Bug 56969 - can't ssh to people.freedesktop.org
Summary: can't ssh to people.freedesktop.org
Status: RESOLVED INVALID
Alias: None
Product: freedesktop.org
Classification: Unclassified
Component: Account Modification Requests (show other bugs)
Version: unspecified
Hardware: x86 (IA32) Linux (All)
: medium normal
Assignee: fd.o Admin Massive
QA Contact:
URL:
Whiteboard:
Keywords:
Depends on:
Blocks:
 
Reported: 2012-11-10 23:07 UTC by sreerenj
Modified: 2019-02-16 16:32 UTC (History)
0 users

See Also:
i915 platform:
i915 features:


Attachments
gpg key (1.67 KB, text/plain)
2014-05-16 09:12 UTC, sreerenj
Details
key-fdo.pub (399 bytes, text/plain)
2014-05-16 09:13 UTC, sreerenj
Details
gpgkey (963 bytes, patch)
2014-05-21 11:13 UTC, sreerenj
Details | Splinter Review
gpgkey signature (1.14 KB, text/plain)
2014-05-21 11:14 UTC, sreerenj
Details
gpg.key (1.85 KB, text/plain)
2014-06-16 20:22 UTC, sreerenj
Details

Description sreerenj 2012-11-10 23:07:14 UTC
My fdo account has been created as per 
https://bugs.freedesktop.org/show_bug.cgi?id=39171 

But I didn't access it for a long time.

Now,

ssh -v -i ~/.ssh/mykey-fdo sree@people.freedesktop.org 

is continuously asking for password.

ssh o/p:

debug1: expecting SSH2_MSG_KEX_DH_GEX_GROUP
debug1: SSH2_MSG_KEX_DH_GEX_INIT sent
debug1: expecting SSH2_MSG_KEX_DH_GEX_REPLY
debug1: Server host key: RSA 32:3e:0c:df:0a:c8:a6:33:72:9c:6c:ba:68:58:d2:30
debug1: Host 'people.freedesktop.org' is known and matches the RSA host key.
debug1: Found key in /home/sreerenj/.ssh/known_hosts:1
debug1: ssh_rsa_verify: signature correct
debug1: SSH2_MSG_NEWKEYS sent
debug1: expecting SSH2_MSG_NEWKEYS
debug1: SSH2_MSG_NEWKEYS received
debug1: Roaming not allowed by server
debug1: SSH2_MSG_SERVICE_REQUEST sent
debug1: SSH2_MSG_SERVICE_ACCEPT received
debug1: Authentications that can continue: publickey,keyboard-interactive
debug1: Next authentication method: publickey
debug1: Offering RSA public key: /home/sreerenj/.ssh/mykey-fdo
debug1: Authentications that can continue: publickey,keyboard-interactive
debug1: Offering RSA public key: /home/sreerenj/.ssh/id_rsa
debug1: Authentications that can continue: publickey,keyboard-interactive
debug1: Next authentication method: keyboard-interactive
Password: 


Do i need to change the gpg or rsa key ?
Comment 1 James Cloos 2012-11-10 23:27:33 UTC
I happened to be logged in when I saw this, so ...

He's in passwd («finger sree» works), but his $HOME doesn't exist:

ls: cannot access /home/sree: No such file or directory
Comment 2 sreerenj 2012-11-11 14:42:00 UTC
(In reply to comment #1)
> I happened to be logged in when I saw this, so ...
> 
> He's in passwd («finger sree» works), but his $HOME doesn't exist:
> 
> ls: cannot access /home/sree: No such file or directory


<<adduser sree>> fixed my issue...(even though my $HOME=/home/sreerenj)
Comment 3 James Cloos 2012-11-11 16:27:12 UTC
> «adduser sree» fixed my issue...(even though my $HOME=/home/sreerenj)

On annarchy, finger(1) says it is /home/sree.

FWIW.
Comment 4 Tollef Fog Heen 2012-11-27 21:37:34 UTC
Ok, as this seems fixed, I'm closing it.
Comment 5 sreerenj 2013-10-17 12:32:40 UTC
I am re-opening this bug since the issue starts to show again !

.ssh/config
 
 Host *.freedesktop.org
 User sree
 IdentityFile ~/.ssh/mykey-fdo
 
ssh -v people.freedesktop.org   

OpenSSH_6.2p2 Ubuntu-6, OpenSSL 1.0.1e 11 Feb 2013
debug1: Reading configuration data /home/sreerenj/.ssh/config
debug1: /home/sreerenj/.ssh/config line 11: Applying options for *.freedesktop.org
debug1: Reading configuration data /etc/ssh/ssh_config
debug1: /etc/ssh/ssh_config line 19: Applying options for *
debug1: Connecting to people.freedesktop.org [131.252.210.176] port 22.
debug1: Connection established.
debug1: identity file /home/sreerenj/.ssh/mykey-fdo type 1
debug1: Checking blacklist file /usr/share/ssh/blacklist.RSA-2048
debug1: Checking blacklist file /etc/ssh/blacklist.RSA-2048
debug1: identity file /home/sreerenj/.ssh/mykey-fdo-cert type -1
debug1: identity file /home/sreerenj/.ssh/id_rsa type -1
debug1: identity file /home/sreerenj/.ssh/id_rsa-cert type -1
debug1: Enabling compatibility mode for protocol 2.0
debug1: Local version string SSH-2.0-OpenSSH_6.2p2 Ubuntu-6
debug1: Remote protocol version 2.0, remote software version OpenSSH_6.0p1 Debian-4
debug1: match: OpenSSH_6.0p1 Debian-4 pat OpenSSH*
debug1: SSH2_MSG_KEXINIT sent
debug1: SSH2_MSG_KEXINIT received
debug1: kex: server->client aes128-ctr hmac-md5 none
debug1: kex: client->server aes128-ctr hmac-md5 none
debug1: sending SSH2_MSG_KEX_ECDH_INIT
debug1: expecting SSH2_MSG_KEX_ECDH_REPLY
debug1: Server host key: RSA 32:3e:0c:df:0a:c8:a6:33:72:9c:6c:ba:68:58:d2:30
debug1: Host 'people.freedesktop.org' is known and matches the RSA host key.
debug1: Found key in /home/sreerenj/.ssh/known_hosts:1
debug1: ssh_rsa_verify: signature correct
debug1: SSH2_MSG_NEWKEYS sent
debug1: expecting SSH2_MSG_NEWKEYS
debug1: SSH2_MSG_NEWKEYS received
debug1: Roaming not allowed by server
debug1: SSH2_MSG_SERVICE_REQUEST sent
debug1: SSH2_MSG_SERVICE_ACCEPT received
debug1: Authentications that can continue: publickey,keyboard-interactive
debug1: Next authentication method: publickey
debug1: Offering RSA public key: /home/sreerenj/.ssh/mykey-fdo
debug1: Authentications that can continue: publickey,keyboard-interactive
debug1: Trying private key: /home/sreerenj/.ssh/id_rsa
debug1: Next authentication method: keyboard-interactive
Password:
Comment 6 sreerenj 2013-10-28 08:33:36 UTC
Is it possible for admin people to comment on this? Do i need to update the *keys ?
Comment 7 Tollef Fog Heen 2014-05-04 06:59:36 UTC
The key on annarchy ends with "XYrqtkeR7D2h bsreerenj@gmail.com", is this the same as your mykey-fdo?
Comment 8 sreerenj 2014-05-04 09:36:21 UTC
(In reply to comment #7)
> The key on annarchy ends with "XYrqtkeR7D2h bsreerenj@gmail.com", is this
> the same as your mykey-fdo?

Hm,,it is not. 

ssh -i ~/.ssh/mykey-fdo annarchy.freedesktop.org
Received disconnect from 131.252.210.176: 2: Too many authentication failures for sree

So do i need to generate new keys? I can provide new keys if needed.
Comment 9 sreerenj 2014-05-04 09:47:05 UTC
Still I am able to clone the existing repos in ~sree. 
For eg: git clone Clone
git://people.freedesktop.org/~sree/gstreamer-vaapi-1.0
Comment 10 sreerenj 2014-05-16 09:12:39 UTC
Created attachment 99148 [details]
gpg key
Comment 11 sreerenj 2014-05-16 09:13:37 UTC
Created attachment 99149 [details]
key-fdo.pub
Comment 12 sreerenj 2014-05-16 09:15:02 UTC
I have created a new gpg key+ssh-key and both are attached here. Is it possible to update my account with these news keys?
Comment 13 sreerenj 2014-05-20 11:06:47 UTC
Since the issue is still persisting, decided to request for a new account.
https://bugs.freedesktop.org/show_bug.cgi?id=78956
Comment 14 Tollef Fog Heen 2014-05-20 21:27:16 UTC
No, you do not need to generate new keys. The attached GPG key is not your original key.

Assuming you still have your original key, you can do

cat .ssh/id_rsa.pub | gpg --clearsign | mail changes@db.freedesktop.org

and the SSH key for the account should be updated.

If you no longer have the original GPG key, please at least get some signatures on your new key.  There is nothing tying you to the account.
Comment 15 sreerenj 2014-05-21 11:13:50 UTC
Created attachment 99499 [details] [review]
gpgkey
Comment 16 sreerenj 2014-05-21 11:14:17 UTC
Created attachment 99500 [details]
gpgkey signature
Comment 17 sreerenj 2014-05-21 11:15:18 UTC
Since i don't have the older gpg key, i have created a new one and signed it.
Attached the gpgkey and signature.
Comment 18 sreerenj 2014-05-23 14:02:21 UTC
Could you please update the gpg keys which i have attached so that i can change the ssh keys as mentioned in http://www.freedesktop.org/wiki/AccountMaintenance/
Comment 19 sreerenj 2014-05-28 13:41:44 UTC
Any update?
Comment 20 sreerenj 2014-06-16 20:22:58 UTC
Created attachment 101194 [details]
gpg.key
Comment 21 sreerenj 2014-06-16 20:23:37 UTC
I have requested to change the gpg key of account here https://bugs.freedesktop.org/show_bug.cgi?id=80109.
Comment 22 Daniel Stone 2019-02-16 16:32:21 UTC
We've moved development to GitLab, so this is no longer required.


Use of freedesktop.org services, including Bugzilla, is subject to our Code of Conduct. How we collect and use information is described in our Privacy Policy.