Re: [Savannah-users] SSH key change seems ineffectual

[Bob Proulx]

Steve White wrote:
> I found it.

Yay! \o/

> Something went wrong when I pasted the RSA key into the field -- the
> beggining and end looked the same as my key,
> but in between something got pasted twice.

Ah...  Yes that would do it.

> Sorry for the trouble.

No trouble at all.  Glad you were able to get things going.

Bob

Re: [Savannah-users] SSH key change seems ineffectual

[Steve White]

Hi,

I found it.

Something went wrong when I pasted the RSA key into the field -- the
beggining and end looked the same as my key,
but in between something got pasted twice.

Sorry for the trouble.

On Fri, Apr 6, 2018 at 10:57 PM, Steve White  wrote:
> Hi Bob,
>
> I am trying to do commits from a new machine.  I added its SSH public
> RSA key on the Savannah web page (for GNU FreeFont project), but for
> hours, neither SVN nor CVS works for me.  Both are asking for a
> password.
>
> Have i forgotten something?  Or do key changes have to be authorized
> by somebody?
>
> Thanks!

Re: [Savannah-users] SSH key change seems ineffectual

[Andreas Schwab]

On Apr 07 2018, Steve White  wrote:

> debug1: Skipping ssh-dss key /home/swhite/.ssh/id_dsa - not in
> PubkeyAcceptedKeyTypes

You only have an DSA key, but your local ssh configuration doesn't list
DSA as an acceptable key type.

Andreas.

-- 
Andreas Schwab, sch...@linux-m68k.org
GPG Key fingerprint = 58CA 54C7 6D53 942B 1756  01D3 44D5 214B 8276 4ED5
"And now for something completely different."

Re: [Savannah-users] SSH key change seems ineffectual

[Steve White]

Hi,  I guess it's OK to send the results of your second test.
Something clearly goes haywire with the RSA offering, but I don't know why.
I've used this system to ssh to other machines locally and remotely --
this is the first problem I've seen.

ssh -v stevan_wh...@cvs.savannah.gnu.org hostname
OpenSSH_7.2p2 Ubuntu-4ubuntu2.4, OpenSSL 1.0.2g  1 Mar 2016
debug1: Reading configuration data /etc/ssh/ssh_config
debug1: /etc/ssh/ssh_config line 19: Applying options for *
debug1: Connecting to cvs.savannah.gnu.org [208.118.235.201] port 22.
debug1: Connection established.
debug1: identity file /home/swhite/.ssh/id_rsa type 1
debug1: key_load_public: No such file or directory
debug1: identity file /home/swhite/.ssh/id_rsa-cert type -1
debug1: identity file /home/swhite/.ssh/id_dsa type 2
debug1: key_load_public: No such file or directory
debug1: identity file /home/swhite/.ssh/id_dsa-cert type -1
debug1: key_load_public: No such file or directory
debug1: identity file /home/swhite/.ssh/id_ecdsa type -1
debug1: key_load_public: No such file or directory
debug1: identity file /home/swhite/.ssh/id_ecdsa-cert type -1
debug1: key_load_public: No such file or directory
debug1: identity file /home/swhite/.ssh/id_ed25519 type -1
debug1: key_load_public: No such file or directory
debug1: identity file /home/swhite/.ssh/id_ed25519-cert type -1
debug1: Enabling compatibility mode for protocol 2.0
debug1: Local version string SSH-2.0-OpenSSH_7.2p2 Ubuntu-4ubuntu2.4
debug1: Remote protocol version 2.0, remote software version
OpenSSH_6.6.1p1 Trisquel_GNU/linux_7.0-1
debug1: match: OpenSSH_6.6.1p1 Trisquel_GNU/linux_7.0-1 pat
OpenSSH_6.6.1* compat 0x0400
debug1: Authenticating to cvs.savannah.gnu.org:22 as 'Stevan_White'
debug1: SSH2_MSG_KEXINIT sent
debug1: SSH2_MSG_KEXINIT received
debug1: kex: algorithm: curve25519-sha...@libssh.org
debug1: kex: host key algorithm: ecdsa-sha2-nistp256
debug1: kex: server->client cipher: chacha20-poly1...@openssh.com MAC:
 compression: none
debug1: kex: client->server cipher: chacha20-poly1...@openssh.com MAC:
 compression: none
debug1: expecting SSH2_MSG_KEX_ECDH_REPLY
debug1: Server host key: ecdsa-sha2-nistp256
SHA256:qRLLJ4w/GAeiDyYnbx4yWJbZXwGiYYxgNty7lAfUyuM
debug1: Host 'cvs.savannah.gnu.org' is known and matches the ECDSA host key.
debug1: Found key in /home/swhite/.ssh/known_hosts:9
debug1: rekey after 134217728 blocks
debug1: SSH2_MSG_NEWKEYS sent
debug1: expecting SSH2_MSG_NEWKEYS
debug1: rekey after 134217728 blocks
debug1: SSH2_MSG_NEWKEYS received
debug1: Skipping ssh-dss key /home/swhite/.ssh/id_dsa - not in
PubkeyAcceptedKeyTypes
debug1: SSH2_MSG_SERVICE_ACCEPT received
debug1: Authentications that can continue: publickey,password
debug1: Next authentication method: publickey
debug1: Offering RSA public key: /home/swhite/.ssh/id_rsa
debug1: Authentications that can continue: publickey,password
debug1: Trying private key: /home/swhite/.ssh/id_ecdsa
debug1: Trying private key: /home/swhite/.ssh/id_ed25519
debug1: Next authentication method: password



On Sat, Apr 7, 2018 at 12:57 AM, Bob Proulx  wrote:
> Hi Steve,
>
>> I am trying to do commits from a new machine.  I added its SSH public
>> RSA key on the Savannah web page (for GNU FreeFont project), but for
>> hours, neither SVN nor CVS works for me.  Both are asking for a
>> password.
>
> Looking in the logs doesn't show anything obvious.  Seems like it
> should be working.  I looked quickly at your ssh keys in the database
> and they looked okay.  Since you say you are working from a new
> machine then I suspect something there.  Perhaps permissions.  Usually
> permissions must not be group writable anywhere up the directory tree
> for example so be sure to check permissions.
>
>> Have i forgotten something?  Or do key changes have to be authorized
>> by somebody?
>
> Things should be working.  Try this as a simple test.
>
>   $ ssh stevan_wh...@cvs.savannah.gnu.org hostname
>
> You should see:
>
>   You tried to execute: hostname
>   Sorry, you are not allowed to execute that command.
>
> That means things are working.  But you might be seeing something
> else.  If so and the reason isn't obvious then try:
>
>   ssh -v stevan_wh...@cvs.savannah.gnu.org hostname
>
> You should see something like (this is from me):
>
>   debug1: Next authentication method: publickey
>   debug1: Offering public key: RSA 
> SHA256:ny9SZmnnLpUeTcmzt+pVpoxdH39AntZ+8Cb33tmCLzQ /home/rwp/.ssh/id_rsa
>   debug1: Server accepts key: pkalg ssh-rsa blen 279
>
> If you don't then something is wrong with the public key offer.
> Either permissions or something.
>
> Bob
>

Re: [Savannah-users] SSH key change seems ineffectual

[Bob Proulx]

Hi Steve,

> I am trying to do commits from a new machine.  I added its SSH public
> RSA key on the Savannah web page (for GNU FreeFont project), but for
> hours, neither SVN nor CVS works for me.  Both are asking for a
> password.

Looking in the logs doesn't show anything obvious.  Seems like it
should be working.  I looked quickly at your ssh keys in the database
and they looked okay.  Since you say you are working from a new
machine then I suspect something there.  Perhaps permissions.  Usually
permissions must not be group writable anywhere up the directory tree
for example so be sure to check permissions.

> Have i forgotten something?  Or do key changes have to be authorized
> by somebody?

Things should be working.  Try this as a simple test.

  $ ssh stevan_wh...@cvs.savannah.gnu.org hostname

You should see:

  You tried to execute: hostname
  Sorry, you are not allowed to execute that command.

That means things are working.  But you might be seeing something
else.  If so and the reason isn't obvious then try:

  ssh -v stevan_wh...@cvs.savannah.gnu.org hostname

You should see something like (this is from me):

  debug1: Next authentication method: publickey
  debug1: Offering public key: RSA 
SHA256:ny9SZmnnLpUeTcmzt+pVpoxdH39AntZ+8Cb33tmCLzQ /home/rwp/.ssh/id_rsa
  debug1: Server accepts key: pkalg ssh-rsa blen 279

If you don't then something is wrong with the public key offer.
Either permissions or something.

Bob

[Savannah-users] SSH key change seems ineffectual

[Steve White]

Hi Bob,

I am trying to do commits from a new machine.  I added its SSH public
RSA key on the Savannah web page (for GNU FreeFont project), but for
hours, neither SVN nor CVS works for me.  Both are asking for a
password.

Have i forgotten something?  Or do key changes have to be authorized
by somebody?

Thanks!