Ssh
升級到 Wheezy 後無法再訪問 HG 儲存庫
我剛剛更新了基於 wheezy 7.1 的 proxmox 伺服器。到最新版本(3.1)。它充當中央 mercurial 儲存庫,也可以通過 ssh 訪問。從那時起,我似乎無法使用 ssh-hg 。
儲存庫託管在 /home/hg,通過 ~/.ssh/authorized_keys 中的命令前綴限制對儲存庫的訪問: command=“hg-ssh /home/hg/*” ssh-rsa AAAAB3NzaC1yc2EAXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX…"
我的 mercurial.ini:
[ui] username = hg <me@aCompany.com> ssh = C:\PROGRA~1\TORTOI~1\TORTOI~2.EXE -ssh -2 -i C:\pathToHGCert\cert.ppk
當我嘗試從 Mercurial Eclipse 或 TortoiseHG 拉取時,這就是我現在在伺服器 /var/log/auth.log 上得到的:
sshd[305458]: debug1: Forked child 305486. sshd[305486]: Set /proc/self/oom_score_adj to 0 sshd[305486]: debug1: rexec start in 5 out 5 newsock 5 pipe 7 sock 8 sshd[305486]: debug1: inetd sockets after dupping: 3, 3 sshd[305486]: Connection from xx.xx.xx.xx port 51306 sshd[305486]: debug1: Client protocol version 2.0; client software version PuTTY_Local:_Feb__4_2012_13:00:34 sshd[305486]: debug1: no match: PuTTY_Local:_Feb__4_2012_13:00:34 sshd[305486]: debug1: Enabling compatibility mode for protocol 2.0 sshd[305486]: debug1: Local version string SSH-2.0-OpenSSH_6.0p1 Debian-4 sshd[305486]: debug1: permanently_set_uid: 103/65534 [preauth] sshd[305486]: debug1: list_hostkey_types: ssh-rsa,ssh-dss [preauth] sshd[305486]: debug1: SSH2_MSG_KEXINIT sent [preauth] sshd[305486]: debug1: SSH2_MSG_KEXINIT received [preauth] sshd[305486]: debug1: kex: client->server aes256-ctr hmac-sha1 none [preauth] sshd[305486]: debug1: kex: server->client aes256-ctr hmac-sha1 none [preauth] sshd[305486]: debug1: SSH2_MSG_KEX_DH_GEX_REQUEST_OLD received [preauth] sshd[305486]: debug1: SSH2_MSG_KEX_DH_GEX_GROUP sent [preauth] sshd[305486]: debug1: expecting SSH2_MSG_KEX_DH_GEX_INIT [preauth] sshd[305486]: debug1: SSH2_MSG_KEX_DH_GEX_REPLY sent [preauth] sshd[305486]: debug1: SSH2_MSG_NEWKEYS sent [preauth] sshd[305486]: debug1: expecting SSH2_MSG_NEWKEYS [preauth] sshd[305486]: debug1: SSH2_MSG_NEWKEYS received [preauth] sshd[305486]: debug1: KEX done [preauth] sshd[305486]: debug1: userauth-request for user hg service ssh-connection method none [preauth] sshd[305486]: debug1: attempt 0 failures 0 [preauth] sshd[305486]: debug1: PAM: initializing for "hg" sshd[305486]: debug1: PAM: setting PAM_RHOST to "myProviderHostName" sshd[305486]: debug1: PAM: setting PAM_TTY to "ssh" sshd[305486]: debug1: userauth-request for user hg service ssh-connection method publickey [preauth] sshd[305486]: debug1: attempt 1 failures 0 [preauth] sshd[305486]: debug1: test whether pkalg/pkblob are acceptable [preauth] sshd[305486]: debug1: Checking blacklist file /usr/share/ssh/blacklist.RSA-2048 sshd[305486]: debug1: Checking blacklist file /etc/ssh/blacklist.RSA-2048 sshd[305486]: debug1: temporarily_use_uid: 1002/1002 (e=0/0) sshd[305486]: debug1: trying public key file /home/hg/.ssh/authorized_keys sshd[305486]: debug1: fd 4 clearing O_NONBLOCK sshd[305486]: debug1: matching key found: file /home/hg/.ssh/authorized_keys, line 2 sshd[305486]: Found matching RSA key: xx:xx:xx:xx:xx:xx:xx:xx:xx:xx:xx:xx:xx:xx:xx:xx sshd[305486]: debug1: restore_uid: 0/0 sshd[305486]: Postponed publickey for hg from xx.xx.xx.xx port 51306 ssh2 [preauth] sshd[305486]: debug1: userauth-request for user hg service ssh-connection method publickey [preauth] sshd[305486]: debug1: attempt 2 failures 0 [preauth] sshd[305486]: debug1: Checking blacklist file /usr/share/ssh/blacklist.RSA-2048 sshd[305486]: debug1: Checking blacklist file /etc/ssh/blacklist.RSA-2048 sshd[305486]: debug1: temporarily_use_uid: 1002/1002 (e=0/0) sshd[305486]: debug1: trying public key file /home/hg/.ssh/authorized_keys sshd[305486]: debug1: fd 4 clearing O_NONBLOCK sshd[305486]: debug1: matching key found: file /home/hg/.ssh/authorized_keys, line 2 sshd[305486]: Found matching RSA key: xx:xx:xx:xx:xx:xx:xx:xx:xx:xx:xx:xx:xx:xx:xx:xx sshd[305486]: debug1: restore_uid: 0/0 sshd[305486]: debug1: ssh_rsa_verify: signature correct sshd[305486]: debug1: do_pam_account: called sshd[305486]: Accepted publickey for hg from xx.xx.xx.xx port 51306 ssh2 sshd[305486]: debug1: monitor_read_log: child log fd closed sshd[305486]: debug1: monitor_child_preauth: hg has been authenticated by privileged process sshd[305486]: debug1: PAM: establishing credentials sshd[305486]: pam_unix(sshd:session): session opened for user hg by (uid=0) sshd[305486]: User child is on pid 305509 sshd[305509]: debug1: SELinux support disabled sshd[305509]: debug1: PAM: establishing credentials sshd[305509]: debug1: permanently_set_uid: 1002/1002 sshd[305509]: debug1: Entering interactive session for SSH2. sshd[305509]: debug1: server_init_dispatch_20 sshd[305509]: debug1: server_input_channel_open: ctype session rchan 256 win 16384 max 16384 sshd[305509]: debug1: input_session_request sshd[305509]: debug1: channel 0: new [server-session] sshd[305509]: debug1: session_new: session 0 sshd[305509]: debug1: session_open: channel 0 sshd[305509]: debug1: session_open: session 0: link with channel 0 sshd[305509]: debug1: server_input_channel_open: confirm session sshd[305246]: debug1: server_input_channel_req: channel 0 request winadj@putty.projects.tartarus.org reply 1 sshd[305246]: debug1: session_by_channel: session 0 channel 0 sshd[305246]: debug1: session_input_channel_req: session 0 req winadj@putty.projects.tartarus.org sshd[305509]: debug1: server_input_channel_req: channel 0 request exec reply 1 sshd[305509]: debug1: session_by_channel: session 0 channel 0 sshd[305509]: debug1: session_input_channel_req: session 0 req exec sshd[305509]: debug1: Forced command (key option) 'hg-ssh /home/hg/*' sshd[305509]: debug1: Received SIGCHLD. sshd[305509]: debug1: session_by_pid: pid 305510 sshd[305509]: debug1: session_exit_message: session 0 channel 0 pid 305510 sshd[305509]: debug1: session_exit_message: release channel 0 sshd[305509]: debug1: session_by_channel: session 0 channel 0 sshd[305509]: debug1: session_close_by_channel: channel 0 child 0 sshd[305509]: debug1: session_close: session 0 pid 0 sshd[305509]: debug1: channel 0: free: server-session, nchannels 1 sshd[305509]: Connection closed by xx.xx.xx.xx sshd[305509]: debug1: do_cleanup sshd[305509]: Transferred: sent 3304, received 2512 bytes sshd[305509]: Closing connection to xx.xx.xx.xx port 51306 sshd[305486]: debug1: PAM: cleanup sshd[305486]: debug1: PAM: closing session sshd[305486]: pam_unix(sshd:session): session closed for user hg sshd[305486]: debug1: PAM: deleting credentials
有趣的是,我可以使用不受限制的授權密鑰和膩子登錄到具有相同證書的伺服器。
Putty Version 0.62/0.63 TortoisePlink 0.61.0.9078 (ships with TortoiseHg 2.9, TortoiseHg 2.8.2, and probably before)
可能是 Wheezy 引入了一些 Putty 可以應對而過時的 TortoisePlink 無法應對的變化?
該
hg-ssh
命令由於某種原因失敗。檢查它是否記錄了任何東西(單獨),檢查它的配置,確保它實際上仍然安裝,等等。