Yeah, so I fixed this. For anyone concerned, this was the solution: - Instructions I had been following on an internal wiki for setting up passwordless SSH were a bit out-of-date. They stated that copying your public key to .ssh/authorized_keys2 on the server would be sufficient, but this method is deprecated (http://serverfault.com/questions/116177/ whats-the-difference-between-authorized-keys-and-authorized-keys2) - So all I did was log in as www-data (su - www-data) - generate rsa keys and set permissions - scp rsa public key to authorized_keys2 on the server - ssh to the server - cat .ssh/authorized_keys2 >> .ssh/authorized_keys
and presto - it works! On Dec 8, 12:43 pm, Matt Billock <mattbill...@gmail.com> wrote: > Note, this also fails on debian, which is supposedly your default > install. I get to the same place (once again obfuscated): > > - Install apache with mod-wsgi > - Install mysql > - Install dependencies > - Install reviewboard > - Set up reviewboard > - Go to admin > - Go to "repositories" > - Go to "Add repository" > - Fill in information for the repository: > - name: My_Default_repo > - Hosting Service: custom > - Repository Type: subversion > - Path: svn+ssh://usern...@server.domain.com/repo > - Username: username > - Password: password > > When I su to www-data, I am not only able to ssh to the server without > issue: > > $ ssh usern...@server.domain.com > usern...@server.domain.com's password: > Last login: Thu Dec 8 11:42:05 2011 from iss4.domain.com > [username@server ~]$ > > but I can also svn ls without issue into the repository: > > $ svn ls svn+ssh://usern...@server.domain.com/repo > usern...@server.domain.com's password: > branches/ > tags/ > trunk/ > > My server log is hopelessly unhelpful: > > 09:49:46 DEBUG SVNTool: Attempting ssh connection with host: > server.domain.com, username: username > 09:49:51 DEBUG starting thread (client mode): 0xb9d1b7acL > 09:49:51 INFO Connected (version 1.99, client OpenSSH_3.9p1) > 09:49:51 DEBUG kex algos:['diffie-hellman-group-exchange-sha1', > 'diffie-hellman-group14-sha1', 'diffie-hellman-group1-sha1'] server > key:['ssh-rsa', 'ssh-dss'] client encrypt:['aes128-cbc', '3des-cbc', > 'blowfish-cbc', 'cast128-cbc', 'arcfour', 'aes192-cbc', 'aes256-cbc', > 'rijndael-...@lysator.liu.se', 'aes128-ctr', 'aes192-ctr', 'aes256- > ctr'] server encrypt:['aes128-cbc', '3des-cbc', 'blowfish-cbc', > 'cast128-cbc', 'arcfour', 'aes192-cbc', 'aes256-cbc', 'rijndael- > c...@lysator.liu.se', 'aes128-ctr', 'aes192-ctr', 'aes256-ctr'] client > mac:['hmac-md5', 'hmac-sha1', 'hmac-ripemd160', 'hmac- > ripemd...@openssh.com', 'hmac-sha1-96', 'hmac-md5-96'] server mac: > ['hmac-md5', 'hmac-sha1', 'hmac-ripemd160', 'hmac- > ripemd...@openssh.com', 'hmac-sha1-96', 'hmac-md5-96'] client compress: > ['none', 'zlib'] server compress:['none', 'zlib'] client lang:[''] > server lang:[''] kex follows?False > 09:49:51 DEBUG Ciphers agreed: local=aes128-ctr, remote=aes128-ctr > 09:49:51 DEBUG using kex diffie-hellman-group1-sha1; server key type > ssh-rsa; cipher: local aes128-ctr, remote aes128-ctr; mac: local hmac- > sha1, remote hmac-sha1; compression: local none, remote none > 09:49:51 DEBUG Switch to new keys ... > 09:49:51 DEBUG Trying SSH key 1586182b11aa1bc8ea870f3de4fec832 > 09:49:51 DEBUG userauth is OK > 09:49:51 INFO Authentication (publickey) failed. > 09:49:51 DEBUG Trying discovered key > 1586182b11aa1bc8ea870f3de4fec832 in /var/www/10.1.2.233/data/.ssh/ > id_rsa > 09:49:51 DEBUG userauth is OK > 09:49:51 INFO Authentication (publickey) failed. > 09:49:51 DEBUG userauth is OK > 09:49:51 INFO Authentication (password) successful! > 09:49:51 DEBUG EOF in transport thread > 09:49:52 ERROR SVN: Failed to get repository information for svn > +ssh://usern...@server.domain.com/repo/: To better debug SSH > connection problems, remove the -q option from 'ssh' in the [tunnels] > section of your Subversion configuration file. Network connection > closed unexpectedly > > So in short, unless one of you has some more information the issue > appears to be in the reviewboard software, but I cannot find where. As > far as I can tell I have everything configured correctly. Does anyone > have any ideas whatsoever? I'm running on empty here, and could really > use some assistance. It appears to be some sort of ssh connection > issue, but when I switch users to www-data, I can ssh to the server > without any problems at all, and as demonstrated above I have > absolutely no problems using svn's ssh tunnel via the command line. > > On Dec 7, 8:14 am, Matt Billock <mattbill...@gmail.com> wrote: > > > > > > > > > I haven't as yet been able to hunt this down, but it does appear to be > > a SSH communications issue. I am able to access the server in question > > from the console using the apache user, and the logs state that > > initial attempts to authenticate are successful - there is just one > > final missing step that I can't seem to locate. I've seen this issue > > appear in this group a couple times, but I do not know if any > > resolution was found. Is there any information anyone can provide? > > > On Dec 2, 2:44 pm, Matt Billock <mattbill...@gmail.com> wrote: > > > > Fixed the (13,'Permission Denied') error with the following line: > > > > setsebool -P httpd_can_network_connect 1 > > > > taken from: > > > >http://wiki.apache.org/httpd/13PermissionDenied > > > > SELinux, apparently by default, was preventing apache from making > > > network connections. > > > > I've moved on to a more different error, this time specific to > > > subversion. From the logs (obfuscated to protect the innocent): > > > > 12:35:44 DEBUG SVNTool: Attempting ssh connection with host: > > > {repository}, username: {username} > > > 12:35:44 DEBUG starting thread (client mode): 0xAB2FDB10L > > > 12:35:44 INFO Connected (version 1.99, client OpenSSH_3.9p1) > > > 12:35:44 DEBUG kex algos:['diffie-hellman-group-exchange-sha1', > > > 'diffie-hellman-group14-sha1', 'diffie-hellman-group1-sha1'] server > > > key:['ssh-rsa', 'ssh-dss'] client encrypt:['aes128-cbc', '3des-cbc', > > > 'blowfish-cbc', 'cast128-cbc', 'arcfour', 'aes192-cbc', 'aes256-cbc', > > > 'rijndael-...@lysator.liu.se', 'aes128-ctr', 'aes192-ctr', 'aes256- > > > ctr'] server encrypt:['aes128-cbc', '3des-cbc', 'blowfish-cbc', > > > 'cast128-cbc', 'arcfour', 'aes192-cbc', 'aes256-cbc', 'rijndael- > > > c...@lysator.liu.se', 'aes128-ctr', 'aes192-ctr', 'aes256-ctr'] client > > > mac:['hmac-md5', 'hmac-sha1', 'hmac-ripemd160', 'hmac- > > > ripemd...@openssh.com', 'hmac-sha1-96', 'hmac-md5-96'] server mac: > > > ['hmac-md5', 'hmac-sha1', 'hmac-ripemd160', 'hmac- > > > ripemd...@openssh.com', 'hmac-sha1-96', 'hmac-md5-96'] client compress: > > > ['none', 'zlib'] server compress:['none', 'zlib'] client lang:[''] > > > server lang:[''] kex follows?False > > > 12:35:44 DEBUG Ciphers agreed: local=aes128-ctr, > > > remote=aes128-ctr > > > 12:35:44 DEBUG using kex diffie-hellman-group1-sha1; server key > > > type > > > ssh-rsa; cipher: local aes128-ctr, remote aes128-ctr; mac: local hmac- > > > sha1, remote hmac-sha1; compression: local none, remote none > > > 12:35:44 DEBUG Switch to new keys ... > > > 12:35:44 DEBUG userauth is OK > > > 12:35:44 INFO Authentication (password) successful! > > > 12:35:45 DEBUG EOF in transport thread > > > 12:35:45 ERROR SVN: Failed to get repository information for svn > > > +ssh://swiss.cpm.com/repo: To better debug SSH connection problems, > > > remove the -q option from 'ssh' in the [tunnels] section of your > > > Subversion configuration file. Network connection closed unexpectedly > > > > This appears to be an issue with my local subversion, but I'm still > > > hunting it down > > > > On Dec 2, 2:06 pm, Matt Billock <mattbill...@gmail.com> wrote: > > > > > Additional info: > > > > > - This install is on CentOS > > > > - using Apache > > > > - The ssh login is failing in paramiko. > > > > - When I attempt to save my repository info, the only error I receive > > > > is "(13, 'Permission denied')". > > > > - I traced the call into paramiko's code, at sock.connect(), but > > > > cannot figure out exactly what's going wrong. > > > > - RB version 1.6.3 > > > > > Is there some sort of additional configuration required to allow the > > > > apache user access to the ssh functionality? Is that user even the > > > > user that is active when the ssh action is performed? > > > > > On Dec 1, 1:15 pm, Matt Billock <mattbill...@gmail.com> wrote: > > > > > > Hey all, > > > > > > I'm attempting to hook up my new reviewboard install to my company's > > > > > subversion repository, but I keep receiving the following error when I > > > > > hit the "Save" button: > > > > > > Please correct the error below: > > > > > - (13,'Permission denied') > > > > > > The only relevant entries I could find from the httpd error logs were: > > > > > > [Thu Dec 01 11:11:46 2011] [error] /usr/lib64/python2.4/site-packages/ > > > > > Crypto/Util/number.py:57: PowmInsecureWarning: Not using > > > > > mpz_powm_sec. You should rebuild using libgmp >= 5 to avoid timing > > > > > attack vulnerability. > > > > > [Thu Dec 01 11:11:46 2011] [error] _warn("Not using mpz_powm_sec. > > > > > You should rebuild using libgmp >= 5 to avoid timing attack > > > > > vulnerability.", PowmInsecureWarning) > > > > > [Thu Dec 01 11:12:11 2011] [error] /usr/lib/python2.4/site-packages/ > > > > > Django-1.3.1-py2.4.egg/django/contrib/auth/models.py:393: > > > > > DeprecationWarning: The user messaging API is deprecated. Please > > > > > update your code to use the new messages framework. > > > > > [Thu Dec 01 11:12:11 2011] [error] category=DeprecationWarning) > > > > > [Thu Dec 01 11:12:18 2011] [error] /usr/lib/python2.4/site-packages/ > > > > > Django-1.3.1-py2.4.egg/django/contrib/auth/models.py:393: > > > > > DeprecationWarning: The user messaging API is deprecated. Please > > > > > update your code to use the new messages framework. > > > > > [Thu Dec 01 11:12:18 2011] [error] category=DeprecationWarning) > > > > > > This is the entire amount of documentation I have to go on. Is there > > > > > any known reason why this would occur? I connect to my repo using the > > > > > svn+ssh protocol, but I am providing the correct username and > > > > > password. > > > > > > Thanks for your your help! -- Want to help the Review Board project? Donate today at http://www.reviewboard.org/donate/ Happy user? Let us know at http://www.reviewboard.org/users/ -~----------~----~----~----~------~----~------~--~--- To unsubscribe from this group, send email to reviewboard+unsubscr...@googlegroups.com For more options, visit this group at http://groups.google.com/group/reviewboard?hl=en
