DevHeads.net

fedpkg clone doesn*t work

I tried

fedpkg clone lollypop

Cloning into 'lollypop'...
... at pkgs dot fedoraproject.org: Permission denied (publickey).
fatal: Could not read from remote repository.

Please make sure you have the correct access rights
and the repository exists.
Could not execute clone: Failed to execute command.

[martin@f28 fedora-scm]$ fedpkg clone lollypop
Cloning into 'lollypop'...
Enter passphrase for key '/home/martin/.ssh/id_rsa':
packet_write_wait: Connection to 209.132.181.4 port 22: Broken pipe
fatal: Could not read from remote repository.

Please make sure you have the correct access rights
and the repository exists.
Could not execute clone: Failed to execute command.

[martin@f28 fedora-scm]$ ssh -vT 209.132.181.4
OpenSSH_7.8p1, OpenSSL 1.1.0h-fips 27 Mar 2018
debug1: Reading configuration data /home/martin/.ssh/config
debug1: Reading configuration data /etc/ssh/ssh_config
debug1: Reading configuration data /etc/ssh/ssh_config.d/05-redhat.conf
debug1: Reading configuration data /etc/crypto-policies/back-ends/openssh.config
debug1: /etc/ssh/ssh_config.d/05-redhat.conf line 8: Applying options for *
debug1: Connecting to 209.132.181.4 [209.132.181.4] port 22.
debug1: Connection established.
debug1: identity file /home/martin/.ssh/id_rsa type 0
debug1: identity file /home/martin/.ssh/id_rsa-cert type -1
debug1: identity file /home/martin/.ssh/id_dsa type -1
debug1: identity file /home/martin/.ssh/id_dsa-cert type -1
debug1: identity file /home/martin/.ssh/id_ecdsa type -1
debug1: identity file /home/martin/.ssh/id_ecdsa-cert type -1
debug1: identity file /home/martin/.ssh/id_ed25519 type -1
debug1: identity file /home/martin/.ssh/id_ed25519-cert type -1
debug1: identity file /home/martin/.ssh/id_xmss type -1
debug1: identity file /home/martin/.ssh/id_xmss-cert type -1
debug1: Local version string SSH-2.0-OpenSSH_7.8
debug1: Remote protocol version 2.0, remote software version OpenSSH_7.4
debug1: match: OpenSSH_7.4 pat OpenSSH_7.0*,OpenSSH_7.1*,OpenSSH_7.2*,OpenSSH_7.3*,OpenSSH_7.4*,OpenSSH_7.5*,OpenSSH_7.6*,OpenSSH_7.7* compat 0x04000002
debug1: Authenticating to 209.132.181.4:22 as 'martin'
debug1: SSH2_MSG_KEXINIT sent
debug1: SSH2_MSG_KEXINIT received
debug1: kex: algorithm: <a href="mailto:curve25519- ... at libssh dot org">curve25519- ... at libssh dot org</a>
debug1: kex: host key algorithm: <a href="mailto:ssh-rsa-cert- ... at openssh dot com">ssh-rsa-cert- ... at openssh dot com</a>
debug1: kex: server->client cipher: <a href="mailto:aes256- ... at openssh dot com">aes256- ... at openssh dot com</a> MAC: <implicit> compression: none
debug1: kex: client->server cipher: <a href="mailto:aes256- ... at openssh dot com">aes256- ... at openssh dot com</a> MAC: <implicit> compression: none
debug1: kex: <a href="mailto:curve25519- ... at libssh dot org">curve25519- ... at libssh dot org</a> need=32 dh_need=32
debug1: kex: <a href="mailto:curve25519- ... at libssh dot org">curve25519- ... at libssh dot org</a> need=32 dh_need=32
debug1: expecting SSH2_MSG_KEX_ECDH_REPLY
debug1: Server host certificate: <a href="mailto:ssh-rsa-cert- ... at openssh dot com">ssh-rsa-cert- ... at openssh dot com</a> SHA256:Q12OTyTeOHWlS54dTzy2BNu7wB8UKNf18+7WHIDsORc, serial 1534273416 ID "pkgs02.phx2.fedoraproject.org" CA ssh-rsa SHA256:IPuhCSNXqj4m2eq6UKYE1jHFglLgLCbBzINft+OxUMA valid from 2018-08-14T20:03:36 to 2019-08-13T21:03:36
debug1: No matching CA found. Retry with plain key
debug1: Host '209.132.181.4' is known and matches the RSA host key.
debug1: Found key in /home/martin/.ssh/known_hosts:3
debug1: rekey after 4294967296 blocks
debug1: SSH2_MSG_NEWKEYS sent
debug1: expecting SSH2_MSG_NEWKEYS
debug1: SSH2_MSG_NEWKEYS received
debug1: rekey after 4294967296 blocks
debug1: SSH2_MSG_EXT_INFO received
debug1: kex_input_ext_info: server-sig-algs=<rsa-sha2-256,rsa-sha2-512>
debug1: SSH2_MSG_SERVICE_ACCEPT received
debug1: Authentications that can continue: publickey
debug1: Next authentication method: publickey
debug1: Offering public key: RSA SHA256:82HdmjCwCpo/Ko2UZQVjBlOB4w+ma4vqMvXhqsE9WSU /home/martin/.ssh/id_rsa
debug1: Authentications that can continue: publickey
debug1: Trying private key: /home/martin/.ssh/id_dsa
debug1: Trying private key: /home/martin/.ssh/id_ecdsa
debug1: Trying private key: /home/martin/.ssh/id_ed25519
debug1: Trying private key: /home/martin/.ssh/id_xmss
debug1: No more authentication methods to try.
... at 209 dot 132.181.4: Permission denied (publickey).

Thanks for your help

Comments

Re: fedpkg clone doesn*t work

By Pavel Zhukov at 09/12/2018 - 02:08

There's nothing to do with keys.
Similar issue was reported in ArchLinux:
<a href="https://bugs.archlinux.org/task/59838" title="https://bugs.archlinux.org/task/59838">https://bugs.archlinux.org/task/59838</a>

I'm able clone repo from my F27 machine but F28 one with openssh-7.8p1-1.fc28.x86_64
failed with:

debug1: Offering public key: RSA SHA256:[...]
debug1: send_pubkey_test: no mutual signature algorithm

"Martin Gansser" <martin. ... at gmail dot com> writes:

Re: fedpkg clone doesn*t work

By Pavel Zhukov at 09/12/2018 - 02:12

Bug report:
<a href="https://bugzilla.redhat.com/show_bug.cgi?id=1627875" title="https://bugzilla.redhat.com/show_bug.cgi?id=1627875">https://bugzilla.redhat.com/show_bug.cgi?id=1627875</a>

"Martin Gansser" <martin. ... at gmail dot com> writes:

Re: fedpkg clone doesn*t work

By Jakub Jelen at 09/12/2018 - 04:25

On Wed, 2018-09-12 at 09:12 +0200, Pavel Zhukov wrote:
All the above things, clonning and ssh to fedorapeople.org works for me
just fine with my RSA key added to the fedora account. Can you share
your configuration (ssh -G fedorapeople.org) and more verbose logs (ssh
-vvv <a href="mailto:your- ... at fedorapeople dot org">your- ... at fedorapeople dot org</a>)?

Jakub

Re: fedpkg clone doesn*t work

By Martin Gansser at 09/12/2018 - 09:40

i have shared theinformartion on [1]

when i am trying to save the public rsa key on the fedora account, i get this error message:

500 Internal error
The server encountered an unexpected condition which prevented it from fulfilling the request.
Powered by CherryPy 2.3.0

[1] <a href="https://files.fm/u/yjyfxz4m" title="https://files.fm/u/yjyfxz4m">https://files.fm/u/yjyfxz4m</a>

Re: fedpkg clone doesn*t work

By Martin Gansser at 10/01/2018 - 09:41

problem solved for my by adding the rsa key in paguera,
now i have access in fedorapeople also.
<a href="https://docs.pagure.org/pagure/usage/first_steps.html" title="https://docs.pagure.org/pagure/usage/first_steps.html">https://docs.pagure.org/pagure/usage/first_steps.html</a>

Re: fedpkg clone doesn*t work

By =?ISO-8859-1?Q?... at 09/10/2018 - 07:52

On Mon, 2018-09-10 at 11:26 +0000, Martin Gansser wrote:
you public key seems that is not correct

Re: fedpkg clone doesn*t work

By Martin Gansser at 09/10/2018 - 09:58

every time I edit my account, the public ssh key is missing.

the FSA public SSH-key and the key in .ssh/id_rsa.pub are the same.

Re: fedpkg clone doesn*t work

By Dennis Gilmore at 09/11/2018 - 09:36

El lun, 10-09-2018 a las 14:58 +0000, Martin Gansser escribió:
Can you ssh to fedorapeople.org?

Dennis

Re: fedpkg clone doesn*t work

By Martin Gansser at 09/12/2018 - 01:45

isn't possible.

[martin@f28 ~]$ ssh -i ~/.ssh/id_rsa <a href="mailto: ... at fedorapeople dot org"> ... at fedorapeople dot org</a>
packet_write_wait: Connection to 152.19.134.199 port 22: Broken pipe

Re: fedpkg clone doesn*t work

By Pavel Zhukov at 09/12/2018 - 02:20

"Martin Gansser" <martin. ... at gmail dot com> writes:

Re: fedpkg clone doesn*t work

By =?UTF-8?Q?I=C3=... at 09/10/2018 - 07:38

El lun., 10 sept. 2018 a las 13:27, Martin Gansser
(<martin. ... at gmail dot com>) escribió:
This is not a fedpkg issue. The ssh authentication is failing. Is your
public key for that computer defined in your FAS account? Did you
check file permissions under ~/.ssh/?

Iñaki

Re: fedpkg clone doesn*t work

By Manas Mangaonkar at 09/10/2018 - 06:52

Clone as anonymous,fepkg clone -a whatever

On Mon, Sep 10, 2018, 4:56 PM Martin Gansser <martin. ... at gmail dot com>
wrote:

Re: fedpkg clone doesn*t work

By Martin Gansser at 09/10/2018 - 07:25

curious, that work, but why only anonymous ?