Problems with read/write cvs access

Problems with read/write cvs access

[William Cohen]

[-- Attachment #1: Type: text/plain, Size: 830 bytes --]

I am attempting to check out systemtap related material with read/write 
permission from sources.redhat.com. So far I have been unsuccessful. I 
have an gcc.gnu.org account (should be wcohen) that had read/write 
access. However, I have not used the gcc.gnu.org account for a while. I 
was told that things should be available if I had the gcc.gnu.org 
account. Below is the problem I encounter when I attempt to check things 
out.

$ echo $CVS_RSH
ssh
$ cvs -d :ext:wcohen@sources.redhat.com:/cvs/systemtap co htdocs
Permission denied (publickey,keyboard-interactive).
cvs [checkout aborted]: end of file from server (consult above messages 
if any)

I don't even get a chance to enter my pass phrase. What needs to be done 
so to obtain read/write access to systemtap cvs. Just in case I have 
attached .ssh/id_dsa.pub.

-Will


[-- Attachment #2: id_dsa.pub --]
[-- Type: text/plain, Size: 603 bytes --]

ssh-dss AAAAB3NzaC1kc3MAAACBAJMoDLBCnoeshox4azclNzqB+xc8XD/Imb3aCpuYa9MvP3dRUiexGFQPH2H/TiCZpBeC9E6jrz6/fIz8wLYUpQJXJO20HHuq6pPeYQOTLELxghsWifzxQJYGLkfIPyzPtumuwjGROOM3Q5m57bgkFnuT2KsEW7fqfD42vTk8fPElAAAAFQCx0lmih2FmkkbOHYoXe7J0NPV7LwAAAIBCikkxVC3TNR62tbUtlONat05GoIaNfE2Oji31MmMpagQ9d0zlv/cfP4pbxDVmt0pYYUBGRrnlf+LqhPBc+QfTPMU79iEobPeWJ6i/DuaAGLx1AgaHybQLAsB+I0EtZ9aUvIa6otLBvx2/Kf9joM/FXlWMBCiOumE8IrxBLe1TxwAAAIBSe5AqQ5hIDw86FU/f7NqLbnStUJGKRvrgMrSzL5dWwti78iH7jxJvpedLj3AixEyhBahfDvoNWeWwuCJqt9cVTyc9OdwQzwXkuo/g8/N4MI4lxUE5CbeM1ZRMBIW/4vIGqb4wr+ZRkP7/KdVnYyhnZq3PytmvaJTH3ADVWZD8fg== wcohen@wcohen

Re: Problems with read/write cvs access

[Ian Lance Taylor]

William Cohen <wcohen@nc.rr.com> writes:

> I am attempting to check out systemtap related material with
> read/write permission from sources.redhat.com. So far I have been
> unsuccessful. I have an gcc.gnu.org account (should be wcohen) that
> had read/write access. However, I have not used the gcc.gnu.org
> account for a while. I was told that things should be available if I
> had the gcc.gnu.org account. Below is the problem I encounter when I
> attempt to check things out.
> 
> $ echo $CVS_RSH
> ssh
> $ cvs -d :ext:wcohen@sources.redhat.com:/cvs/systemtap co htdocs
> Permission denied (publickey,keyboard-interactive).
> cvs [checkout aborted]: end of file from server (consult above
> messages if any)
> 
> I don't even get a chance to enter my pass phrase. What needs to be
> done so to obtain read/write access to systemtap cvs. Just in case I
> have attached .ssh/id_dsa.pub.
> 
> -Will
> 
> ssh-dss AAAAB3NzaC1kc3MAAACBAJMoDLBCnoeshox4azclNzqB+xc8XD/Imb3aCpuYa9MvP3dRUiexGFQPH2H/TiCZpBeC9E6jrz6/fIz8wLYUpQJXJO20HHuq6pPeYQOTLELxghsWifzxQJYGLkfIPyzPtumuwjGROOM3Q5m57bgkFnuT2KsEW7fqfD42vTk8fPElAAAAFQCx0lmih2FmkkbOHYoXe7J0NPV7LwAAAIBCikkxVC3TNR62tbUtlONat05GoIaNfE2Oji31MmMpagQ9d0zlv/cfP4pbxDVmt0pYYUBGRrnlf+LqhPBc+QfTPMU79iEobPeWJ6i/DuaAGLx1AgaHybQLAsB+I0EtZ9aUvIa6otLBvx2/Kf9joM/FXlWMBCiOumE8IrxBLe1TxwAAAIBSe5AqQ5hIDw86FU/f7NqLbnStUJGKRvrgMrSzL5dWwti78iH7jxJvpedLj3AixEyhBahfDvoNWeWwuCJqt9cVTyc9OdwQzwXkuo/g8/N4MI4lxUE5CbeM1ZRMBIW/4vIGqb4wr+ZRkP7/KdVnYyhnZq3PytmvaJTH3ADVWZD8fg== wcohen@wcohen

That is not the public key which you have on gcc.gnu.org.  The two on
gcc.gnu.org start with "1024 35" (i.e., is an SSHv1 key).  One ends
with wcohen@wcohen.devel.redhat.com and one ends with wcohen@wcohen.

I'm never too sure what to do in this sort of situation.  Are you sure
you are the same William Cohen?

Ian

Re: Problems with read/write cvs access

[William Cohen]

[-- Attachment #1: Type: text/plain, Size: 2088 bytes --]

Ian Lance Taylor wrote:
> William Cohen <wcohen@nc.rr.com> writes:
> 
> 
>>I am attempting to check out systemtap related material with
>>read/write permission from sources.redhat.com. So far I have been
>>unsuccessful. I have an gcc.gnu.org account (should be wcohen) that
>>had read/write access. However, I have not used the gcc.gnu.org
>>account for a while. I was told that things should be available if I
>>had the gcc.gnu.org account. Below is the problem I encounter when I
>>attempt to check things out.
>>
>>$ echo $CVS_RSH
>>ssh
>>$ cvs -d :ext:wcohen@sources.redhat.com:/cvs/systemtap co htdocs
>>Permission denied (publickey,keyboard-interactive).
>>cvs [checkout aborted]: end of file from server (consult above
>>messages if any)
>>
>>I don't even get a chance to enter my pass phrase. What needs to be
>>done so to obtain read/write access to systemtap cvs. Just in case I
>>have attached .ssh/id_dsa.pub.
>>
>>-Will
>>
>>ssh-dss AAAAB3NzaC1kc3MAAACBAJMoDLBCnoeshox4azclNzqB+xc8XD/Imb3aCpuYa9MvP3dRUiexGFQPH2H/TiCZpBeC9E6jrz6/fIz8wLYUpQJXJO20HHuq6pPeYQOTLELxghsWifzxQJYGLkfIPyzPtumuwjGROOM3Q5m57bgkFnuT2KsEW7fqfD42vTk8fPElAAAAFQCx0lmih2FmkkbOHYoXe7J0NPV7LwAAAIBCikkxVC3TNR62tbUtlONat05GoIaNfE2Oji31MmMpagQ9d0zlv/cfP4pbxDVmt0pYYUBGRrnlf+LqhPBc+QfTPMU79iEobPeWJ6i/DuaAGLx1AgaHybQLAsB+I0EtZ9aUvIa6otLBvx2/Kf9joM/FXlWMBCiOumE8IrxBLe1TxwAAAIBSe5AqQ5hIDw86FU/f7NqLbnStUJGKRvrgMrSzL5dWwti78iH7jxJvpedLj3AixEyhBahfDvoNWeWwuCJqt9cVTyc9OdwQzwXkuo/g8/N4MI4lxUE5CbeM1ZRMBIW/4vIGqb4wr+ZRkP7/KdVnYyhnZq3PytmvaJTH3ADVWZD8fg== wcohen@wcohen
> 
> 
> That is not the public key which you have on gcc.gnu.org.  The two on
> gcc.gnu.org start with "1024 35" (i.e., is an SSHv1 key).  One ends
> with wcohen@wcohen.devel.redhat.com and one ends with wcohen@wcohen.
> 
> I'm never too sure what to do in this sort of situation.  Are you sure
> you are the same William Cohen?

Unfortunately, my web browser picked the wrong email account to mail 
things from. I am the same wcohen@wcohen.devel.redhat.com

The identity.pub is attached. I must have used that rather than the 
id_dsa.pub.

-Will

[-- Attachment #2: identity.pub --]
[-- Type: text/plain, Size: 332 bytes --]

1024 35 117473504790147691912552951022766511992158021701738276087354997688403450215214736492609263098393281820740171767986032637833353880969758327991594947058715511327882686719027408090573375687823609430222718684434675120440252267352378112620627321401871676765486610084049385742498315764348799334956994495736403397651 wcohen@wcohen

Re: Problems with read/write cvs access

[Ian Lance Taylor]

William Cohen <wcohen@redhat.com> writes:

> The identity.pub is attached. I must have used that rather than the
> id_dsa.pub.

That one is in there.  I'm not sure why it isn't working.  Does ssh -v
offer any suggestions?

Ian

Re: Problems with read/write cvs access

[Frank Ch. Eigler]

[-- Attachment #1: Type: text/plain, Size: 407 bytes --]

Hi -

ian wrote:

> That one is in there.  I'm not sure why it isn't working.  Does ssh -v
> offer any suggestions?

I played with the permissions of his .ssh/authorized_keys, to set it
to 600.  Does someone have an idea why the group owner of his home
directory and some subdirectories belonged to *anoncvs*?

Could this be related to the mystery renaming of ~hunt/.ssh/authorized_keys
a week ago?

- FChE

[-- Attachment #2: Type: application/pgp-signature, Size: 189 bytes --]

Re: Problems with read/write cvs access

[William Cohen]

Ian Lance Taylor wrote:
> William Cohen <wcohen@redhat.com> writes:
> 
> 
>>The identity.pub is attached. I must have used that rather than the
>>id_dsa.pub.
> 
> 
> That one is in there.  I'm not sure why it isn't working.  Does ssh -v
> offer any suggestions?
> 
> Ian

I am not sure whether I should be able to ssh into sources.redhat.com. 
However, here is what I got:

$ ssh -v wcohen@sources.redhat.com
OpenSSH_3.9p1, OpenSSL 0.9.7a Feb 19 2003
debug1: Reading configuration data /etc/ssh/ssh_config
debug1: Applying options for *
debug1: Connecting to sources.redhat.com [12.107.209.250] port 22.
debug1: Connection established.
debug1: identity file /home/wcohen/.ssh/identity type 0
debug1: identity file /home/wcohen/.ssh/id_rsa type -1
debug1: identity file /home/wcohen/.ssh/id_dsa type 0
debug1: Remote protocol version 1.99, remote software version 
OpenSSH_3.6.1p2
debug1: match: OpenSSH_3.6.1p2 pat OpenSSH*
debug1: Enabling compatibility mode for protocol 2.0
debug1: Local version string SSH-2.0-OpenSSH_3.9p1
debug1: SSH2_MSG_KEXINIT sent
debug1: SSH2_MSG_KEXINIT received
debug1: kex: server->client aes128-cbc hmac-md5 none
debug1: kex: client->server aes128-cbc hmac-md5 none
debug1: SSH2_MSG_KEX_DH_GEX_REQUEST(1024<1024<8192) sent
debug1: expecting SSH2_MSG_KEX_DH_GEX_GROUP
debug1: SSH2_MSG_KEX_DH_GEX_INIT sent
debug1: expecting SSH2_MSG_KEX_DH_GEX_REPLY
debug1: Host 'sources.redhat.com' is known and matches the RSA host key.
debug1: Found key in /home/wcohen/.ssh/known_hosts:69
debug1: ssh_rsa_verify: signature correct
debug1: SSH2_MSG_NEWKEYS sent
debug1: expecting SSH2_MSG_NEWKEYS
debug1: SSH2_MSG_NEWKEYS received
debug1: SSH2_MSG_SERVICE_REQUEST sent
debug1: SSH2_MSG_SERVICE_ACCEPT received
debug1: Authentications that can continue: publickey,keyboard-interactive
debug1: Next authentication method: publickey
debug1: Trying private key: /home/wcohen/.ssh/id_rsa
debug1: Next authentication method: keyboard-interactive
debug1: Authentications that can continue: publickey,keyboard-interactive
debug1: No more authentication methods to try.
Permission denied (publickey,keyboard-interactive).

-Will

Re: Problems with read/write cvs access

[Ian Lance Taylor]

William Cohen <wcohen@redhat.com> writes:

> $ ssh -v wcohen@sources.redhat.com
> OpenSSH_3.9p1, OpenSSL 0.9.7a Feb 19 2003
> debug1: Reading configuration data /etc/ssh/ssh_config
> debug1: Applying options for *
> debug1: Connecting to sources.redhat.com [12.107.209.250] port 22.
> debug1: Connection established.
> debug1: identity file /home/wcohen/.ssh/identity type 0
> debug1: identity file /home/wcohen/.ssh/id_rsa type -1
> debug1: identity file /home/wcohen/.ssh/id_dsa type 0
> debug1: Remote protocol version 1.99, remote software version
> OpenSSH_3.6.1p2
> debug1: match: OpenSSH_3.6.1p2 pat OpenSSH*
> debug1: Enabling compatibility mode for protocol 2.0
> debug1: Local version string SSH-2.0-OpenSSH_3.9p1
> debug1: SSH2_MSG_KEXINIT sent
> debug1: SSH2_MSG_KEXINIT received
> debug1: kex: server->client aes128-cbc hmac-md5 none
> debug1: kex: client->server aes128-cbc hmac-md5 none
> debug1: SSH2_MSG_KEX_DH_GEX_REQUEST(1024<1024<8192) sent
> debug1: expecting SSH2_MSG_KEX_DH_GEX_GROUP
> debug1: SSH2_MSG_KEX_DH_GEX_INIT sent
> debug1: expecting SSH2_MSG_KEX_DH_GEX_REPLY
> debug1: Host 'sources.redhat.com' is known and matches the RSA host key.
> debug1: Found key in /home/wcohen/.ssh/known_hosts:69
> debug1: ssh_rsa_verify: signature correct
> debug1: SSH2_MSG_NEWKEYS sent
> debug1: expecting SSH2_MSG_NEWKEYS
> debug1: SSH2_MSG_NEWKEYS received
> debug1: SSH2_MSG_SERVICE_REQUEST sent
> debug1: SSH2_MSG_SERVICE_ACCEPT received
> debug1: Authentications that can continue: publickey,keyboard-interactive
> debug1: Next authentication method: publickey
> debug1: Trying private key: /home/wcohen/.ssh/id_rsa
> debug1: Next authentication method: keyboard-interactive
> debug1: Authentications that can continue: publickey,keyboard-interactive
> debug1: No more authentication methods to try.
> Permission denied (publickey,keyboard-interactive).

Why is it not trying /home/wcoehn/.ssh/identity?

Do you have to force the use of protocol 1 or something?

Ian

Re: Problems with read/write cvs access

[Frank Ch. Eigler]

[-- Attachment #1: Type: text/plain, Size: 804 bytes --]

wcohen wrote:

> I am not sure whether I should be able to ssh into sources.redhat.com. 

Of course you can - that's how cvs-over-ssh works.  Most accounts are
restricted as to what programs they can run, once they log in.  But
the initial negotiation is the same anyway.

> However, here is what I got:
> $ ssh -v wcohen@sources.redhat.com
> OpenSSH_3.9p1, OpenSSL 0.9.7a Feb 19 2003
> [...]
> debug1: Remote protocol version 1.99, remote software version 
> OpenSSH_3.6.1p2
> debug1: match: OpenSSH_3.6.1p2 pat OpenSSH*
> [...]

The "welcome to sourceware" message you received ought to have 
included instructions to use ssh protocol 1 if you supply only
an old-style RSA key.  Put the appropriate clause into your
.ssh/config to force "Protocol 1", and it should work.

- FChE

[-- Attachment #2: Type: application/pgp-signature, Size: 189 bytes --]

Re: Problems with read/write cvs access

[William Cohen]

Frank Ch. Eigler wrote:
> wcohen wrote:
> 
> 
>>I am not sure whether I should be able to ssh into sources.redhat.com. 
> 
> 
> Of course you can - that's how cvs-over-ssh works.  Most accounts are
> restricted as to what programs they can run, once they log in.  But
> the initial negotiation is the same anyway.
> 
> 
>>However, here is what I got:
>>$ ssh -v wcohen@sources.redhat.com
>>OpenSSH_3.9p1, OpenSSL 0.9.7a Feb 19 2003
>>[...]
>>debug1: Remote protocol version 1.99, remote software version 
>>OpenSSH_3.6.1p2
>>debug1: match: OpenSSH_3.6.1p2 pat OpenSSH*
>>[...]
> 
> 
> The "welcome to sourceware" message you received ought to have 
> included instructions to use ssh protocol 1 if you supply only
> an old-style RSA key.  Put the appropriate clause into your
> .ssh/config to force "Protocol 1", and it should work.

Frank,

The welcome to gnu.org was lost in the mists of time.  The .ssh/config 
setup fixed the problem. I am able to check out all the material. Thanks.

-Will