Re: Error setting up subversion repository
Yeah, so I fixed this. For anyone concerned, this was the solution: - Instructions I had been following on an internal wiki for setting up passwordless SSH were a bit out-of-date. They stated that copying your public key to .ssh/authorized_keys2 on the server would be sufficient, but this method is deprecated (http://serverfault.com/questions/116177/ whats-the-difference-between-authorized-keys-and-authorized-keys2) - So all I did was log in as www-data (su - www-data) - generate rsa keys and set permissions - scp rsa public key to authorized_keys2 on the server - ssh to the server - cat .ssh/authorized_keys2 .ssh/authorized_keys and presto - it works! On Dec 8, 12:43 pm, Matt Billock mattbill...@gmail.com wrote: Note, this also fails on debian, which is supposedly your default install. I get to the same place (once again obfuscated): - Install apache with mod-wsgi - Install mysql - Install dependencies - Install reviewboard - Set up reviewboard - Go to admin - Go to repositories - Go to Add repository - Fill in information for the repository: - name: My_Default_repo - Hosting Service: custom - Repository Type: subversion - Path: svn+ssh://usern...@server.domain.com/repo - Username: username - Password: password When I su to www-data, I am not only able to ssh to the server without issue: $ ssh usern...@server.domain.com usern...@server.domain.com's password: Last login: Thu Dec 8 11:42:05 2011 from iss4.domain.com [username@server ~]$ but I can also svn ls without issue into the repository: $ svn ls svn+ssh://usern...@server.domain.com/repo usern...@server.domain.com's password: branches/ tags/ trunk/ My server log is hopelessly unhelpful: 09:49:46 DEBUG SVNTool: Attempting ssh connection with host: server.domain.com, username: username 09:49:51 DEBUG starting thread (client mode): 0xb9d1b7acL 09:49:51 INFO Connected (version 1.99, client OpenSSH_3.9p1) 09:49:51 DEBUG kex algos:['diffie-hellman-group-exchange-sha1', 'diffie-hellman-group14-sha1', 'diffie-hellman-group1-sha1'] server key:['ssh-rsa', 'ssh-dss'] client encrypt:['aes128-cbc', '3des-cbc', 'blowfish-cbc', 'cast128-cbc', 'arcfour', 'aes192-cbc', 'aes256-cbc', 'rijndael-...@lysator.liu.se', 'aes128-ctr', 'aes192-ctr', 'aes256- ctr'] server encrypt:['aes128-cbc', '3des-cbc', 'blowfish-cbc', 'cast128-cbc', 'arcfour', 'aes192-cbc', 'aes256-cbc', 'rijndael- c...@lysator.liu.se', 'aes128-ctr', 'aes192-ctr', 'aes256-ctr'] client mac:['hmac-md5', 'hmac-sha1', 'hmac-ripemd160', 'hmac- ripemd...@openssh.com', 'hmac-sha1-96', 'hmac-md5-96'] server mac: ['hmac-md5', 'hmac-sha1', 'hmac-ripemd160', 'hmac- ripemd...@openssh.com', 'hmac-sha1-96', 'hmac-md5-96'] client compress: ['none', 'zlib'] server compress:['none', 'zlib'] client lang:[''] server lang:[''] kex follows?False 09:49:51 DEBUG Ciphers agreed: local=aes128-ctr, remote=aes128-ctr 09:49:51 DEBUG using kex diffie-hellman-group1-sha1; server key type ssh-rsa; cipher: local aes128-ctr, remote aes128-ctr; mac: local hmac- sha1, remote hmac-sha1; compression: local none, remote none 09:49:51 DEBUG Switch to new keys ... 09:49:51 DEBUG Trying SSH key 1586182b11aa1bc8ea870f3de4fec832 09:49:51 DEBUG userauth is OK 09:49:51 INFO Authentication (publickey) failed. 09:49:51 DEBUG Trying discovered key 1586182b11aa1bc8ea870f3de4fec832 in /var/www/10.1.2.233/data/.ssh/ id_rsa 09:49:51 DEBUG userauth is OK 09:49:51 INFO Authentication (publickey) failed. 09:49:51 DEBUG userauth is OK 09:49:51 INFO Authentication (password) successful! 09:49:51 DEBUG EOF in transport thread 09:49:52 ERROR SVN: Failed to get repository information for svn +ssh://usern...@server.domain.com/repo/: To better debug SSH connection problems, remove the -q option from 'ssh' in the [tunnels] section of your Subversion configuration file. Network connection closed unexpectedly So in short, unless one of you has some more information the issue appears to be in the reviewboard software, but I cannot find where. As far as I can tell I have everything configured correctly. Does anyone have any ideas whatsoever? I'm running on empty here, and could really use some assistance. It appears to be some sort of ssh connection issue, but when I switch users to www-data, I can ssh to the server without any problems at all, and as demonstrated above I have absolutely no problems using svn's ssh tunnel via the command line. On Dec 7, 8:14 am, Matt Billock mattbill...@gmail.com wrote: I haven't as yet been able to hunt this down, but it does appear to be a SSH communications issue. I am able to access the server in question from the console using the apache user, and the logs state that initial attempts to authenticate are successful -
Re: Error setting up subversion repository
Note, this also fails on debian, which is supposedly your default install. I get to the same place (once again obfuscated): - Install apache with mod-wsgi - Install mysql - Install dependencies - Install reviewboard - Set up reviewboard - Go to admin - Go to repositories - Go to Add repository - Fill in information for the repository: - name: My_Default_repo - Hosting Service: custom - Repository Type: subversion - Path: svn+ssh://usern...@server.domain.com/repo - Username: username - Password: password When I su to www-data, I am not only able to ssh to the server without issue: $ ssh usern...@server.domain.com usern...@server.domain.com's password: Last login: Thu Dec 8 11:42:05 2011 from iss4.domain.com [username@server ~]$ but I can also svn ls without issue into the repository: $ svn ls svn+ssh://usern...@server.domain.com/repo usern...@server.domain.com's password: branches/ tags/ trunk/ My server log is hopelessly unhelpful: 09:49:46DEBUG SVNTool: Attempting ssh connection with host: server.domain.com, username: username 09:49:51DEBUG starting thread (client mode): 0xb9d1b7acL 09:49:51INFOConnected (version 1.99, client OpenSSH_3.9p1) 09:49:51DEBUG kex algos:['diffie-hellman-group-exchange-sha1', 'diffie-hellman-group14-sha1', 'diffie-hellman-group1-sha1'] server key:['ssh-rsa', 'ssh-dss'] client encrypt:['aes128-cbc', '3des-cbc', 'blowfish-cbc', 'cast128-cbc', 'arcfour', 'aes192-cbc', 'aes256-cbc', 'rijndael-...@lysator.liu.se', 'aes128-ctr', 'aes192-ctr', 'aes256- ctr'] server encrypt:['aes128-cbc', '3des-cbc', 'blowfish-cbc', 'cast128-cbc', 'arcfour', 'aes192-cbc', 'aes256-cbc', 'rijndael- c...@lysator.liu.se', 'aes128-ctr', 'aes192-ctr', 'aes256-ctr'] client mac:['hmac-md5', 'hmac-sha1', 'hmac-ripemd160', 'hmac- ripemd...@openssh.com', 'hmac-sha1-96', 'hmac-md5-96'] server mac: ['hmac-md5', 'hmac-sha1', 'hmac-ripemd160', 'hmac- ripemd...@openssh.com', 'hmac-sha1-96', 'hmac-md5-96'] client compress: ['none', 'zlib'] server compress:['none', 'zlib'] client lang:[''] server lang:[''] kex follows?False 09:49:51DEBUG Ciphers agreed: local=aes128-ctr, remote=aes128-ctr 09:49:51DEBUG using kex diffie-hellman-group1-sha1; server key type ssh-rsa; cipher: local aes128-ctr, remote aes128-ctr; mac: local hmac- sha1, remote hmac-sha1; compression: local none, remote none 09:49:51DEBUG Switch to new keys ... 09:49:51DEBUG Trying SSH key 1586182b11aa1bc8ea870f3de4fec832 09:49:51DEBUG userauth is OK 09:49:51INFOAuthentication (publickey) failed. 09:49:51DEBUG Trying discovered key 1586182b11aa1bc8ea870f3de4fec832 in /var/www/10.1.2.233/data/.ssh/ id_rsa 09:49:51DEBUG userauth is OK 09:49:51INFOAuthentication (publickey) failed. 09:49:51DEBUG userauth is OK 09:49:51INFOAuthentication (password) successful! 09:49:51DEBUG EOF in transport thread 09:49:52ERROR SVN: Failed to get repository information for svn +ssh://usern...@server.domain.com/repo/: To better debug SSH connection problems, remove the -q option from 'ssh' in the [tunnels] section of your Subversion configuration file. Network connection closed unexpectedly So in short, unless one of you has some more information the issue appears to be in the reviewboard software, but I cannot find where. As far as I can tell I have everything configured correctly. Does anyone have any ideas whatsoever? I'm running on empty here, and could really use some assistance. It appears to be some sort of ssh connection issue, but when I switch users to www-data, I can ssh to the server without any problems at all, and as demonstrated above I have absolutely no problems using svn's ssh tunnel via the command line. On Dec 7, 8:14 am, Matt Billock mattbill...@gmail.com wrote: I haven't as yet been able to hunt this down, but it does appear to be a SSH communications issue. I am able to access the server in question from the console using the apache user, and the logs state that initial attempts to authenticate are successful - there is just one final missing step that I can't seem to locate. I've seen this issue appear in this group a couple times, but I do not know if any resolution was found. Is there any information anyone can provide? On Dec 2, 2:44 pm, Matt Billock mattbill...@gmail.com wrote: Fixed the (13,'Permission Denied') error with the following line: setsebool -P httpd_can_network_connect 1 taken from: http://wiki.apache.org/httpd/13PermissionDenied SELinux, apparently by default, was preventing apache from making network connections. I've moved on to a more different error, this time specific to subversion. From the logs (obfuscated to protect the innocent): 12:35:44 DEBUG SVNTool: Attempting ssh connection with host: {repository}, username: {username} 12:35:44
Re: Error setting up subversion repository
I haven't as yet been able to hunt this down, but it does appear to be a SSH communications issue. I am able to access the server in question from the console using the apache user, and the logs state that initial attempts to authenticate are successful - there is just one final missing step that I can't seem to locate. I've seen this issue appear in this group a couple times, but I do not know if any resolution was found. Is there any information anyone can provide? On Dec 2, 2:44 pm, Matt Billock mattbill...@gmail.com wrote: Fixed the (13,'Permission Denied') error with the following line: setsebool -P httpd_can_network_connect 1 taken from: http://wiki.apache.org/httpd/13PermissionDenied SELinux, apparently by default, was preventing apache from making network connections. I've moved on to a more different error, this time specific to subversion. From the logs (obfuscated to protect the innocent): 12:35:44 DEBUG SVNTool: Attempting ssh connection with host: {repository}, username: {username} 12:35:44 DEBUG starting thread (client mode): 0xAB2FDB10L 12:35:44 INFO Connected (version 1.99, client OpenSSH_3.9p1) 12:35:44 DEBUG kex algos:['diffie-hellman-group-exchange-sha1', 'diffie-hellman-group14-sha1', 'diffie-hellman-group1-sha1'] server key:['ssh-rsa', 'ssh-dss'] client encrypt:['aes128-cbc', '3des-cbc', 'blowfish-cbc', 'cast128-cbc', 'arcfour', 'aes192-cbc', 'aes256-cbc', 'rijndael-...@lysator.liu.se', 'aes128-ctr', 'aes192-ctr', 'aes256- ctr'] server encrypt:['aes128-cbc', '3des-cbc', 'blowfish-cbc', 'cast128-cbc', 'arcfour', 'aes192-cbc', 'aes256-cbc', 'rijndael- c...@lysator.liu.se', 'aes128-ctr', 'aes192-ctr', 'aes256-ctr'] client mac:['hmac-md5', 'hmac-sha1', 'hmac-ripemd160', 'hmac- ripemd...@openssh.com', 'hmac-sha1-96', 'hmac-md5-96'] server mac: ['hmac-md5', 'hmac-sha1', 'hmac-ripemd160', 'hmac- ripemd...@openssh.com', 'hmac-sha1-96', 'hmac-md5-96'] client compress: ['none', 'zlib'] server compress:['none', 'zlib'] client lang:[''] server lang:[''] kex follows?False 12:35:44 DEBUG Ciphers agreed: local=aes128-ctr, remote=aes128-ctr 12:35:44 DEBUG using kex diffie-hellman-group1-sha1; server key type ssh-rsa; cipher: local aes128-ctr, remote aes128-ctr; mac: local hmac- sha1, remote hmac-sha1; compression: local none, remote none 12:35:44 DEBUG Switch to new keys ... 12:35:44 DEBUG userauth is OK 12:35:44 INFO Authentication (password) successful! 12:35:45 DEBUG EOF in transport thread 12:35:45 ERROR SVN: Failed to get repository information for svn +ssh://swiss.cpm.com/repo: To better debug SSH connection problems, remove the -q option from 'ssh' in the [tunnels] section of your Subversion configuration file. Network connection closed unexpectedly This appears to be an issue with my local subversion, but I'm still hunting it down On Dec 2, 2:06 pm, Matt Billock mattbill...@gmail.com wrote: Additional info: - This install is on CentOS - using Apache - The ssh login is failing in paramiko. - When I attempt to save my repository info, the only error I receive is (13, 'Permission denied'). - I traced the call into paramiko's code, at sock.connect(), but cannot figure out exactly what's going wrong. - RB version 1.6.3 Is there some sort of additional configuration required to allow the apache user access to the ssh functionality? Is that user even the user that is active when the ssh action is performed? On Dec 1, 1:15 pm, Matt Billock mattbill...@gmail.com wrote: Hey all, I'm attempting to hook up my new reviewboard install to my company's subversion repository, but I keep receiving the following error when I hit the Save button: Please correct the error below: - (13,'Permission denied') The only relevant entries I could find from the httpd error logs were: [Thu Dec 01 11:11:46 2011] [error] /usr/lib64/python2.4/site-packages/ Crypto/Util/number.py:57: PowmInsecureWarning: Not using mpz_powm_sec. You should rebuild using libgmp = 5 to avoid timing attack vulnerability. [Thu Dec 01 11:11:46 2011] [error] _warn(Not using mpz_powm_sec. You should rebuild using libgmp = 5 to avoid timing attack vulnerability., PowmInsecureWarning) [Thu Dec 01 11:12:11 2011] [error] /usr/lib/python2.4/site-packages/ Django-1.3.1-py2.4.egg/django/contrib/auth/models.py:393: DeprecationWarning: The user messaging API is deprecated. Please update your code to use the new messages framework. [Thu Dec 01 11:12:11 2011] [error] category=DeprecationWarning) [Thu Dec 01 11:12:18 2011] [error] /usr/lib/python2.4/site-packages/ Django-1.3.1-py2.4.egg/django/contrib/auth/models.py:393: DeprecationWarning: The user messaging API is deprecated. Please update your code to use the new messages framework. [Thu Dec 01 11:12:18 2011] [error]
Re: Error setting up subversion repository
Additional info: - This install is on CentOS - using Apache - The ssh login is failing in paramiko. - When I attempt to save my repository info, the only error I receive is (13, 'Permission denied'). - I traced the call into paramiko's code, at sock.connect(), but cannot figure out exactly what's going wrong. - RB version 1.6.3 Is there some sort of additional configuration required to allow the apache user access to the ssh functionality? Is that user even the user that is active when the ssh action is performed? On Dec 1, 1:15 pm, Matt Billock mattbill...@gmail.com wrote: Hey all, I'm attempting to hook up my new reviewboard install to my company's subversion repository, but I keep receiving the following error when I hit the Save button: Please correct the error below: - (13,'Permission denied') The only relevant entries I could find from the httpd error logs were: [Thu Dec 01 11:11:46 2011] [error] /usr/lib64/python2.4/site-packages/ Crypto/Util/number.py:57: PowmInsecureWarning: Not using mpz_powm_sec. You should rebuild using libgmp = 5 to avoid timing attack vulnerability. [Thu Dec 01 11:11:46 2011] [error] _warn(Not using mpz_powm_sec. You should rebuild using libgmp = 5 to avoid timing attack vulnerability., PowmInsecureWarning) [Thu Dec 01 11:12:11 2011] [error] /usr/lib/python2.4/site-packages/ Django-1.3.1-py2.4.egg/django/contrib/auth/models.py:393: DeprecationWarning: The user messaging API is deprecated. Please update your code to use the new messages framework. [Thu Dec 01 11:12:11 2011] [error] category=DeprecationWarning) [Thu Dec 01 11:12:18 2011] [error] /usr/lib/python2.4/site-packages/ Django-1.3.1-py2.4.egg/django/contrib/auth/models.py:393: DeprecationWarning: The user messaging API is deprecated. Please update your code to use the new messages framework. [Thu Dec 01 11:12:18 2011] [error] category=DeprecationWarning) This is the entire amount of documentation I have to go on. Is there any known reason why this would occur? I connect to my repo using the svn+ssh protocol, but I am providing the correct username and password. Thanks for your your help! -- Want to help the Review Board project? Donate today at http://www.reviewboard.org/donate/ Happy user? Let us know at http://www.reviewboard.org/users/ -~--~~~~--~~--~--~--- To unsubscribe from this group, send email to reviewboard+unsubscr...@googlegroups.com For more options, visit this group at http://groups.google.com/group/reviewboard?hl=en