Re: Error setting up subversion repository
Yeah, so I fixed this. For anyone concerned, this was the solution: - Instructions I had been following on an internal wiki for setting up passwordless SSH were a bit out-of-date. They stated that copying your public key to .ssh/authorized_keys2 on the server would be sufficient, but this method is deprecated (http://serverfault.com/questions/116177/ whats-the-difference-between-authorized-keys-and-authorized-keys2) - So all I did was log in as www-data (su - www-data) - generate rsa keys and set permissions - scp rsa public key to authorized_keys2 on the server - ssh to the server - cat .ssh/authorized_keys2 .ssh/authorized_keys and presto - it works! On Dec 8, 12:43 pm, Matt Billock mattbill...@gmail.com wrote: Note, this also fails on debian, which is supposedly your default install. I get to the same place (once again obfuscated): - Install apache with mod-wsgi - Install mysql - Install dependencies - Install reviewboard - Set up reviewboard - Go to admin - Go to repositories - Go to Add repository - Fill in information for the repository: - name: My_Default_repo - Hosting Service: custom - Repository Type: subversion - Path: svn+ssh://usern...@server.domain.com/repo - Username: username - Password: password When I su to www-data, I am not only able to ssh to the server without issue: $ ssh usern...@server.domain.com usern...@server.domain.com's password: Last login: Thu Dec 8 11:42:05 2011 from iss4.domain.com [username@server ~]$ but I can also svn ls without issue into the repository: $ svn ls svn+ssh://usern...@server.domain.com/repo usern...@server.domain.com's password: branches/ tags/ trunk/ My server log is hopelessly unhelpful: 09:49:46 DEBUG SVNTool: Attempting ssh connection with host: server.domain.com, username: username 09:49:51 DEBUG starting thread (client mode): 0xb9d1b7acL 09:49:51 INFO Connected (version 1.99, client OpenSSH_3.9p1) 09:49:51 DEBUG kex algos:['diffie-hellman-group-exchange-sha1', 'diffie-hellman-group14-sha1', 'diffie-hellman-group1-sha1'] server key:['ssh-rsa', 'ssh-dss'] client encrypt:['aes128-cbc', '3des-cbc', 'blowfish-cbc', 'cast128-cbc', 'arcfour', 'aes192-cbc', 'aes256-cbc', 'rijndael-...@lysator.liu.se', 'aes128-ctr', 'aes192-ctr', 'aes256- ctr'] server encrypt:['aes128-cbc', '3des-cbc', 'blowfish-cbc', 'cast128-cbc', 'arcfour', 'aes192-cbc', 'aes256-cbc', 'rijndael- c...@lysator.liu.se', 'aes128-ctr', 'aes192-ctr', 'aes256-ctr'] client mac:['hmac-md5', 'hmac-sha1', 'hmac-ripemd160', 'hmac- ripemd...@openssh.com', 'hmac-sha1-96', 'hmac-md5-96'] server mac: ['hmac-md5', 'hmac-sha1', 'hmac-ripemd160', 'hmac- ripemd...@openssh.com', 'hmac-sha1-96', 'hmac-md5-96'] client compress: ['none', 'zlib'] server compress:['none', 'zlib'] client lang:[''] server lang:[''] kex follows?False 09:49:51 DEBUG Ciphers agreed: local=aes128-ctr, remote=aes128-ctr 09:49:51 DEBUG using kex diffie-hellman-group1-sha1; server key type ssh-rsa; cipher: local aes128-ctr, remote aes128-ctr; mac: local hmac- sha1, remote hmac-sha1; compression: local none, remote none 09:49:51 DEBUG Switch to new keys ... 09:49:51 DEBUG Trying SSH key 1586182b11aa1bc8ea870f3de4fec832 09:49:51 DEBUG userauth is OK 09:49:51 INFO Authentication (publickey) failed. 09:49:51 DEBUG Trying discovered key 1586182b11aa1bc8ea870f3de4fec832 in /var/www/10.1.2.233/data/.ssh/ id_rsa 09:49:51 DEBUG userauth is OK 09:49:51 INFO Authentication (publickey) failed. 09:49:51 DEBUG userauth is OK 09:49:51 INFO Authentication (password) successful! 09:49:51 DEBUG EOF in transport thread 09:49:52 ERROR SVN: Failed to get repository information for svn +ssh://usern...@server.domain.com/repo/: To better debug SSH connection problems, remove the -q option from 'ssh' in the [tunnels] section of your Subversion configuration file. Network connection closed unexpectedly So in short, unless one of you has some more information the issue appears to be in the reviewboard software, but I cannot find where. As far as I can tell I have everything configured correctly. Does anyone have any ideas whatsoever? I'm running on empty here, and could really use some assistance. It appears to be some sort of ssh connection issue, but when I switch users to www-data, I can ssh to the server without any problems at all, and as demonstrated above I have absolutely no problems using svn's ssh tunnel via the command line. On Dec 7, 8:14 am, Matt Billock mattbill...@gmail.com wrote: I haven't as yet been able to hunt this down, but it does appear to be a SSH communications issue. I am able to access the server in question from the console using the apache user, and the logs state that initial attempts to authenticate are successful -
Re: Error setting up subversion repository
Note, this also fails on debian, which is supposedly your default
install. I get to the same place (once again obfuscated):
- Install apache with mod-wsgi
- Install mysql
- Install dependencies
- Install reviewboard
- Set up reviewboard
- Go to admin
- Go to repositories
- Go to Add repository
- Fill in information for the repository:
- name: My_Default_repo
- Hosting Service: custom
- Repository Type: subversion
- Path: svn+ssh://usern...@server.domain.com/repo
- Username: username
- Password: password
When I su to www-data, I am not only able to ssh to the server without
issue:
$ ssh usern...@server.domain.com
usern...@server.domain.com's password:
Last login: Thu Dec 8 11:42:05 2011 from iss4.domain.com
[username@server ~]$
but I can also svn ls without issue into the repository:
$ svn ls svn+ssh://usern...@server.domain.com/repo
usern...@server.domain.com's password:
branches/
tags/
trunk/
My server log is hopelessly unhelpful:
09:49:46DEBUG SVNTool: Attempting ssh connection with host:
server.domain.com, username: username
09:49:51DEBUG starting thread (client mode): 0xb9d1b7acL
09:49:51INFOConnected (version 1.99, client OpenSSH_3.9p1)
09:49:51DEBUG kex algos:['diffie-hellman-group-exchange-sha1',
'diffie-hellman-group14-sha1', 'diffie-hellman-group1-sha1'] server
key:['ssh-rsa', 'ssh-dss'] client encrypt:['aes128-cbc', '3des-cbc',
'blowfish-cbc', 'cast128-cbc', 'arcfour', 'aes192-cbc', 'aes256-cbc',
'rijndael-...@lysator.liu.se', 'aes128-ctr', 'aes192-ctr', 'aes256-
ctr'] server encrypt:['aes128-cbc', '3des-cbc', 'blowfish-cbc',
'cast128-cbc', 'arcfour', 'aes192-cbc', 'aes256-cbc', 'rijndael-
c...@lysator.liu.se', 'aes128-ctr', 'aes192-ctr', 'aes256-ctr'] client
mac:['hmac-md5', 'hmac-sha1', 'hmac-ripemd160', 'hmac-
ripemd...@openssh.com', 'hmac-sha1-96', 'hmac-md5-96'] server mac:
['hmac-md5', 'hmac-sha1', 'hmac-ripemd160', 'hmac-
ripemd...@openssh.com', 'hmac-sha1-96', 'hmac-md5-96'] client compress:
['none', 'zlib'] server compress:['none', 'zlib'] client lang:['']
server lang:[''] kex follows?False
09:49:51DEBUG Ciphers agreed: local=aes128-ctr, remote=aes128-ctr
09:49:51DEBUG using kex diffie-hellman-group1-sha1; server key type
ssh-rsa; cipher: local aes128-ctr, remote aes128-ctr; mac: local hmac-
sha1, remote hmac-sha1; compression: local none, remote none
09:49:51DEBUG Switch to new keys ...
09:49:51DEBUG Trying SSH key 1586182b11aa1bc8ea870f3de4fec832
09:49:51DEBUG userauth is OK
09:49:51INFOAuthentication (publickey) failed.
09:49:51DEBUG Trying discovered key
1586182b11aa1bc8ea870f3de4fec832 in /var/www/10.1.2.233/data/.ssh/
id_rsa
09:49:51DEBUG userauth is OK
09:49:51INFOAuthentication (publickey) failed.
09:49:51DEBUG userauth is OK
09:49:51INFOAuthentication (password) successful!
09:49:51DEBUG EOF in transport thread
09:49:52ERROR SVN: Failed to get repository information for svn
+ssh://usern...@server.domain.com/repo/: To better debug SSH
connection problems, remove the -q option from 'ssh' in the [tunnels]
section of your Subversion configuration file. Network connection
closed unexpectedly
So in short, unless one of you has some more information the issue
appears to be in the reviewboard software, but I cannot find where. As
far as I can tell I have everything configured correctly. Does anyone
have any ideas whatsoever? I'm running on empty here, and could really
use some assistance. It appears to be some sort of ssh connection
issue, but when I switch users to www-data, I can ssh to the server
without any problems at all, and as demonstrated above I have
absolutely no problems using svn's ssh tunnel via the command line.
On Dec 7, 8:14 am, Matt Billock mattbill...@gmail.com wrote:
I haven't as yet been able to hunt this down, but it does appear to be
a SSH communications issue. I am able to access the server in question
from the console using the apache user, and the logs state that
initial attempts to authenticate are successful - there is just one
final missing step that I can't seem to locate. I've seen this issue
appear in this group a couple times, but I do not know if any
resolution was found. Is there any information anyone can provide?
On Dec 2, 2:44 pm, Matt Billock mattbill...@gmail.com wrote:
Fixed the (13,'Permission Denied') error with the following line:
setsebool -P httpd_can_network_connect 1
taken from:
http://wiki.apache.org/httpd/13PermissionDenied
SELinux, apparently by default, was preventing apache from making
network connections.
I've moved on to a more different error, this time specific to
subversion. From the logs (obfuscated to protect the innocent):
12:35:44 DEBUG SVNTool: Attempting ssh connection with host:
{repository}, username: {username}
12:35:44
Re: Error setting up subversion repository
I haven't as yet been able to hunt this down, but it does appear to be
a SSH communications issue. I am able to access the server in question
from the console using the apache user, and the logs state that
initial attempts to authenticate are successful - there is just one
final missing step that I can't seem to locate. I've seen this issue
appear in this group a couple times, but I do not know if any
resolution was found. Is there any information anyone can provide?
On Dec 2, 2:44 pm, Matt Billock mattbill...@gmail.com wrote:
Fixed the (13,'Permission Denied') error with the following line:
setsebool -P httpd_can_network_connect 1
taken from:
http://wiki.apache.org/httpd/13PermissionDenied
SELinux, apparently by default, was preventing apache from making
network connections.
I've moved on to a more different error, this time specific to
subversion. From the logs (obfuscated to protect the innocent):
12:35:44 DEBUG SVNTool: Attempting ssh connection with host:
{repository}, username: {username}
12:35:44 DEBUG starting thread (client mode): 0xAB2FDB10L
12:35:44 INFO Connected (version 1.99, client OpenSSH_3.9p1)
12:35:44 DEBUG kex algos:['diffie-hellman-group-exchange-sha1',
'diffie-hellman-group14-sha1', 'diffie-hellman-group1-sha1'] server
key:['ssh-rsa', 'ssh-dss'] client encrypt:['aes128-cbc', '3des-cbc',
'blowfish-cbc', 'cast128-cbc', 'arcfour', 'aes192-cbc', 'aes256-cbc',
'rijndael-...@lysator.liu.se', 'aes128-ctr', 'aes192-ctr', 'aes256-
ctr'] server encrypt:['aes128-cbc', '3des-cbc', 'blowfish-cbc',
'cast128-cbc', 'arcfour', 'aes192-cbc', 'aes256-cbc', 'rijndael-
c...@lysator.liu.se', 'aes128-ctr', 'aes192-ctr', 'aes256-ctr'] client
mac:['hmac-md5', 'hmac-sha1', 'hmac-ripemd160', 'hmac-
ripemd...@openssh.com', 'hmac-sha1-96', 'hmac-md5-96'] server mac:
['hmac-md5', 'hmac-sha1', 'hmac-ripemd160', 'hmac-
ripemd...@openssh.com', 'hmac-sha1-96', 'hmac-md5-96'] client compress:
['none', 'zlib'] server compress:['none', 'zlib'] client lang:['']
server lang:[''] kex follows?False
12:35:44 DEBUG Ciphers agreed: local=aes128-ctr, remote=aes128-ctr
12:35:44 DEBUG using kex diffie-hellman-group1-sha1; server key type
ssh-rsa; cipher: local aes128-ctr, remote aes128-ctr; mac: local hmac-
sha1, remote hmac-sha1; compression: local none, remote none
12:35:44 DEBUG Switch to new keys ...
12:35:44 DEBUG userauth is OK
12:35:44 INFO Authentication (password) successful!
12:35:45 DEBUG EOF in transport thread
12:35:45 ERROR SVN: Failed to get repository information for svn
+ssh://swiss.cpm.com/repo: To better debug SSH connection problems,
remove the -q option from 'ssh' in the [tunnels] section of your
Subversion configuration file. Network connection closed unexpectedly
This appears to be an issue with my local subversion, but I'm still
hunting it down
On Dec 2, 2:06 pm, Matt Billock mattbill...@gmail.com wrote:
Additional info:
- This install is on CentOS
- using Apache
- The ssh login is failing in paramiko.
- When I attempt to save my repository info, the only error I receive
is (13, 'Permission denied').
- I traced the call into paramiko's code, at sock.connect(), but
cannot figure out exactly what's going wrong.
- RB version 1.6.3
Is there some sort of additional configuration required to allow the
apache user access to the ssh functionality? Is that user even the
user that is active when the ssh action is performed?
On Dec 1, 1:15 pm, Matt Billock mattbill...@gmail.com wrote:
Hey all,
I'm attempting to hook up my new reviewboard install to my company's
subversion repository, but I keep receiving the following error when I
hit the Save button:
Please correct the error below:
- (13,'Permission denied')
The only relevant entries I could find from the httpd error logs were:
[Thu Dec 01 11:11:46 2011] [error] /usr/lib64/python2.4/site-packages/
Crypto/Util/number.py:57: PowmInsecureWarning: Not using
mpz_powm_sec. You should rebuild using libgmp = 5 to avoid timing
attack vulnerability.
[Thu Dec 01 11:11:46 2011] [error] _warn(Not using mpz_powm_sec.
You should rebuild using libgmp = 5 to avoid timing attack
vulnerability., PowmInsecureWarning)
[Thu Dec 01 11:12:11 2011] [error] /usr/lib/python2.4/site-packages/
Django-1.3.1-py2.4.egg/django/contrib/auth/models.py:393:
DeprecationWarning: The user messaging API is deprecated. Please
update your code to use the new messages framework.
[Thu Dec 01 11:12:11 2011] [error] category=DeprecationWarning)
[Thu Dec 01 11:12:18 2011] [error] /usr/lib/python2.4/site-packages/
Django-1.3.1-py2.4.egg/django/contrib/auth/models.py:393:
DeprecationWarning: The user messaging API is deprecated. Please
update your code to use the new messages framework.
[Thu Dec 01 11:12:18 2011] [error]
Re: Error setting up subversion repository
Additional info: - This install is on CentOS - using Apache - The ssh login is failing in paramiko. - When I attempt to save my repository info, the only error I receive is (13, 'Permission denied'). - I traced the call into paramiko's code, at sock.connect(), but cannot figure out exactly what's going wrong. - RB version 1.6.3 Is there some sort of additional configuration required to allow the apache user access to the ssh functionality? Is that user even the user that is active when the ssh action is performed? On Dec 1, 1:15 pm, Matt Billock mattbill...@gmail.com wrote: Hey all, I'm attempting to hook up my new reviewboard install to my company's subversion repository, but I keep receiving the following error when I hit the Save button: Please correct the error below: - (13,'Permission denied') The only relevant entries I could find from the httpd error logs were: [Thu Dec 01 11:11:46 2011] [error] /usr/lib64/python2.4/site-packages/ Crypto/Util/number.py:57: PowmInsecureWarning: Not using mpz_powm_sec. You should rebuild using libgmp = 5 to avoid timing attack vulnerability. [Thu Dec 01 11:11:46 2011] [error] _warn(Not using mpz_powm_sec. You should rebuild using libgmp = 5 to avoid timing attack vulnerability., PowmInsecureWarning) [Thu Dec 01 11:12:11 2011] [error] /usr/lib/python2.4/site-packages/ Django-1.3.1-py2.4.egg/django/contrib/auth/models.py:393: DeprecationWarning: The user messaging API is deprecated. Please update your code to use the new messages framework. [Thu Dec 01 11:12:11 2011] [error] category=DeprecationWarning) [Thu Dec 01 11:12:18 2011] [error] /usr/lib/python2.4/site-packages/ Django-1.3.1-py2.4.egg/django/contrib/auth/models.py:393: DeprecationWarning: The user messaging API is deprecated. Please update your code to use the new messages framework. [Thu Dec 01 11:12:18 2011] [error] category=DeprecationWarning) This is the entire amount of documentation I have to go on. Is there any known reason why this would occur? I connect to my repo using the svn+ssh protocol, but I am providing the correct username and password. Thanks for your your help! -- Want to help the Review Board project? Donate today at http://www.reviewboard.org/donate/ Happy user? Let us know at http://www.reviewboard.org/users/ -~--~~~~--~~--~--~--- To unsubscribe from this group, send email to reviewboard+unsubscr...@googlegroups.com For more options, visit this group at http://groups.google.com/group/reviewboard?hl=en
