Yeah, so I fixed this. For anyone concerned, this was the solution:

- Instructions I had been following on an internal wiki for setting up
passwordless SSH were a bit out-of-date. They stated that copying your
public key to .ssh/authorized_keys2 on the server would be sufficient,
but this method is deprecated (http://serverfault.com/questions/116177/
whats-the-difference-between-authorized-keys-and-authorized-keys2)
- So all I did was log in as www-data (su - www-data)
- generate rsa keys and set permissions
- scp rsa public key to authorized_keys2 on the server
- ssh to the server
- cat .ssh/authorized_keys2 >> .ssh/authorized_keys

and presto - it works!

On Dec 8, 12:43 pm, Matt Billock <mattbill...@gmail.com> wrote:
> Note, this also fails on debian, which is supposedly your default
> install. I get to the same place (once again obfuscated):
>
> - Install apache with mod-wsgi
> - Install mysql
> - Install dependencies
> - Install reviewboard
> - Set up reviewboard
> - Go to admin
> - Go to "repositories"
> - Go to "Add repository"
> - Fill in information for the repository:
>     - name: My_Default_repo
>     - Hosting Service: custom
>     - Repository Type: subversion
>     - Path: svn+ssh://usern...@server.domain.com/repo
>     - Username: username
>     - Password: password
>
> When I su to www-data, I am not only able to ssh to the server without
> issue:
>
>     $ ssh usern...@server.domain.com
>     usern...@server.domain.com's password:
>     Last login: Thu Dec  8 11:42:05 2011 from iss4.domain.com
>     [username@server ~]$
>
> but I can also svn ls without issue into the repository:
>
>     $ svn ls svn+ssh://usern...@server.domain.com/repo
>     usern...@server.domain.com's password:
>     branches/
>     tags/
>     trunk/
>
> My server log is hopelessly unhelpful:
>
> 09:49:46        DEBUG   SVNTool: Attempting ssh connection with host:
> server.domain.com, username: username
> 09:49:51        DEBUG   starting thread (client mode): 0xb9d1b7acL
> 09:49:51        INFO    Connected (version 1.99, client OpenSSH_3.9p1)
> 09:49:51        DEBUG   kex algos:['diffie-hellman-group-exchange-sha1',
> 'diffie-hellman-group14-sha1', 'diffie-hellman-group1-sha1'] server
> key:['ssh-rsa', 'ssh-dss'] client encrypt:['aes128-cbc', '3des-cbc',
> 'blowfish-cbc', 'cast128-cbc', 'arcfour', 'aes192-cbc', 'aes256-cbc',
> 'rijndael-...@lysator.liu.se', 'aes128-ctr', 'aes192-ctr', 'aes256-
> ctr'] server encrypt:['aes128-cbc', '3des-cbc', 'blowfish-cbc',
> 'cast128-cbc', 'arcfour', 'aes192-cbc', 'aes256-cbc', 'rijndael-
> c...@lysator.liu.se', 'aes128-ctr', 'aes192-ctr', 'aes256-ctr'] client
> mac:['hmac-md5', 'hmac-sha1', 'hmac-ripemd160', 'hmac-
> ripemd...@openssh.com', 'hmac-sha1-96', 'hmac-md5-96'] server mac:
> ['hmac-md5', 'hmac-sha1', 'hmac-ripemd160', 'hmac-
> ripemd...@openssh.com', 'hmac-sha1-96', 'hmac-md5-96'] client compress:
> ['none', 'zlib'] server compress:['none', 'zlib'] client lang:['']
> server lang:[''] kex follows?False
> 09:49:51        DEBUG   Ciphers agreed: local=aes128-ctr, remote=aes128-ctr
> 09:49:51        DEBUG   using kex diffie-hellman-group1-sha1; server key type
> ssh-rsa; cipher: local aes128-ctr, remote aes128-ctr; mac: local hmac-
> sha1, remote hmac-sha1; compression: local none, remote none
> 09:49:51        DEBUG   Switch to new keys ...
> 09:49:51        DEBUG   Trying SSH key 1586182b11aa1bc8ea870f3de4fec832
> 09:49:51        DEBUG   userauth is OK
> 09:49:51        INFO    Authentication (publickey) failed.
> 09:49:51        DEBUG   Trying discovered key
> 1586182b11aa1bc8ea870f3de4fec832 in /var/www/10.1.2.233/data/.ssh/
> id_rsa
> 09:49:51        DEBUG   userauth is OK
> 09:49:51        INFO    Authentication (publickey) failed.
> 09:49:51        DEBUG   userauth is OK
> 09:49:51        INFO    Authentication (password) successful!
> 09:49:51        DEBUG   EOF in transport thread
> 09:49:52        ERROR   SVN: Failed to get repository information for svn
> +ssh://usern...@server.domain.com/repo/: To better debug SSH
> connection problems, remove the -q option from 'ssh' in the [tunnels]
> section of your Subversion configuration file. Network connection
> closed unexpectedly
>
> So in short, unless one of you has some more information the issue
> appears to be in the reviewboard software, but I cannot find where. As
> far as I can tell I have everything configured correctly. Does anyone
> have any ideas whatsoever? I'm running on empty here, and could really
> use some assistance. It appears to be some sort of ssh connection
> issue, but when I switch users to www-data, I can ssh to the server
> without any problems at all, and as demonstrated above I have
> absolutely no problems using svn's ssh tunnel via the command line.
>
> On Dec 7, 8:14 am, Matt Billock <mattbill...@gmail.com> wrote:
>
>
>
>
>
>
>
> > I haven't as yet been able to hunt this down, but it does appear to be
> > a SSH communications issue. I am able to access the server in question
> > from the console using the apache user, and the logs state that
> > initial attempts to authenticate are successful - there is just one
> > final missing step that I can't seem to locate. I've seen this issue
> > appear in this group a couple times, but I do not know if any
> > resolution was found. Is there any information anyone can provide?
>
> > On Dec 2, 2:44 pm, Matt Billock <mattbill...@gmail.com> wrote:
>
> > > Fixed the (13,'Permission Denied') error with the following line:
>
> > > setsebool -P httpd_can_network_connect 1
>
> > > taken from:
>
> > >http://wiki.apache.org/httpd/13PermissionDenied
>
> > > SELinux, apparently by default, was preventing apache from making
> > > network connections.
>
> > > I've moved on to a more different error, this time specific to
> > > subversion. From the logs (obfuscated to protect the innocent):
>
> > > 12:35:44        DEBUG   SVNTool: Attempting ssh connection with host:
> > > {repository}, username: {username}
> > > 12:35:44        DEBUG   starting thread (client mode): 0xAB2FDB10L
> > > 12:35:44        INFO    Connected (version 1.99, client OpenSSH_3.9p1)
> > > 12:35:44        DEBUG   kex algos:['diffie-hellman-group-exchange-sha1',
> > > 'diffie-hellman-group14-sha1', 'diffie-hellman-group1-sha1'] server
> > > key:['ssh-rsa', 'ssh-dss'] client encrypt:['aes128-cbc', '3des-cbc',
> > > 'blowfish-cbc', 'cast128-cbc', 'arcfour', 'aes192-cbc', 'aes256-cbc',
> > > 'rijndael-...@lysator.liu.se', 'aes128-ctr', 'aes192-ctr', 'aes256-
> > > ctr'] server encrypt:['aes128-cbc', '3des-cbc', 'blowfish-cbc',
> > > 'cast128-cbc', 'arcfour', 'aes192-cbc', 'aes256-cbc', 'rijndael-
> > > c...@lysator.liu.se', 'aes128-ctr', 'aes192-ctr', 'aes256-ctr'] client
> > > mac:['hmac-md5', 'hmac-sha1', 'hmac-ripemd160', 'hmac-
> > > ripemd...@openssh.com', 'hmac-sha1-96', 'hmac-md5-96'] server mac:
> > > ['hmac-md5', 'hmac-sha1', 'hmac-ripemd160', 'hmac-
> > > ripemd...@openssh.com', 'hmac-sha1-96', 'hmac-md5-96'] client compress:
> > > ['none', 'zlib'] server compress:['none', 'zlib'] client lang:['']
> > > server lang:[''] kex follows?False
> > > 12:35:44        DEBUG   Ciphers agreed: local=aes128-ctr, 
> > > remote=aes128-ctr
> > > 12:35:44        DEBUG   using kex diffie-hellman-group1-sha1; server key 
> > > type
> > > ssh-rsa; cipher: local aes128-ctr, remote aes128-ctr; mac: local hmac-
> > > sha1, remote hmac-sha1; compression: local none, remote none
> > > 12:35:44        DEBUG   Switch to new keys ...
> > > 12:35:44        DEBUG   userauth is OK
> > > 12:35:44        INFO    Authentication (password) successful!
> > > 12:35:45        DEBUG   EOF in transport thread
> > > 12:35:45        ERROR   SVN: Failed to get repository information for svn
> > > +ssh://swiss.cpm.com/repo: To better debug SSH connection problems,
> > > remove the -q option from 'ssh' in the [tunnels] section of your
> > > Subversion configuration file. Network connection closed unexpectedly
>
> > > This appears to be an issue with my local subversion, but I'm still
> > > hunting it down
>
> > > On Dec 2, 2:06 pm, Matt Billock <mattbill...@gmail.com> wrote:
>
> > > > Additional info:
>
> > > > - This install is on CentOS
> > > > - using Apache
> > > > - The ssh login is failing in paramiko.
> > > > - When I attempt to save my repository info, the only error I receive
> > > > is "(13, 'Permission denied')".
> > > > - I traced the call into paramiko's code, at sock.connect(), but
> > > > cannot figure out exactly what's going wrong.
> > > > - RB version 1.6.3
>
> > > > Is there some sort of additional configuration required to allow the
> > > > apache user access to the ssh functionality? Is that user even the
> > > > user that is active when the ssh action is performed?
>
> > > > On Dec 1, 1:15 pm, Matt Billock <mattbill...@gmail.com> wrote:
>
> > > > > Hey all,
>
> > > > > I'm attempting to hook up my new reviewboard install to my company's
> > > > > subversion repository, but I keep receiving the following error when I
> > > > > hit the "Save" button:
>
> > > > > Please correct the error below:
> > > > > - (13,'Permission denied')
>
> > > > > The only relevant entries I could find from the httpd error logs were:
>
> > > > > [Thu Dec 01 11:11:46 2011] [error] /usr/lib64/python2.4/site-packages/
> > > > > Crypto/Util/number.py:57: PowmInsecureWarning: Not using
> > > > > mpz_powm_sec.  You should rebuild using libgmp >= 5 to avoid timing
> > > > > attack vulnerability.
> > > > > [Thu Dec 01 11:11:46 2011] [error]   _warn("Not using mpz_powm_sec.
> > > > > You should rebuild using libgmp >= 5 to avoid timing attack
> > > > > vulnerability.", PowmInsecureWarning)
> > > > > [Thu Dec 01 11:12:11 2011] [error] /usr/lib/python2.4/site-packages/
> > > > > Django-1.3.1-py2.4.egg/django/contrib/auth/models.py:393:
> > > > > DeprecationWarning: The user messaging API is deprecated. Please
> > > > > update your code to use the new messages framework.
> > > > > [Thu Dec 01 11:12:11 2011] [error]   category=DeprecationWarning)
> > > > > [Thu Dec 01 11:12:18 2011] [error] /usr/lib/python2.4/site-packages/
> > > > > Django-1.3.1-py2.4.egg/django/contrib/auth/models.py:393:
> > > > > DeprecationWarning: The user messaging API is deprecated. Please
> > > > > update your code to use the new messages framework.
> > > > > [Thu Dec 01 11:12:18 2011] [error]   category=DeprecationWarning)
>
> > > > > This is the entire amount of documentation I have to go on. Is there
> > > > > any known reason why this would occur? I connect to my repo using the
> > > > > svn+ssh protocol, but I am providing the correct username and
> > > > > password.
>
> > > > > Thanks for your your help!

-- 
Want to help the Review Board project? Donate today at 
http://www.reviewboard.org/donate/
Happy user? Let us know at http://www.reviewboard.org/users/
-~----------~----~----~----~------~----~------~--~---
To unsubscribe from this group, send email to 
reviewboard+unsubscr...@googlegroups.com
For more options, visit this group at 
http://groups.google.com/group/reviewboard?hl=en

Reply via email to