Note, this also fails on debian, which is supposedly your default
install. I get to the same place (once again obfuscated):
- Install apache with mod-wsgi
- Install mysql
- Install dependencies
- Install reviewboard
- Set up reviewboard
- Go to admin
- Go to "repositories"
- Go to "Add repository"
- Fill in information for the repository:
- name: My_Default_repo
- Hosting Service: custom
- Repository Type: subversion
- Path: svn+ssh://usern...@server.domain.com/repo
- Username: username
- Password: password
When I su to www-data, I am not only able to ssh to the server without
issue:
$ ssh usern...@server.domain.com
usern...@server.domain.com's password:
Last login: Thu Dec 8 11:42:05 2011 from iss4.domain.com
[username@server ~]$
but I can also svn ls without issue into the repository:
$ svn ls svn+ssh://usern...@server.domain.com/repo
usern...@server.domain.com's password:
branches/
tags/
trunk/
My server log is hopelessly unhelpful:
09:49:46 DEBUG SVNTool: Attempting ssh connection with host:
server.domain.com, username: username
09:49:51 DEBUG starting thread (client mode): 0xb9d1b7acL
09:49:51 INFO Connected (version 1.99, client OpenSSH_3.9p1)
09:49:51 DEBUG kex algos:['diffie-hellman-group-exchange-sha1',
'diffie-hellman-group14-sha1', 'diffie-hellman-group1-sha1'] server
key:['ssh-rsa', 'ssh-dss'] client encrypt:['aes128-cbc', '3des-cbc',
'blowfish-cbc', 'cast128-cbc', 'arcfour', 'aes192-cbc', 'aes256-cbc',
'rijndael-...@lysator.liu.se', 'aes128-ctr', 'aes192-ctr', 'aes256-
ctr'] server encrypt:['aes128-cbc', '3des-cbc', 'blowfish-cbc',
'cast128-cbc', 'arcfour', 'aes192-cbc', 'aes256-cbc', 'rijndael-
c...@lysator.liu.se', 'aes128-ctr', 'aes192-ctr', 'aes256-ctr'] client
mac:['hmac-md5', 'hmac-sha1', 'hmac-ripemd160', 'hmac-
ripemd...@openssh.com', 'hmac-sha1-96', 'hmac-md5-96'] server mac:
['hmac-md5', 'hmac-sha1', 'hmac-ripemd160', 'hmac-
ripemd...@openssh.com', 'hmac-sha1-96', 'hmac-md5-96'] client compress:
['none', 'zlib'] server compress:['none', 'zlib'] client lang:['']
server lang:[''] kex follows?False
09:49:51 DEBUG Ciphers agreed: local=aes128-ctr, remote=aes128-ctr
09:49:51 DEBUG using kex diffie-hellman-group1-sha1; server key type
ssh-rsa; cipher: local aes128-ctr, remote aes128-ctr; mac: local hmac-
sha1, remote hmac-sha1; compression: local none, remote none
09:49:51 DEBUG Switch to new keys ...
09:49:51 DEBUG Trying SSH key 1586182b11aa1bc8ea870f3de4fec832
09:49:51 DEBUG userauth is OK
09:49:51 INFO Authentication (publickey) failed.
09:49:51 DEBUG Trying discovered key
1586182b11aa1bc8ea870f3de4fec832 in /var/www/10.1.2.233/data/.ssh/
id_rsa
09:49:51 DEBUG userauth is OK
09:49:51 INFO Authentication (publickey) failed.
09:49:51 DEBUG userauth is OK
09:49:51 INFO Authentication (password) successful!
09:49:51 DEBUG EOF in transport thread
09:49:52 ERROR SVN: Failed to get repository information for svn
+ssh://usern...@server.domain.com/repo/: To better debug SSH
connection problems, remove the -q option from 'ssh' in the [tunnels]
section of your Subversion configuration file. Network connection
closed unexpectedly
So in short, unless one of you has some more information the issue
appears to be in the reviewboard software, but I cannot find where. As
far as I can tell I have everything configured correctly. Does anyone
have any ideas whatsoever? I'm running on empty here, and could really
use some assistance. It appears to be some sort of ssh connection
issue, but when I switch users to www-data, I can ssh to the server
without any problems at all, and as demonstrated above I have
absolutely no problems using svn's ssh tunnel via the command line.
On Dec 7, 8:14 am, Matt Billock <mattbill...@gmail.com> wrote:
> I haven't as yet been able to hunt this down, but it does appear to be
> a SSH communications issue. I am able to access the server in question
> from the console using the apache user, and the logs state that
> initial attempts to authenticate are successful - there is just one
> final missing step that I can't seem to locate. I've seen this issue
> appear in this group a couple times, but I do not know if any
> resolution was found. Is there any information anyone can provide?
>
> On Dec 2, 2:44 pm, Matt Billock <mattbill...@gmail.com> wrote:
>
>
>
>
>
>
>
> > Fixed the (13,'Permission Denied') error with the following line:
>
> > setsebool -P httpd_can_network_connect 1
>
> > taken from:
>
> >http://wiki.apache.org/httpd/13PermissionDenied
>
> > SELinux, apparently by default, was preventing apache from making
> > network connections.
>
> > I've moved on to a more different error, this time specific to
> > subversion. From the logs (obfuscated to protect the innocent):
>
> > 12:35:44 DEBUG SVNTool: Attempting ssh connection with host:
> > {repository}, username: {username}
> > 12:35:44 DEBUG starting thread (client mode): 0xAB2FDB10L
> > 12:35:44 INFO Connected (version 1.99, client OpenSSH_3.9p1)
> > 12:35:44 DEBUG kex algos:['diffie-hellman-group-exchange-sha1',
> > 'diffie-hellman-group14-sha1', 'diffie-hellman-group1-sha1'] server
> > key:['ssh-rsa', 'ssh-dss'] client encrypt:['aes128-cbc', '3des-cbc',
> > 'blowfish-cbc', 'cast128-cbc', 'arcfour', 'aes192-cbc', 'aes256-cbc',
> > 'rijndael-...@lysator.liu.se', 'aes128-ctr', 'aes192-ctr', 'aes256-
> > ctr'] server encrypt:['aes128-cbc', '3des-cbc', 'blowfish-cbc',
> > 'cast128-cbc', 'arcfour', 'aes192-cbc', 'aes256-cbc', 'rijndael-
> > c...@lysator.liu.se', 'aes128-ctr', 'aes192-ctr', 'aes256-ctr'] client
> > mac:['hmac-md5', 'hmac-sha1', 'hmac-ripemd160', 'hmac-
> > ripemd...@openssh.com', 'hmac-sha1-96', 'hmac-md5-96'] server mac:
> > ['hmac-md5', 'hmac-sha1', 'hmac-ripemd160', 'hmac-
> > ripemd...@openssh.com', 'hmac-sha1-96', 'hmac-md5-96'] client compress:
> > ['none', 'zlib'] server compress:['none', 'zlib'] client lang:['']
> > server lang:[''] kex follows?False
> > 12:35:44 DEBUG Ciphers agreed: local=aes128-ctr, remote=aes128-ctr
> > 12:35:44 DEBUG using kex diffie-hellman-group1-sha1; server key
> > type
> > ssh-rsa; cipher: local aes128-ctr, remote aes128-ctr; mac: local hmac-
> > sha1, remote hmac-sha1; compression: local none, remote none
> > 12:35:44 DEBUG Switch to new keys ...
> > 12:35:44 DEBUG userauth is OK
> > 12:35:44 INFO Authentication (password) successful!
> > 12:35:45 DEBUG EOF in transport thread
> > 12:35:45 ERROR SVN: Failed to get repository information for svn
> > +ssh://swiss.cpm.com/repo: To better debug SSH connection problems,
> > remove the -q option from 'ssh' in the [tunnels] section of your
> > Subversion configuration file. Network connection closed unexpectedly
>
> > This appears to be an issue with my local subversion, but I'm still
> > hunting it down
>
> > On Dec 2, 2:06 pm, Matt Billock <mattbill...@gmail.com> wrote:
>
> > > Additional info:
>
> > > - This install is on CentOS
> > > - using Apache
> > > - The ssh login is failing in paramiko.
> > > - When I attempt to save my repository info, the only error I receive
> > > is "(13, 'Permission denied')".
> > > - I traced the call into paramiko's code, at sock.connect(), but
> > > cannot figure out exactly what's going wrong.
> > > - RB version 1.6.3
>
> > > Is there some sort of additional configuration required to allow the
> > > apache user access to the ssh functionality? Is that user even the
> > > user that is active when the ssh action is performed?
>
> > > On Dec 1, 1:15 pm, Matt Billock <mattbill...@gmail.com> wrote:
>
> > > > Hey all,
>
> > > > I'm attempting to hook up my new reviewboard install to my company's
> > > > subversion repository, but I keep receiving the following error when I
> > > > hit the "Save" button:
>
> > > > Please correct the error below:
> > > > - (13,'Permission denied')
>
> > > > The only relevant entries I could find from the httpd error logs were:
>
> > > > [Thu Dec 01 11:11:46 2011] [error] /usr/lib64/python2.4/site-packages/
> > > > Crypto/Util/number.py:57: PowmInsecureWarning: Not using
> > > > mpz_powm_sec. You should rebuild using libgmp >= 5 to avoid timing
> > > > attack vulnerability.
> > > > [Thu Dec 01 11:11:46 2011] [error] _warn("Not using mpz_powm_sec.
> > > > You should rebuild using libgmp >= 5 to avoid timing attack
> > > > vulnerability.", PowmInsecureWarning)
> > > > [Thu Dec 01 11:12:11 2011] [error] /usr/lib/python2.4/site-packages/
> > > > Django-1.3.1-py2.4.egg/django/contrib/auth/models.py:393:
> > > > DeprecationWarning: The user messaging API is deprecated. Please
> > > > update your code to use the new messages framework.
> > > > [Thu Dec 01 11:12:11 2011] [error] category=DeprecationWarning)
> > > > [Thu Dec 01 11:12:18 2011] [error] /usr/lib/python2.4/site-packages/
> > > > Django-1.3.1-py2.4.egg/django/contrib/auth/models.py:393:
> > > > DeprecationWarning: The user messaging API is deprecated. Please
> > > > update your code to use the new messages framework.
> > > > [Thu Dec 01 11:12:18 2011] [error] category=DeprecationWarning)
>
> > > > This is the entire amount of documentation I have to go on. Is there
> > > > any known reason why this would occur? I connect to my repo using the
> > > > svn+ssh protocol, but I am providing the correct username and
> > > > password.
>
> > > > Thanks for your your help!
--
Want to help the Review Board project? Donate today at
http://www.reviewboard.org/donate/
Happy user? Let us know at http://www.reviewboard.org/users/
-~----------~----~----~----~------~----~------~--~---
To unsubscribe from this group, send email to
reviewboard+unsubscr...@googlegroups.com
For more options, visit this group at
http://groups.google.com/group/reviewboard?hl=en
