Tools Repo Access errors

jporter

We've been experience a database issue causing SSH access keys to be truncated.  Amember which runs the portal subscription service seems to be issuing a alter table command on the database, possibly via a cron job, that changes the object size (to 255 from our setting of 1024).  This causes both new keys and existing keys to get truncated and fail.

We hope to have a fix in the next day or so.

dreamcat4

@jporter:

that changes the object size (to 255 from our setting of 1024).  This causes both new keys and existing keys to get truncated and fail.

Thank you for this explanation. It make much clearer now. You know, I thought many times it was just me, pasting the key wrong (because I checked also my key size which was about 400 bytes). LOL.

none

jporter,

I get:

[root@pfsense-22:/tmp/git-teste # git clone git@git.pfsense.org:pfsense-tools tools
Cloning into 'tools'...
ssh_exchange_identification: Connection closed by remote host
fatal: Could not read from remote repository.

Please make sure you have the correct access rights
and the repository exists.
root@pfsense-22:/tmp/git-teste # 
/code]

I add default size dsa keys to the profile page. Should there include the sha-dss and the login@machine ?

What I'm doing wrong here ?

thanks,

shaqan

Maybe you are not doing anything wrong. About week a go got same error 2 days in row. I knew the git clone syntax I used was correct. Have'nt tried since, figuring it's bound to be fixed sooner or later.

andrei-trifan

Please note "DNS lookup error: general failure" and "Password for git@git.pfense.org:"

$ ssh -Tv git@git.pfsense.org
OpenSSH_6.4, OpenSSL 1.0.1e-freebsd 11 Feb 2013
debug1: Reading configuration data /home/user/.ssh/config
debug1: /home/user/.ssh/config line 7: Applying options for git.pfsense.org
debug1: Reading configuration data /etc/ssh/ssh_config
debug1: Connecting to git.pfsense.org [208.123.73.74] port 22.
debug1: Connection established.
debug1: identity file /home/user/.ssh/pfsense2_dsa type 2
debug1: identity file /home/user/.ssh/pfsense2_dsa-cert type -1
debug1: Enabling compatibility mode for protocol 2.0
debug1: Local version string SSH-2.0-OpenSSH_6.4_hpn13v11 FreeBSD-20131111
ssh_exchange_identification: Connection closed by remote host
$ ssh -Tv git@git.pfsense.org
OpenSSH_6.4, OpenSSL 1.0.1e-freebsd 11 Feb 2013
debug1: Reading configuration data /home/user/.ssh/config
debug1: /home/user/.ssh/config line 7: Applying options for git.pfsense.org
debug1: Reading configuration data /etc/ssh/ssh_config
debug1: Connecting to git.pfsense.org [208.123.73.74] port 22.
debug1: Connection established.
debug1: identity file /home/user/.ssh/pfsense2_dsa type 2
debug1: identity file /home/user/.ssh/pfsense2_dsa-cert type -1
debug1: Enabling compatibility mode for protocol 2.0
debug1: Local version string SSH-2.0-OpenSSH_6.4_hpn13v11 FreeBSD-20131111
ssh_exchange_identification: Connection closed by remote host
$ ssh -Tv git@git.pfsense.org
OpenSSH_6.4, OpenSSL 1.0.1e-freebsd 11 Feb 2013
debug1: Reading configuration data /home/user/.ssh/config
debug1: /home/user/.ssh/config line 7: Applying options for git.pfsense.org
debug1: Reading configuration data /etc/ssh/ssh_config
debug1: Connecting to git.pfsense.org [208.123.73.74] port 22.
debug1: Connection established.
debug1: identity file /home/user/.ssh/pfsense2_dsa type 2
debug1: identity file /home/user/.ssh/pfsense2_dsa-cert type -1
debug1: Enabling compatibility mode for protocol 2.0
debug1: Local version string SSH-2.0-OpenSSH_6.4_hpn13v11 FreeBSD-20131111
debug1: Remote protocol version 2.0, remote software version OpenSSH_6.4_hpn13v11 FreeBSD-20131111
debug1: match: OpenSSH_6.4_hpn13v11 FreeBSD-20131111 pat OpenSSH*
debug1: SSH2_MSG_KEXINIT sent
debug1: SSH2_MSG_KEXINIT received
debug1: kex: server->client aes128-ctr hmac-md5-etm@openssh.com none
debug1: kex: client->server aes128-ctr hmac-md5-etm@openssh.com none
debug1: sending SSH2_MSG_KEX_ECDH_INIT
debug1: expecting SSH2_MSG_KEX_ECDH_REPLY
debug1: Server host key: ECDSA 52:7b:22:f9:3b:7e:dd:85:85:1a:a5:98:b8:8f:7f:62
DNS lookup error: general failure
The authenticity of host 'git.pfsense.org (208.123.73.74)' can't be established.
ECDSA key fingerprint is 52:7b:22:f9:3b:7e:dd:85:85:1a:a5:98:b8:8f:7f:62.
No matching host key fingerprint found in DNS.
Are you sure you want to continue connecting (yes/no)? yes
Warning: Permanently added 'git.pfsense.org' (ECDSA) to the list of known hosts.
debug1: ssh_ecdsa_verify: signature correct
debug1: SSH2_MSG_NEWKEYS sent
debug1: expecting SSH2_MSG_NEWKEYS
debug1: SSH2_MSG_NEWKEYS received
debug1: Roaming not allowed by server
debug1: SSH2_MSG_SERVICE_REQUEST sent
debug1: SSH2_MSG_SERVICE_ACCEPT received
debug1: Authentications that can continue: publickey,keyboard-interactive
debug1: Next authentication method: publickey
debug1: Offering DSA public key: /home/user/.ssh/pfsense2_dsa
debug1: Authentications that can continue: publickey,keyboard-interactive
debug1: Next authentication method: keyboard-interactive
Password for git@git.pfense.org:

none

no luck here:

[root@pfsense-22:/tmp/git-teste # git clone git@git.pfsense.org:pfsense-tools tools
Cloning into 'tools'...
Password for git@git.pfense.org:
/code]

any issues on ssh key management ?

none

nanga

We're both out of luck  :'(. I get the same error here. I edited my key after the key truncation problem was fixed, and indeed it was fixed, but access to the repository isn't.

grandrivers

I cant access it either

shaqan

yeah, keeps asking for password.

Double-checked ssh key in portal.pfsense.org..

hege

same here :/

none

well,

at least its good to know its not only me.

I hope they post here any kind of tip to help us on this …

none

bmeeks

I had some private e-mail communications on Saturday with the maintainer of the Tools repo SSH access.  He is aware of the problems and working on it.

Bill

none

thanks for the info :)

none

bmeeks

Tools repo access via SSH public key is working for me as of Sunday evening.  The problem appears to have been resolved.

Thanks,

Bill

nanga

@bmeeks:

Tools repo access via SSH public key is working for me as of Sunday evening.  The problem appears to have been resolved.

Thanks,

Bill

Hey guys! Access to the -tools repository is working again  ;D.

none

hail,

it is back. thanks !!!

but I have issues with others repositories.

can anyone post their pfsense-build.conf?

mine looks like:

# set_version.sh generated defaults
export PFSENSE_VERSION=2.2-DEVELOPMENT
export FREEBSD_VERSION=10
export FREEBSD_BRANCH=stable/10
#export FREEBSD_REPO_BASE=git@git.pfmechanics.com:outsidemirrors/freebsd.git
export PFSENSETAG=RELENG_2_2
export CUSTOM_COPY_LIST=/usr/home/pfsense/tools/builder_scripts/conf/copylist/copy.list.RELENG_2_2
export BASE_DIR=/usr/home/pfsense
export BUILDER_TOOLS=/usr/home/pfsense/tools
export BUILDER_SCRIPTS=/usr/home/pfsense/tools/builder_scripts
export PFSPATCHFILE=/usr/home/pfsense/tools/builder_scripts/conf/patchlist/stable/10/patches
export PFSPATCHDIR=/usr/home/pfsense/tools/patches/stable/10
export EXTRA_DEVICES=
export GIT_FREEBSD_COSHA1=0d8378f52b85502c1b4affb9e3171b87840a9008
#export BUILD_ERROR_MAIL=
#export BUILD_COMPLETED_MAIL=
export PFSPORTSFILE=buildports.RELENG_2_2
export TARGET=amd64
export TARGET_ARCH=amd64
#export NO_CLEANFREEBSDOBJDIR=YES
#export NO_CLEANREPOS=YES
export USE_SVN=YES
export FREEBSD_REPO_BASE=https://svn0.us-west.freebsd.org/base
export GIT_REPO_PFSENSE=${GIT_REPO_PFSENSE:-"git://github.com/pfsense/pfsense.git"}
export GIT_REPO_TOOLS=${GIT_REPO_TOOLS:-"git@git.pfsense.org:pfsense-tools ${TOOLS_DIR}"}
export GIT_REPO_BSDINSTALLER=${GIT_REPO_BSDINSTALLER:-"git@git.pfsense.org:bsdinstaller.git"}
export GIT_REPO_TOOLS=${GIT_REPO_TOOLS:-"git@git.pfsense.org:pfsense-tools ${TOOLS_DIR}"}

anyone can compile it till have an usable image ?

ty,

none

Key4ce_angelo

but I have issues with others repositories.

Be more specific.. What trouble are expierencing ?