Bug 22376

Summary: Unable to push to git.mageia.org, even if pushing to our SVN works. Permission denied
Product: Infrastructure Reporter: Dimitrios Glentadakis <dglent>
Component: OthersAssignee: Sysadmin Team <sysadmin-bugs>
Status: RESOLVED OLD QA Contact:
Severity: critical    
Priority: High CC: dan, marja11, sysadmin-bugs
Version: unspecified   
Target Milestone: ---   
Hardware: x86_64   
OS: Linux   
Whiteboard:
Source RPM: CVE:
Status comment:

Description Dimitrios Glentadakis 2018-01-12 06:34:04 CET 
I am not able to make a connection with gt.mageia.org since my upgrade from mga5>mga6 and the switch to rsa key (from dsa).
However i have no problem with svn.mageia.org or github.com

Thanks in advance for your help

Output:

[dglent@localhost ~]$ ssh -vT git@git.mageia.org
OpenSSH_7.5p1, OpenSSL 1.0.2m  2 Nov 2017
debug1: Reading configuration data /home/dglent/.ssh/config
debug1: Reading configuration data /etc/ssh/ssh_config
debug1: Connecting to git.mageia.org [2a02:2178:2:7::9] port 22.
debug1: Connection established.
debug1: identity file /home/dglent/.ssh/id_rsa type 1
debug1: key_load_public: No such file or directory
debug1: identity file /home/dglent/.ssh/id_rsa-cert type -1
debug1: identity file /home/dglent/.ssh/id_dsa type 2
debug1: key_load_public: No such file or directory
debug1: identity file /home/dglent/.ssh/id_dsa-cert type -1
debug1: key_load_public: No such file or directory
debug1: identity file /home/dglent/.ssh/id_ecdsa type -1
debug1: key_load_public: No such file or directory
debug1: identity file /home/dglent/.ssh/id_ecdsa-cert type -1
debug1: key_load_public: No such file or directory
debug1: identity file /home/dglent/.ssh/id_ed25519 type -1
debug1: key_load_public: No such file or directory
debug1: identity file /home/dglent/.ssh/id_ed25519-cert type -1
debug1: Enabling compatibility mode for protocol 2.0
debug1: Local version string SSH-2.0-OpenSSH_7.5
debug1: Remote protocol version 2.0, remote software version OpenSSH_6.6
debug1: match: OpenSSH_6.6 pat OpenSSH_6.5*,OpenSSH_6.6* compat 0x14000000
debug1: Authenticating to git.mageia.org:22 as 'git'
debug1: SSH2_MSG_KEXINIT sent
debug1: SSH2_MSG_KEXINIT received
debug1: kex: algorithm: ecdh-sha2-nistp256
debug1: kex: host key algorithm: ssh-rsa
debug1: kex: server->client cipher: chacha20-poly1305@openssh.com MAC: <implicit> compression: none
debug1: kex: client->server cipher: chacha20-poly1305@openssh.com MAC: <implicit> compression: none
debug1: sending SSH2_MSG_KEX_ECDH_INIT
debug1: expecting SSH2_MSG_KEX_ECDH_REPLY
debug1: Server host key: ssh-rsa SHA256:xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
debug1: Host 'git.mageia.org' is known and matches the RSA host key.
debug1: Found key in /home/dglent/.ssh/known_hosts:40
debug1: rekey after 134217728 blocks
debug1: SSH2_MSG_NEWKEYS sent
debug1: expecting SSH2_MSG_NEWKEYS                                                    debug1: SSH2_MSG_NEWKEYS received                                                     debug1: rekey after 134217728 blocks                                                  debug1: Skipping ssh-dss key /home/dglent/.ssh/id_dsa - not in PubkeyAcceptedKeyTypes  debug1: SSH2_MSG_SERVICE_ACCEPT received                                              debug1: Authentications that can continue: publickey,keyboard-interactive             debug1: Next authentication method: publickey
debug1: Offering RSA public key: /home/dglent/.ssh/id_rsa
debug1: Authentications that can continue: publickey,keyboard-interactive
debug1: Trying private key: /home/dglent/.ssh/id_ecdsa
debug1: Trying private key: /home/dglent/.ssh/id_ed25519
debug1: Next authentication method: keyboard-interactive
Password: 



and here is a correct output with my github account:

[dglent@localhost ~]$ ssh -vT git@github.com
OpenSSH_7.5p1, OpenSSL 1.0.2m  2 Nov 2017
debug1: Reading configuration data /home/dglent/.ssh/config
debug1: Reading configuration data /etc/ssh/ssh_config
debug1: Connecting to github.com [192.30.253.113] port 22.
debug1: Connection established.
debug1: identity file /home/dglent/.ssh/id_rsa type 1
debug1: key_load_public: No such file or directory
debug1: identity file /home/dglent/.ssh/id_rsa-cert type -1
debug1: identity file /home/dglent/.ssh/id_dsa type 2
debug1: key_load_public: No such file or directory
debug1: identity file /home/dglent/.ssh/id_dsa-cert type -1
debug1: key_load_public: No such file or directory
debug1: identity file /home/dglent/.ssh/id_ecdsa type -1
debug1: key_load_public: No such file or directory
debug1: identity file /home/dglent/.ssh/id_ecdsa-cert type -1
debug1: key_load_public: No such file or directory
debug1: identity file /home/dglent/.ssh/id_ed25519 type -1
debug1: key_load_public: No such file or directory
debug1: identity file /home/dglent/.ssh/id_ed25519-cert type -1
debug1: Enabling compatibility mode for protocol 2.0
debug1: Local version string SSH-2.0-OpenSSH_7.5
debug1: Remote protocol version 2.0, remote software version libssh_0.7.0
debug1: no match: libssh_0.7.0
debug1: Authenticating to github.com:22 as 'git'
debug1: SSH2_MSG_KEXINIT sent
debug1: SSH2_MSG_KEXINIT received
debug1: kex: algorithm: curve25519-sha256@libssh.org
debug1: kex: host key algorithm: ssh-rsa
debug1: kex: server->client cipher: chacha20-poly1305@openssh.com MAC: <implicit> compression: none
debug1: kex: client->server cipher: chacha20-poly1305@openssh.com MAC: <implicit> compression: none
debug1: expecting SSH2_MSG_KEX_ECDH_REPLY
debug1: Server host key: ssh-rsa SHA256:xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
debug1: Host 'github.com' is known and matches the RSA host key.
debug1: Found key in /home/dglent/.ssh/known_hosts:14
debug1: rekey after 134217728 blocks
debug1: SSH2_MSG_NEWKEYS sent
debug1: expecting SSH2_MSG_NEWKEYS
debug1: SSH2_MSG_NEWKEYS received
debug1: rekey after 134217728 blocks
debug1: Skipping ssh-dss key /home/dglent/.ssh/id_dsa - not in PubkeyAcceptedKeyTypes
debug1: SSH2_MSG_SERVICE_ACCEPT received
debug1: Authentications that can continue: publickey
debug1: Next authentication method: publickey
debug1: Offering RSA public key: /home/dglent/.ssh/id_rsa
debug1: Server accepts key: pkalg ssh-rsa blen 535
debug1: Authentication succeeded (publickey).
Authenticated to github.com ([192.30.253.113]:22).
debug1: channel 0: new [client-session]
debug1: Entering interactive session.
debug1: pledge: exec
debug1: Requesting X11 forwarding with authentication spoofing.
X11 forwarding request failed on channel 0
debug1: client_input_channel_req: channel 0 rtype exit-status reply 0
Hi dglent! You've successfully authenticated, but GitHub does not provide shell access.
debug1: channel 0: free: client-session, nchannels 1
Transferred: sent 3524, received 2124 bytes, in 0.3 seconds
Bytes per second: sent 10675.2, received 6434.2
debug1: Exit status 1
Comment 1 Marja Van Waes 2018-01-12 07:53:22 CET 

(In reply to Dimitrios Glentadakis from comment #0)
> I am not able to make a connection with gt.mageia.org since my upgrade from
> mga5>mga6 and the switch to rsa key (from dsa).
> However i have no problem with svn.mageia.org or github.com
> 
> Thanks in advance for your help
> 
> Output:
> 
> [dglent@localhost ~]$ ssh -vT git@git.mageia.org
   
> debug1: Next authentication method: publickey
> debug1: Offering RSA public key: /home/dglent/.ssh/id_rsa
> debug1: Authentications that can continue: publickey,keyboard-interactive
> debug1: Trying private key: /home/dglent/.ssh/id_ecdsa
> debug1: Trying private key: /home/dglent/.ssh/id_ed25519
> debug1: Next authentication method: keyboard-interactive
> Password: 


Assigning to our sysadmins. Your rsa key works fine with github and with our SVN, so I doubt the problem is with the openssh package, even if the RSA public key offering part looks different here in cauldron:
debug1: Offering public key: RSA SHA256:XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX /home/marja/.ssh/id_rsa

Increasing priority and severity, because you've already asked for help with this issue on dev ml over two months ago.

@ sysadmins
Yes, I know, there's Meltdown and Spectre and a load of other urgent things, but it would be very great if one of you would find time to help dglent!

Version: 6 => unspecified
Summary: Unable to push to git.mageia.org Permission denied => Unable to push to git.mageia.org, even if pushing to our SVN works. Permission denied
Component: RPM Packages => Others
Priority: Normal => High
Severity: normal => critical
Assignee: bugsquad => sysadmin-bugs
Product: Mageia => Infrastructure
CC: (none) => marja11, sysadmin-bugs

Comment 2 Marja Van Waes 2018-01-13 08:42:16 CET 
(In reply to Marja van Waes from comment #1)

> 
> Increasing priority and severity, because you've already asked for help with
> this issue on dev ml over two months ago.
> 

Hi Dimitrios,

Going by that mail and the later mail, from 23-11-17, in which you told you had removed “PubkeyAcceptedKeyTypes=+ssh-dss” from your .ssh/config, your .ssh/config should now look like this:

  Host *.kde.org
         User glentadakis
         IdentityFile ~/.ssh/id_rsa


  Host pkgsubmit.mageia.org
       ForwardAgent yes
       User dglent
     
  Host binrepo.mageia.org svn.mageia.org
       User dglent
     

Mine looks like this:

  IdentityFile ~/.ssh/id_rsa
  IdentityFile ~/.ssh/id_rsa2
  Host pkgsubmit.mageia.org
          ForwardAgent yes
          User marja
  Host binrepo.mageia.org svn.mageia.org maintdb.mageia.org
          User marja

Maybe adding or moving "IdentityFile ~/.ssh/id_rsa" to the top of your .ssh/config file, or adding it to the Host *.mageia.org sections, helps?
Comment 3 Marja Van Waes 2018-01-13 08:43:59 CET 
oops, those hosts have nothing todo with git.

Try adding "IdentityFile ~/.ssh/id_rsa" to the top of the file
Comment 4 Dan Fandrich 2024-02-09 20:49:50 CET 
Assuming this is no longer relevant 3 releases later. Please reopen if it's still an issue.

CC: (none) => dan
Resolution: (none) => OLD
Status: NEW => RESOLVED