Ssh

升級到 Wheezy 後無法再訪問 HG 儲存庫

  • August 29, 2013

我剛剛更新了基於 wheezy 7.1 的 proxmox 伺服器。到最新版本(3.1)。它充當中央 mercurial 儲存庫,也可以通過 ssh 訪問。從那時起,我似乎無法使用 ssh-hg 。

儲存庫託管在 /home/hg,通過 ~/.ssh/authorized_keys 中的命令前綴限制對儲存庫的訪問: command=“hg-ssh /home/hg/*” ssh-rsa AAAAB3NzaC1yc2EAXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX…"

我的 mercurial.ini:

[ui]
username = hg <me@aCompany.com>
ssh = C:\PROGRA~1\TORTOI~1\TORTOI~2.EXE -ssh -2 -i C:\pathToHGCert\cert.ppk

當我嘗試從 Mercurial Eclipse 或 TortoiseHG 拉取時,這就是我現在在伺服器 /var/log/auth.log 上得到的:

sshd[305458]: debug1: Forked child 305486.
sshd[305486]: Set /proc/self/oom_score_adj to 0
sshd[305486]: debug1: rexec start in 5 out 5 newsock 5 pipe 7 sock 8
sshd[305486]: debug1: inetd sockets after dupping: 3, 3
sshd[305486]: Connection from xx.xx.xx.xx port 51306
sshd[305486]: debug1: Client protocol version 2.0; client software version PuTTY_Local:_Feb__4_2012_13:00:34
sshd[305486]: debug1: no match: PuTTY_Local:_Feb__4_2012_13:00:34
sshd[305486]: debug1: Enabling compatibility mode for protocol 2.0
sshd[305486]: debug1: Local version string SSH-2.0-OpenSSH_6.0p1 Debian-4
sshd[305486]: debug1: permanently_set_uid: 103/65534 [preauth]
sshd[305486]: debug1: list_hostkey_types: ssh-rsa,ssh-dss [preauth]
sshd[305486]: debug1: SSH2_MSG_KEXINIT sent [preauth]
sshd[305486]: debug1: SSH2_MSG_KEXINIT received [preauth]
sshd[305486]: debug1: kex: client->server aes256-ctr hmac-sha1 none [preauth]
sshd[305486]: debug1: kex: server->client aes256-ctr hmac-sha1 none [preauth]
sshd[305486]: debug1: SSH2_MSG_KEX_DH_GEX_REQUEST_OLD received [preauth]
sshd[305486]: debug1: SSH2_MSG_KEX_DH_GEX_GROUP sent [preauth]
sshd[305486]: debug1: expecting SSH2_MSG_KEX_DH_GEX_INIT [preauth]
sshd[305486]: debug1: SSH2_MSG_KEX_DH_GEX_REPLY sent [preauth]
sshd[305486]: debug1: SSH2_MSG_NEWKEYS sent [preauth]
sshd[305486]: debug1: expecting SSH2_MSG_NEWKEYS [preauth]
sshd[305486]: debug1: SSH2_MSG_NEWKEYS received [preauth]
sshd[305486]: debug1: KEX done [preauth]
sshd[305486]: debug1: userauth-request for user hg service ssh-connection method none [preauth]
sshd[305486]: debug1: attempt 0 failures 0 [preauth]
sshd[305486]: debug1: PAM: initializing for "hg"
sshd[305486]: debug1: PAM: setting PAM_RHOST to "myProviderHostName"
sshd[305486]: debug1: PAM: setting PAM_TTY to "ssh"
sshd[305486]: debug1: userauth-request for user hg service ssh-connection method publickey [preauth]
sshd[305486]: debug1: attempt 1 failures 0 [preauth]
sshd[305486]: debug1: test whether pkalg/pkblob are acceptable [preauth]
sshd[305486]: debug1: Checking blacklist file /usr/share/ssh/blacklist.RSA-2048
sshd[305486]: debug1: Checking blacklist file /etc/ssh/blacklist.RSA-2048
sshd[305486]: debug1: temporarily_use_uid: 1002/1002 (e=0/0)
sshd[305486]: debug1: trying public key file /home/hg/.ssh/authorized_keys
sshd[305486]: debug1: fd 4 clearing O_NONBLOCK
sshd[305486]: debug1: matching key found: file /home/hg/.ssh/authorized_keys, line 2
sshd[305486]: Found matching RSA key: xx:xx:xx:xx:xx:xx:xx:xx:xx:xx:xx:xx:xx:xx:xx:xx
sshd[305486]: debug1: restore_uid: 0/0
sshd[305486]: Postponed publickey for hg from xx.xx.xx.xx port 51306 ssh2 [preauth]
sshd[305486]: debug1: userauth-request for user hg service ssh-connection method publickey [preauth]
sshd[305486]: debug1: attempt 2 failures 0 [preauth]
sshd[305486]: debug1: Checking blacklist file /usr/share/ssh/blacklist.RSA-2048
sshd[305486]: debug1: Checking blacklist file /etc/ssh/blacklist.RSA-2048
sshd[305486]: debug1: temporarily_use_uid: 1002/1002 (e=0/0)
sshd[305486]: debug1: trying public key file /home/hg/.ssh/authorized_keys
sshd[305486]: debug1: fd 4 clearing O_NONBLOCK
sshd[305486]: debug1: matching key found: file /home/hg/.ssh/authorized_keys, line 2
sshd[305486]: Found matching RSA key: xx:xx:xx:xx:xx:xx:xx:xx:xx:xx:xx:xx:xx:xx:xx:xx
sshd[305486]: debug1: restore_uid: 0/0
sshd[305486]: debug1: ssh_rsa_verify: signature correct
sshd[305486]: debug1: do_pam_account: called
sshd[305486]: Accepted publickey for hg from xx.xx.xx.xx port 51306 ssh2
sshd[305486]: debug1: monitor_read_log: child log fd closed
sshd[305486]: debug1: monitor_child_preauth: hg has been authenticated by privileged process
sshd[305486]: debug1: PAM: establishing credentials
sshd[305486]: pam_unix(sshd:session): session opened for user hg by (uid=0)
sshd[305486]: User child is on pid 305509
sshd[305509]: debug1: SELinux support disabled
sshd[305509]: debug1: PAM: establishing credentials
sshd[305509]: debug1: permanently_set_uid: 1002/1002
sshd[305509]: debug1: Entering interactive session for SSH2.
sshd[305509]: debug1: server_init_dispatch_20
sshd[305509]: debug1: server_input_channel_open: ctype session rchan 256 win 16384 max 16384
sshd[305509]: debug1: input_session_request
sshd[305509]: debug1: channel 0: new [server-session]
sshd[305509]: debug1: session_new: session 0
sshd[305509]: debug1: session_open: channel 0
sshd[305509]: debug1: session_open: session 0: link with channel 0
sshd[305509]: debug1: server_input_channel_open: confirm session
sshd[305246]: debug1: server_input_channel_req: channel 0 request winadj@putty.projects.tartarus.org reply 1
sshd[305246]: debug1: session_by_channel: session 0 channel 0
sshd[305246]: debug1: session_input_channel_req: session 0 req winadj@putty.projects.tartarus.org
sshd[305509]: debug1: server_input_channel_req: channel 0 request exec reply 1
sshd[305509]: debug1: session_by_channel: session 0 channel 0
sshd[305509]: debug1: session_input_channel_req: session 0 req exec
sshd[305509]: debug1: Forced command (key option) 'hg-ssh /home/hg/*'
sshd[305509]: debug1: Received SIGCHLD.
sshd[305509]: debug1: session_by_pid: pid 305510
sshd[305509]: debug1: session_exit_message: session 0 channel 0 pid 305510
sshd[305509]: debug1: session_exit_message: release channel 0
sshd[305509]: debug1: session_by_channel: session 0 channel 0
sshd[305509]: debug1: session_close_by_channel: channel 0 child 0
sshd[305509]: debug1: session_close: session 0 pid 0
sshd[305509]: debug1: channel 0: free: server-session, nchannels 1
sshd[305509]: Connection closed by xx.xx.xx.xx
sshd[305509]: debug1: do_cleanup
sshd[305509]: Transferred: sent 3304, received 2512 bytes
sshd[305509]: Closing connection to xx.xx.xx.xx port 51306
sshd[305486]: debug1: PAM: cleanup
sshd[305486]: debug1: PAM: closing session
sshd[305486]: pam_unix(sshd:session): session closed for user hg
sshd[305486]: debug1: PAM: deleting credentials

有趣的是,我可以使用不受限制的授權密鑰和膩子登錄到具有相同證書的伺服器。

Putty Version 0.62/0.63
TortoisePlink 0.61.0.9078 (ships with TortoiseHg 2.9, TortoiseHg 2.8.2, and probably before)

可能是 Wheezy 引入了一些 Putty 可以應對而過時的 TortoisePlink 無法應對的變化?

hg-ssh命令由於某種原因失敗。檢查它是否記錄了任何東西(單獨),檢查它的配置,確保它實際上仍然安裝,等等。

引用自:https://serverfault.com/questions/534663