I'm trying to manage my mercurial repos on my server (Debian Lenny) with mercurial-server from LShift. I was using this tutorial: http://kurtgrandis.com/blog/2010/03/20/gitosis-for-mercurial/
But when I try to clone the hgadmin repo, ssh asks me for a password.
hg clone ssh://hg#MyMercurialServer/hgadmin
But I never had set a password for the hg user. It was created using the apt-get installation.
Normally, the authentication should be done with my public ssh key (which was copied to the keys/root directory from mercurial-server). But it seems, that mercurial-server don't uses my public key.
I also flushed the privileges with
sudo -u hg /usr/share/mercurial-server/refresh-auth
After copying the public key to the mercurial-server keys/root dir. Furthermore, I can't find any logfiles for mercurial-server.
Does anybody know, how to fix that?
Thanks.
zerkms, is correct -- debug the ssh directly first. Try something like:
ssh -v -v hg#MyMercurialServer
That'll let you know if your key is being sent and rejected or not sent. Also try adding -i path/to/private/key on the client to force sending the key.
The usual config problem in ssh key setups is permissions on the authorized_keys file on the ssh server side. It needs to be 0600 and the directory its in needs to be 0700. You can debug that stuff in /var/log/messages on the server side, where sshd will print a message if it's unwilling to trust the authorized_keys file due to permissions.
Related
I am trying to mount a remote filesystem on Google Container Engine. I am following this tutorial: https://www.digitalocean.com/community/tutorials/how-to-use-sshfs-to-mount-remote-file-systems-over-ssh
Using following sshfs command:
sudo sshfs -o sshfs_debug,allow_other <instance-name>.<region>.<project_id>:/home/<user_name> /mnt/gce-container
I am getting error:
SSHFS version 2.5
read: Connection reset by peer
I referred this link https://cloud.google.com/sdk/gcloud/reference/compute/config-ssh
and could login using ssh via following command:
$gcloud compute config-ssh
$ssh <instance-name>.<region>.<project_id>
Any ideas what might be going wrong here? I can't understand what keys and username should I use for sshfs login.
Update(11/5):
I am using following command:
sshfs -o IdentityFile=~/.ssh/google_compute_engine <user>#<ip>:~/ /mnt/gce`
I have chowned /mnt/gce folder for my user. I checked the IP matches the entry in ~/.ssh/config file. However I still get the error read: Connection reset by peer
The problem with command below is that
1) unless you have a static IP, it keeps changing on machine reboot
2) you need to use .pub file
sshfs -o IdentityFile=~/.ssh/google_compute_engine <user>#<ip>:~/ /mnt/gce
I finally got it working by following command:
sudo mkdir /mnt/gce
sudo chown <user> /mnt/gce
sshfs -o IdentityFile=~/.ssh/google_compute_engine.pub <user_name>#<instance-name>.<region>.<project_id>:/home/<user_name> /mnt/gce
A few things that might be the cause of the problem:
Don't use sshfs as root. It's a FUSE filesystem and meant to be user mounted.
Don't specify a full path as the remote FS. It's SSH, so by default, the $PWD on the remote side is the login user's $HOME.
if ssh works, sshfs will work. The easiest way is to make sure that ~/.ssh/config has an entry for the remote host with the user, port, etc provided.
If you get this from sshfs
read: Connection reset by peer
maybe help to set file to read only
chmod 400 /{{path_to_your_key}}/keypair.pem
and connect again.
I am trying to configure a Hudson job to copy result of Hudson job (consists of multiple files) into a Hudson server for results consolidation from multiple slaves. My intention is to use scp. Unfortunately, I have difficulties setting up the SSH public key/private key in windows environment (both slave and Hudson server are windows environment). I cannot migrate to Linux because I am not the owner of those machines.
I use the following procedures to set up the SSH public/private keys.
Configure ssh server in Hudson machine by performing the following:
cd C:\Program Files\OpenSSH\bin
mkgroup -l >> ..\etc\group
mkpasswd -l >> ..\etc\passwd
mkpasswd -d -u test >> ..\etc\passwd (Note: test is the user id used for SSH)
Download cygintl-2.dll & cygwin1.dll from http://samanthahalfon.net/resources/cygwin_includes.zip. Copy those dll files to C:\Program Files\OpenSSH\bin.
You will need to replace cygwin1.dll.
cd C:\Program Files\OpenSSH\etc
..\bin\chown test *
..\bin\chmod 600 *
Edit C:\Program Files\OpenSSH\etc\sshd_config with the following configuration:
Port 22
Protocol 2
StrictModes no
PubKeyAuthentication yes
AuthorizedKeysFile /c/home/test/.ssh/authorized_keys
PasswordAuthentication no
UserPrivilegeSeparation no
To start it as Windows service by executing: net start opensshd
Configure ssh public key in Hudson machine, so that the test automation script will not be prompted for password:
In slave machine, using "ssh-keygen -t dsa" command to create key pairs.
By default the key pairs (files: id_dsa & id_dsa.pub) will be generated to C:\Documents and Settings\test.ssh\
Using "scp id_dsa.pub test#XX.XX.XX.XX:.ssh/id_rsa_upload.pub" command to upload public key to Hudson Server.
i.e. scp id_dsa.pub test#XX.XX.XX.XX:.ssh/id_rsa_upload.pub
In Hudson server, go to directory C:\Program Files\OpenSSH.ssh, then execute "type id_rsa_upload.pub >>authorized_keys"
Exit and restart opensshd on Hudson server by executing "net stop opensshd" and "net start opensshd" now you can login ssh server without password.
In Hudson server, execute the following:
cd C:\Program Files\OpenSSH\
chown -R test .
chmod -R 700 .ssh
cd .ssh
chmod 600 authorized_keys
In slave machine, edit C:\Program Files\OpenSSH\etc\ssh_config. Specify "IdentityFile /c/home/test/id_dsa".
Test from your slave computer which SSH private key has been executed. In the slave machine, connect by executing:
ssh test#XX.XX.XX.XX (IP is Hudson server's IP)
Unfortunately, it still prompts for the pass phrase.
I looked into the following possibilities as workaround but the results are not positive:
a. shared drive in Hudson server mapped to a drive in slave machine - Hudson does not permit "copy result.html Y:"
b. sftp - it also requires public key
c. Found a proposed solution to overcome shared drive issue by using "copy result.html \XX.XX.XX.XX\test\" but I encountered access denied error as I have
no idea how to specify the user id and password using this method. Refer to: Hudson continuous integration server: how to see Windows mapped directories that are visible to Ant?
d: I have also looked into Hudson's plugin for any potential solution but could not find anything suitable or have no idea on the plugin usage.
It would be great if someone can spot my mistake in public key setup or propose an alternative solution for me to copy multiple files into Hudson server. Thanks
You need to identify what is wrong first -- server or client.
To verify server setup same key on any Linux/Mac client (which is much more transparent) and try to connect to the server.
To verify that ssh on your slave machine loads your dsa identity key try next:
ssh -i c:/home/test/id_dsa -v test#XX.XX.XX.XX
where -i would tell ssh where to get key and -v enables verbose mode which can help you to identify the problem.
How do i run
ssh-add key
sudo hg clone hg#bitbucket.org/etc/etc
but use my ssh keys and not the superusers.
Hey everyone, when i use sudo with for example, sudo hg clone hg#bitbucket.org/etc/etc after i have added a key to my user account it doesnt work. I remember this is because the sudo is ran as the superuser but that user cannot have keys added to it. I remember setting some directive (im using debian) that allowed me to run that command as sudo, but still have my ssh keys taken from my normal user account but i didnt make a note of it at the time. Thanks.
The answer by Ry4an pointed me in the right direction but I found that with the current version (1.6.4) of Hg at least, you need to put --ssh (or the equivalent -e) after the hg command.
e.g.
hg clone -e 'ssh -i /path/to/key' ssh://user#host/path
I see you found a way to have the sudo user chain off to your main user's key, but rather than using ssh-agent for something like that you're more secure explicitly specifying the key:
sudo hg --ssh '/usr/bin/ssh -i /path/to/private.key' clone hg#bitbucket.org/etc/etc
Is there any way to archive a Mercurial repository to a remote directory over SSH? For example, it would be nice if one could do the following:
hg archive ssh://user#example.com/path/to/archive
However, that does not appear to work. It instead creates a directory called ssh: in the current directory.
I made the following quick-and-dirty script that emulates the desired behavior by creating a temporary ZIP archive, copying it over SSH, and unzipping the destination directory. However, I would like to know if there is a better way.
if [[ $# != 1 ]]; then
echo "Usage: $0 [user#]hostname:remote_dir"
exit
fi
arg=$1
arg=${arg%/} # remove trailing slash
host=${arg%%:*}
remote_dir=${arg##*:}
# zip named to match lowest directory in $remote_dir
zip=${remote_dir##*/}.zip
# root of archive will match zip name
hg archive -t zip $zip
# make $remote_dir if it doesn't exist
ssh $host mkdir --parents $remote_dir
# copy zip over ssh into destination
scp $zip $host:$remote_dir
# unzip into containing directory (will prompt for overwrite)
ssh $host unzip $remote_dir/$zip -d $remote_dir/..
# clean up zips
ssh $host rm $remote_dir/$zip
rm $zip
Edit: clone-and-push would be ideal, but unfortunately the remote server does not have Mercurial installed.
Nope, this is not possible -- we always assume that there is a functioning Mercurial installation on the remote host.
I definitely agree with you that this functionality would be nice, but I think it would have to be made in an extension. Mercurial is not a general SCP/FTP/rsync file-copying program, so don't expect to see this functionality in the core.
This reminds me... perhaps you can built on the FTP extension to make it do what you want. Good luck! :-)
Have you considered simply having a clone on the remote and doing hg push to archive?
Could you use a ssh tunnel to mount a remote directory on your local machine and then just do standard hg clone and hg push operations 'locally' (as far as HG knows) but where they actually write to a filesystem which is on the remote computer?
It looks like there are several stackoverflow questions about doing this:
How do I mount a remote Linux folder in Windows through SSH?
Map SSH drive in Windows
How can I mount a remote directory on my computer?
I am often in a similar situation. The way I get around it is with sshfs.
sshfs me#somewhere-else:path/to/repo local/path/to/somewhere-else
hg archive local/path/to/somewhere-else
fusermount -r somewhere-else
The only disadvantage is sshfs is slower than nfs, samba or rsync. Generally I don't notice as I only rarely need to do anything in the remote file-system.
You could also simply execute hg on the remote host:
ssh user#example.com "cd /path/to/repo; hg archive -r 123 /path/to/archive"
I've installed the copssh on a windows 2008 server and then I tried to clone a reposity on the server through ssh. But no matter how hard I tried I couldn't fix this error i got. here is the log:
C:\Users\Admin>hg clone ssh://ehsan#rafsanjani.ir
The authenticity of host 'rafsanjani.ir (96.31.90.174)' can't be established.
RSA key fingerprint is 41:a8:41:21:61:1a:67:2c:e8:44:99:6c:63:e7:06:73.
Are you sure you want to continue connecting (yes/no)? yes
ehsan#rafsanjani.ir's password:
remote: Could not create directory '/home/Administrator/.ssh'.
remote: Failed to add the host to the list of known hosts (/home/Administrator/.ssh/known_hosts).
remote: /bin/bash: Permission denied
abort: no suitable response from remote hg!
I tried to login with administrator but i get the same error message. Also i changed the permission of the folder located in C:\Program Files (x86)\ICW\home\administrator so that ehsan has the full access to this folder.
also when I connect to the server with putty and use this command:
cd /home/administrator/.ssh
echo test>test
file test will create! so it seems that I have the permission to this folder!
this is log when i try to clone with administrator account:
C:\Users\Admin>hg clone ssh://administrator#rafsanjani.ir
The authenticity of host 'rafsanjani.ir (96.31.90.174)' can't be established.
RSA key fingerprint is 41:a8:41:21:61:1a:67:2c:e8:44:99:6c:63:e7:06:73.
Are you sure you want to continue connecting (yes/no)? yes
administrator#rafsanjani.ir's password:
remote: Could not create directory '/home/Administrator/.ssh'.
remote: Failed to add the host to the list of known hosts (/home/Administrator/.ssh/known_hosts).
remote: bash: hg: command not found
abort: no suitable response from remote hg!
The latest versions of copssh/cwrsync use cygwin 1.7 and require a HOME environment variable. So just add a HOME=%HOMEDRIVE%%HOMEPATH% variable and it should work right away. It did for me :)