Tools Repo Access errors
-
We've been experience a database issue causing SSH access keys to be truncated. Amember which runs the portal subscription service seems to be issuing a alter table command on the database, possibly via a cron job, that changes the object size (to 255 from our setting of 1024). This causes both new keys and existing keys to get truncated and fail.
We hope to have a fix in the next day or so.
-
that changes the object size (to 255 from our setting of 1024). This causes both new keys and existing keys to get truncated and fail.
Thank you for this explanation. It make much clearer now. You know, I thought many times it was just me, pasting the key wrong (because I checked also my key size which was about 400 bytes). LOL.
-
jporter,
I get:
[root@pfsense-22:/tmp/git-teste # git clone git@git.pfsense.org:pfsense-tools tools Cloning into 'tools'... ssh_exchange_identification: Connection closed by remote host fatal: Could not read from remote repository. Please make sure you have the correct access rights and the repository exists. root@pfsense-22:/tmp/git-teste # /code] I add default size dsa keys to the profile page. Should there include the sha-dss and the login@machine ? What I'm doing wrong here ? thanks,
-
Maybe you are not doing anything wrong. About week a go got same error 2 days in row. I knew the git clone syntax I used was correct. Have'nt tried since, figuring it's bound to be fixed sooner or later.
-
Please note "DNS lookup error: general failure" and "Password for git@git.pfense.org:"
$ ssh -Tv git@git.pfsense.org OpenSSH_6.4, OpenSSL 1.0.1e-freebsd 11 Feb 2013 debug1: Reading configuration data /home/user/.ssh/config debug1: /home/user/.ssh/config line 7: Applying options for git.pfsense.org debug1: Reading configuration data /etc/ssh/ssh_config debug1: Connecting to git.pfsense.org [208.123.73.74] port 22. debug1: Connection established. debug1: identity file /home/user/.ssh/pfsense2_dsa type 2 debug1: identity file /home/user/.ssh/pfsense2_dsa-cert type -1 debug1: Enabling compatibility mode for protocol 2.0 debug1: Local version string SSH-2.0-OpenSSH_6.4_hpn13v11 FreeBSD-20131111 ssh_exchange_identification: Connection closed by remote host $ ssh -Tv git@git.pfsense.org OpenSSH_6.4, OpenSSL 1.0.1e-freebsd 11 Feb 2013 debug1: Reading configuration data /home/user/.ssh/config debug1: /home/user/.ssh/config line 7: Applying options for git.pfsense.org debug1: Reading configuration data /etc/ssh/ssh_config debug1: Connecting to git.pfsense.org [208.123.73.74] port 22. debug1: Connection established. debug1: identity file /home/user/.ssh/pfsense2_dsa type 2 debug1: identity file /home/user/.ssh/pfsense2_dsa-cert type -1 debug1: Enabling compatibility mode for protocol 2.0 debug1: Local version string SSH-2.0-OpenSSH_6.4_hpn13v11 FreeBSD-20131111 ssh_exchange_identification: Connection closed by remote host $ ssh -Tv git@git.pfsense.org OpenSSH_6.4, OpenSSL 1.0.1e-freebsd 11 Feb 2013 debug1: Reading configuration data /home/user/.ssh/config debug1: /home/user/.ssh/config line 7: Applying options for git.pfsense.org debug1: Reading configuration data /etc/ssh/ssh_config debug1: Connecting to git.pfsense.org [208.123.73.74] port 22. debug1: Connection established. debug1: identity file /home/user/.ssh/pfsense2_dsa type 2 debug1: identity file /home/user/.ssh/pfsense2_dsa-cert type -1 debug1: Enabling compatibility mode for protocol 2.0 debug1: Local version string SSH-2.0-OpenSSH_6.4_hpn13v11 FreeBSD-20131111 debug1: Remote protocol version 2.0, remote software version OpenSSH_6.4_hpn13v11 FreeBSD-20131111 debug1: match: OpenSSH_6.4_hpn13v11 FreeBSD-20131111 pat OpenSSH* debug1: SSH2_MSG_KEXINIT sent debug1: SSH2_MSG_KEXINIT received debug1: kex: server->client aes128-ctr hmac-md5-etm@openssh.com none debug1: kex: client->server aes128-ctr hmac-md5-etm@openssh.com none debug1: sending SSH2_MSG_KEX_ECDH_INIT debug1: expecting SSH2_MSG_KEX_ECDH_REPLY debug1: Server host key: ECDSA 52:7b:22:f9:3b:7e:dd:85:85:1a:a5:98:b8:8f:7f:62 DNS lookup error: general failure The authenticity of host 'git.pfsense.org (208.123.73.74)' can't be established. ECDSA key fingerprint is 52:7b:22:f9:3b:7e:dd:85:85:1a:a5:98:b8:8f:7f:62. No matching host key fingerprint found in DNS. Are you sure you want to continue connecting (yes/no)? yes Warning: Permanently added 'git.pfsense.org' (ECDSA) to the list of known hosts. debug1: ssh_ecdsa_verify: signature correct debug1: SSH2_MSG_NEWKEYS sent debug1: expecting SSH2_MSG_NEWKEYS debug1: SSH2_MSG_NEWKEYS received debug1: Roaming not allowed by server debug1: SSH2_MSG_SERVICE_REQUEST sent debug1: SSH2_MSG_SERVICE_ACCEPT received debug1: Authentications that can continue: publickey,keyboard-interactive debug1: Next authentication method: publickey debug1: Offering DSA public key: /home/user/.ssh/pfsense2_dsa debug1: Authentications that can continue: publickey,keyboard-interactive debug1: Next authentication method: keyboard-interactive Password for git@git.pfense.org:
-
no luck here:
[root@pfsense-22:/tmp/git-teste # git clone git@git.pfsense.org:pfsense-tools tools Cloning into 'tools'... Password for git@git.pfense.org: /code] any issues on ssh key management ? none
-
We're both out of luck :'(. I get the same error here. I edited my key after the key truncation problem was fixed, and indeed it was fixed, but access to the repository isn't.
-
I cant access it either
-
yeah, keeps asking for password.
Double-checked ssh key in portal.pfsense.org..
-
same here :/
-
well,
at least its good to know its not only me.
I hope they post here any kind of tip to help us on this …
none
-
I had some private e-mail communications on Saturday with the maintainer of the Tools repo SSH access. He is aware of the problems and working on it.
Bill
-
thanks for the info :)
none
-
Tools repo access via SSH public key is working for me as of Sunday evening. The problem appears to have been resolved.
Thanks,
Bill
-
Tools repo access via SSH public key is working for me as of Sunday evening. The problem appears to have been resolved.
Thanks,
Bill
Hey guys! Access to the -tools repository is working again ;D.
-
hail,
it is back. thanks !!!
but I have issues with others repositories.
can anyone post their pfsense-build.conf?
mine looks like:
# set_version.sh generated defaults export PFSENSE_VERSION=2.2-DEVELOPMENT export FREEBSD_VERSION=10 export FREEBSD_BRANCH=stable/10 #export FREEBSD_REPO_BASE=git@git.pfmechanics.com:outsidemirrors/freebsd.git export PFSENSETAG=RELENG_2_2 export CUSTOM_COPY_LIST=/usr/home/pfsense/tools/builder_scripts/conf/copylist/copy.list.RELENG_2_2 export BASE_DIR=/usr/home/pfsense export BUILDER_TOOLS=/usr/home/pfsense/tools export BUILDER_SCRIPTS=/usr/home/pfsense/tools/builder_scripts export PFSPATCHFILE=/usr/home/pfsense/tools/builder_scripts/conf/patchlist/stable/10/patches export PFSPATCHDIR=/usr/home/pfsense/tools/patches/stable/10 export EXTRA_DEVICES= export GIT_FREEBSD_COSHA1=0d8378f52b85502c1b4affb9e3171b87840a9008 #export BUILD_ERROR_MAIL= #export BUILD_COMPLETED_MAIL= export PFSPORTSFILE=buildports.RELENG_2_2 export TARGET=amd64 export TARGET_ARCH=amd64 #export NO_CLEANFREEBSDOBJDIR=YES #export NO_CLEANREPOS=YES export USE_SVN=YES export FREEBSD_REPO_BASE=https://svn0.us-west.freebsd.org/base export GIT_REPO_PFSENSE=${GIT_REPO_PFSENSE:-"git://github.com/pfsense/pfsense.git"} export GIT_REPO_TOOLS=${GIT_REPO_TOOLS:-"git@git.pfsense.org:pfsense-tools ${TOOLS_DIR}"} export GIT_REPO_BSDINSTALLER=${GIT_REPO_BSDINSTALLER:-"git@git.pfsense.org:bsdinstaller.git"} export GIT_REPO_TOOLS=${GIT_REPO_TOOLS:-"git@git.pfsense.org:pfsense-tools ${TOOLS_DIR}"}
anyone can compile it till have an usable image ?
ty,
none
-
but I have issues with others repositories.
Be more specific.. What trouble are expierencing ?