Tools Repo Access errors



  • We've been experience a database issue causing SSH access keys to be truncated.  Amember which runs the portal subscription service seems to be issuing a alter table command on the database, possibly via a cron job, that changes the object size (to 255 from our setting of 1024).  This causes both new keys and existing keys to get truncated and fail.

    We hope to have a fix in the next day or so.



  • @jporter:

    that changes the object size (to 255 from our setting of 1024).  This causes both new keys and existing keys to get truncated and fail.

    Thank you for this explanation. It make much clearer now. You know, I thought many times it was just me, pasting the key wrong (because I checked also my key size which was about 400 bytes). LOL.



  • jporter,

    I get:

    [root@pfsense-22:/tmp/git-teste # git clone git@git.pfsense.org:pfsense-tools tools
    Cloning into 'tools'...
    ssh_exchange_identification: Connection closed by remote host
    fatal: Could not read from remote repository.
    
    Please make sure you have the correct access rights
    and the repository exists.
    root@pfsense-22:/tmp/git-teste # 
    /code]
    
    I add default size dsa keys to the profile page. Should there include the sha-dss and the login@machine ?
    
    What I'm doing wrong here ?
    
    thanks,
    
    


  • Maybe you are not doing anything wrong. About week a go got same error 2 days in row. I knew the git clone syntax I used was correct. Have'nt tried since, figuring it's bound to be fixed sooner or later.



  • Please note "DNS lookup error: general failure" and "Password for git@git.pfense.org:"

    
    $ ssh -Tv git@git.pfsense.org
    OpenSSH_6.4, OpenSSL 1.0.1e-freebsd 11 Feb 2013
    debug1: Reading configuration data /home/user/.ssh/config
    debug1: /home/user/.ssh/config line 7: Applying options for git.pfsense.org
    debug1: Reading configuration data /etc/ssh/ssh_config
    debug1: Connecting to git.pfsense.org [208.123.73.74] port 22.
    debug1: Connection established.
    debug1: identity file /home/user/.ssh/pfsense2_dsa type 2
    debug1: identity file /home/user/.ssh/pfsense2_dsa-cert type -1
    debug1: Enabling compatibility mode for protocol 2.0
    debug1: Local version string SSH-2.0-OpenSSH_6.4_hpn13v11 FreeBSD-20131111
    ssh_exchange_identification: Connection closed by remote host
    $ ssh -Tv git@git.pfsense.org
    OpenSSH_6.4, OpenSSL 1.0.1e-freebsd 11 Feb 2013
    debug1: Reading configuration data /home/user/.ssh/config
    debug1: /home/user/.ssh/config line 7: Applying options for git.pfsense.org
    debug1: Reading configuration data /etc/ssh/ssh_config
    debug1: Connecting to git.pfsense.org [208.123.73.74] port 22.
    debug1: Connection established.
    debug1: identity file /home/user/.ssh/pfsense2_dsa type 2
    debug1: identity file /home/user/.ssh/pfsense2_dsa-cert type -1
    debug1: Enabling compatibility mode for protocol 2.0
    debug1: Local version string SSH-2.0-OpenSSH_6.4_hpn13v11 FreeBSD-20131111
    ssh_exchange_identification: Connection closed by remote host
    $ ssh -Tv git@git.pfsense.org
    OpenSSH_6.4, OpenSSL 1.0.1e-freebsd 11 Feb 2013
    debug1: Reading configuration data /home/user/.ssh/config
    debug1: /home/user/.ssh/config line 7: Applying options for git.pfsense.org
    debug1: Reading configuration data /etc/ssh/ssh_config
    debug1: Connecting to git.pfsense.org [208.123.73.74] port 22.
    debug1: Connection established.
    debug1: identity file /home/user/.ssh/pfsense2_dsa type 2
    debug1: identity file /home/user/.ssh/pfsense2_dsa-cert type -1
    debug1: Enabling compatibility mode for protocol 2.0
    debug1: Local version string SSH-2.0-OpenSSH_6.4_hpn13v11 FreeBSD-20131111
    debug1: Remote protocol version 2.0, remote software version OpenSSH_6.4_hpn13v11 FreeBSD-20131111
    debug1: match: OpenSSH_6.4_hpn13v11 FreeBSD-20131111 pat OpenSSH*
    debug1: SSH2_MSG_KEXINIT sent
    debug1: SSH2_MSG_KEXINIT received
    debug1: kex: server->client aes128-ctr hmac-md5-etm@openssh.com none
    debug1: kex: client->server aes128-ctr hmac-md5-etm@openssh.com none
    debug1: sending SSH2_MSG_KEX_ECDH_INIT
    debug1: expecting SSH2_MSG_KEX_ECDH_REPLY
    debug1: Server host key: ECDSA 52:7b:22:f9:3b:7e:dd:85:85:1a:a5:98:b8:8f:7f:62
    DNS lookup error: general failure
    The authenticity of host 'git.pfsense.org (208.123.73.74)' can't be established.
    ECDSA key fingerprint is 52:7b:22:f9:3b:7e:dd:85:85:1a:a5:98:b8:8f:7f:62.
    No matching host key fingerprint found in DNS.
    Are you sure you want to continue connecting (yes/no)? yes
    Warning: Permanently added 'git.pfsense.org' (ECDSA) to the list of known hosts.
    debug1: ssh_ecdsa_verify: signature correct
    debug1: SSH2_MSG_NEWKEYS sent
    debug1: expecting SSH2_MSG_NEWKEYS
    debug1: SSH2_MSG_NEWKEYS received
    debug1: Roaming not allowed by server
    debug1: SSH2_MSG_SERVICE_REQUEST sent
    debug1: SSH2_MSG_SERVICE_ACCEPT received
    debug1: Authentications that can continue: publickey,keyboard-interactive
    debug1: Next authentication method: publickey
    debug1: Offering DSA public key: /home/user/.ssh/pfsense2_dsa
    debug1: Authentications that can continue: publickey,keyboard-interactive
    debug1: Next authentication method: keyboard-interactive
    Password for git@git.pfense.org:
    
    


  • no luck here:

    [root@pfsense-22:/tmp/git-teste # git clone git@git.pfsense.org:pfsense-tools tools
    Cloning into 'tools'...
    Password for git@git.pfense.org:
    /code]
    
    any issues on ssh key management ?
    
    none
    


  • We're both out of luck  :'(. I get the same error here. I edited my key after the key truncation problem was fixed, and indeed it was fixed, but access to the repository isn't.



  • I cant access it either



  • yeah, keeps asking for password.

    Double-checked ssh key in portal.pfsense.org..



  • same here :/



  • well,

    at least its good to know its not only me.

    I hope they post here any kind of tip to help us on this …

    none



  • I had some private e-mail communications on Saturday with the maintainer of the Tools repo SSH access.  He is aware of the problems and working on it.

    Bill



  • thanks for the info :)

    none



  • Tools repo access via SSH public key is working for me as of Sunday evening.  The problem appears to have been resolved.

    Thanks,

    Bill



  • @bmeeks:

    Tools repo access via SSH public key is working for me as of Sunday evening.  The problem appears to have been resolved.

    Thanks,

    Bill

    Hey guys! Access to the -tools repository is working again  ;D.



  • hail,

    it is back. thanks !!!

    but I have issues with others repositories.

    can anyone post their pfsense-build.conf?

    mine looks like:

    # set_version.sh generated defaults
    export PFSENSE_VERSION=2.2-DEVELOPMENT
    export FREEBSD_VERSION=10
    export FREEBSD_BRANCH=stable/10
    #export FREEBSD_REPO_BASE=git@git.pfmechanics.com:outsidemirrors/freebsd.git
    export PFSENSETAG=RELENG_2_2
    export CUSTOM_COPY_LIST=/usr/home/pfsense/tools/builder_scripts/conf/copylist/copy.list.RELENG_2_2
    export BASE_DIR=/usr/home/pfsense
    export BUILDER_TOOLS=/usr/home/pfsense/tools
    export BUILDER_SCRIPTS=/usr/home/pfsense/tools/builder_scripts
    export PFSPATCHFILE=/usr/home/pfsense/tools/builder_scripts/conf/patchlist/stable/10/patches
    export PFSPATCHDIR=/usr/home/pfsense/tools/patches/stable/10
    export EXTRA_DEVICES=
    export GIT_FREEBSD_COSHA1=0d8378f52b85502c1b4affb9e3171b87840a9008
    #export BUILD_ERROR_MAIL=
    #export BUILD_COMPLETED_MAIL=
    export PFSPORTSFILE=buildports.RELENG_2_2
    export TARGET=amd64
    export TARGET_ARCH=amd64
    #export NO_CLEANFREEBSDOBJDIR=YES
    #export NO_CLEANREPOS=YES
    export USE_SVN=YES
    export FREEBSD_REPO_BASE=https://svn0.us-west.freebsd.org/base
    export GIT_REPO_PFSENSE=${GIT_REPO_PFSENSE:-"git://github.com/pfsense/pfsense.git"}
    export GIT_REPO_TOOLS=${GIT_REPO_TOOLS:-"git@git.pfsense.org:pfsense-tools ${TOOLS_DIR}"}
    export GIT_REPO_BSDINSTALLER=${GIT_REPO_BSDINSTALLER:-"git@git.pfsense.org:bsdinstaller.git"}
    export GIT_REPO_TOOLS=${GIT_REPO_TOOLS:-"git@git.pfsense.org:pfsense-tools ${TOOLS_DIR}"}
    
    

    anyone can compile it till have an usable image ?

    ty,

    none



  • but I have issues with others repositories.

    Be more specific.. What trouble are expierencing ?


Log in to reply