFIcC7bwKW4EHMakuEIYr2eDzXl3e1pXLzteFESISaZkXrmspNIMRh4oW/3LqV+pGXfimA//YlmbJOMzEHerSCTi+QG0O6LNyvjlZgJmP8dJgc0ktzw6nAVcpdFxwoNa+tQJb+g7wLHGRCsl9uvf6rfdzXVUm/tAtD/TyPITU7Ni2q7aTm/m8YKsXDUif91UP9XUH8phwwEucQa3MagtIcmUKJzrkuwHT+rr2K/0W8vpjO3iq3g7ejONqaTfqEW2Rc5uydYsc1B5IjsmPm0bVkbB3B6ZBxF amb Is there any way to tell the local fossil client command that it just needs to start talking HTTP to whatever file descriptor it has open for SSH? Or, is there another mode that fossil has that will do this? I couldn't find it in the documentation. By the way, SSH keys, and just SSH with password authentication do work for cloning, but I want to restrict the access that users make to simply the fossil command (no shell access), but if I just use the SSH key without restricting the command, they gain full shell access. Thanks, Andy -- TAI64 timestamp: 400051cf79c7 ___ fossil-users mailing list fossil-users@lists.fossil-scm.org http://lists.fossil-scm.org:8080/cgi-bin/mailman/listinfo/fossil-users
Re: [fossil-users] ForceCommand SSH key with fossil?
Thus said Andy Bradford on 29 Jun 2013 18:19:48 -0600: As can be seen, when my SSH key is used, it will be forced into fossil http mode, but the client crashes. I just found the following: http://www.mail-archive.com/fossil-users@lists.fossil-scm.org/msg02963.html I don't know what ever became of it---I see no suggestions. I think it would be sufficient for the local fossil client to simply setup the SSH session so that the remote side of the SSH session is just ``fossil http REPOSITORY'' This is similar to how scp works. When you do: scp file remote:/path, the scp client establishes an SSH connection and then runs a remote scp command (in server mode). The scp local command then works in ``client'' mode and talks SCP to the remote scp instance. All of this happens over SSH. For fossil, when the URL is ssh://user@remote//path, it would simply open up a remote ``fossil http /path'' on the remote host and then the local fossil command would switch to ``client'' mode and talk to the SSH connection file descriptors as if it were talking HTTP. As can be seen, the server side is ready and willing: $ ssh amb@localhost GET / HTTP/1.1 Host: localhost HTTP/1.0 302 Moved Temporarily Date: Sun, 30 Jun 2013 00:54:48 GMT Connection: close Location: http://localhost/index X-Frame-Options: SAMEORIGIN Cache-control: no-cache Content-Type: text/html; charset=utf-8 Content-Length: 69 html pRedirect to Location: http://localhost/index /p /html Connection to localhost closed. Perhaps the fossil client wouldn't work using this method, but this is fairly common with most commands that support a remote execution method (one side switches to client, and remote is executed as server and they just talk over the SSH tunnel). Andy -- TAI64 timestamp: 400051cf829b ___ fossil-users mailing list fossil-users@lists.fossil-scm.org http://lists.fossil-scm.org:8080/cgi-bin/mailman/listinfo/fossil-users
Re: [fossil-users] ForceCommand SSH key with fossil?
Thus said Andy Bradford on 29 Jun 2013 18:19:48 -0600: Is there some trick I need to tell the client that it already has an open fossil http server waiting to be used on stdin/stdout and to just start talking HTTP? Ok, so I got impatient and cracked open the source. It looks like the current design won't work for restricted SSH keys. I'm almost able to get it to work. I added an option to cause it to skip a lot of the ``interactive'' type stuff it's trying to do, hoping that it will just treat the connection as if it were talking to ``fossil http'' but clearly I'm missing something else. As a quick hack, I added a --sshnative option that causes it to skip the test-http command and also the whole transport_ssh_startup() entirely because this won't obviously work when the SSH connection is already waiting for an HTTP client to talk to it. This got me as far as: $ fossil clone --sshtrace --sshnative ssh://amb@localhost//tmp/test.fossil test.fossil ssh -e none -T amb@localhost Got line: [HTTP/1.0 200 OK]sent: 0 received: 0 Got line: [Date: Sun, 30 Jun 2013 02:29:31 GMT] Got line: [Connection: close] Got line: [X-Frame-Options: SAMEORIGIN] Got line: [Cache-control: no-cache] Got line: [Content-Type: application/x-fossil-uncompressed; charset=utf-8] Got line: [Content-Length: 340] Got line: [] Reading 340 bytes with 0 on hand... Got 340 bytes Got line: [] 2 Artifacts sent: 0 received: 1 server did not reply So it seems to think that the server didn't respond, but it surely looks like it did. Will this approach even work? Andy -- TAI64 timestamp: 400051cf9942 ___ fossil-users mailing list fossil-users@lists.fossil-scm.org http://lists.fossil-scm.org:8080/cgi-bin/mailman/listinfo/fossil-users