Hi, i get the error after copying my home folder /home/martin from a vmware with f29 to a new vmware with f30. Cloning into 'lollypop'... martin(a)pkgs.fedoraproject.org: Permission denied (publickey). fatal: Could not read from remote repository.
Please make sure you have the correct access rights and the repository exists. Could not execute clone: Failed to execute command.
What have i to do, that the fedpkg clone lollypop works again ?
There is already a discussion on: https://lists.fedoraproject.org/archives/list/devel@lists.fedoraproject.org/thread/DEL6LGB32XP7YAIPFWWZXAFXVS3HDTGN/
The only thing odd I see in logs is:
Mar 28 16:58:56 pkgs02.phx2.fedoraproject.org sshd[19122]: Read error from remote host 62.152.179.182 port 51759: Connection timed out
after you connect, your key is accepted and it's running but then it times out sending you the data. Do you have any ingress (incoming) firewall rules?
Can you do a:
GIT_SSH_COMMAND="ssh -v" fedpkg clone lollypop
and attach the full output here?
I have disabled the firewall
[martin@f30 ~]$ cat -v ~/.ssh/config Host *.fedoraproject.org User martinkg IdentityFile ~/.ssh/id_rsa.pub ServerAliveInterval 30 ServerAliveCountMax 5 PubkeyAcceptedKeyTypes rsa-sha2-256,rsa-sha2-512 TCPKeepAlive yes
[martin@f30 fedora-scm]$ GIT_SSH_COMMAND="ssh -v" fedpkg clone lollypop Cloning into 'lollypop'... OpenSSH_7.9p1, OpenSSL 1.1.1b FIPS 26 Feb 2019 debug1: Reading configuration data /home/martin/.ssh/config debug1: /home/martin/.ssh/config line 1: Applying options for .fedoraproject.org debug1: Reading configuration data /etc/ssh/ssh_config debug1: Reading configuration data /etc/ssh/ssh_config.d/05-redhat.conf debug1: Reading configuration data /etc/crypto-policies/back-ends/openssh.config debug1: configuration requests final Match pass debug1: re-parsing configuration debug1: Reading configuration data /home/martin/.ssh/config debug1: /home/martin/.ssh/config line 1: Applying options for .fedoraproject.org debug1: Reading configuration data /etc/ssh/ssh_config debug1: Reading configuration data /etc/ssh/ssh_config.d/05-redhat.conf debug1: Reading configuration data /etc/crypto-policies/back-ends/openssh.config debug1: Connecting to pkgs.fedoraproject.org [209.132.181.4] port 22. debug1: Connection established. debug1: identity file /home/martin/.ssh/id_rsa.pub type 0 debug1: identity file /home/martin/.ssh/id_rsa.pub-cert type -1 debug1: Local version string SSH-2.0-OpenSSH_7.9 debug1: Remote protocol version 2.0, remote software version OpenSSH_7.4 debug1: match: OpenSSH_7.4 pat OpenSSH_7.0,OpenSSH_7.1,OpenSSH_7.2,OpenSSH_7.3,OpenSSH_7.4,OpenSSH_7.5,OpenSSH_7.6,OpenSSH_7.7 compat 0x04000002 debug1: Authenticating to pkgs.fedoraproject.org:22 as 'martinkg' debug1: SSH2_MSG_KEXINIT sent debug1: SSH2_MSG_KEXINIT received debug1: kex: algorithm: curve25519-sha256@libssh.org debug1: kex: host key algorithm: ssh-rsa-cert-v01@openssh.com debug1: kex: server->client cipher: aes256-gcm@openssh.com MAC: <implicit> compression: none debug1: kex: client->server cipher: aes256-gcm@openssh.com MAC: <implicit> compression: none debug1: kex: curve25519-sha256@libssh.org need=32 dh_need=32 debug1: kex: curve25519-sha256@libssh.org need=32 dh_need=32 debug1: expecting SSH2_MSG_KEX_ECDH_REPLY debug1: Server host certificate: ssh-rsa-cert-v01@openssh.com SHA256:Q12OTyTeOHWlS54dTzy2BNu7wB8UKNf18+7WHIDsORc, serial 1534273416 ID "pkgs02.phx2.fedoraproject.org" CA ssh-rsa SHA256:IPuhCSNXqj4m2eq6UKYE1jHFglLgLCbBzINft+OxUMA valid from 2018-08-14T20:03:36 to 2019-08-13T21:03:36 debug1: No matching CA found. Retry with plain key debug1: Host 'pkgs.fedoraproject.org' is known and matches the RSA host key. debug1: Found key in /home/martin/.ssh/known_hosts:3 debug1: rekey after 4294967296 blocks debug1: SSH2_MSG_NEWKEYS sent debug1: expecting SSH2_MSG_NEWKEYS debug1: SSH2_MSG_NEWKEYS received debug1: rekey after 4294967296 blocks debug1: Will attempt key: /home/martin/.ssh/id_rsa.pub RSA SHA256:bHNp1Vhqsa4aRUMuVsXdBIALgvNzDzAriQKRvNxpQos explicit agent debug1: SSH2_MSG_EXT_INFO received debug1: kex_input_ext_info: server-sig-algs=<rsa-sha2-256,rsa-sha2-512> debug1: SSH2_MSG_SERVICE_ACCEPT received debug1: Authentications that can continue: publickey debug1: Next authentication method: publickey debug1: Offering public key: /home/martin/.ssh/id_rsa.pub RSA SHA256:bHNp1Vhqsa4aRUMuVsXdBIALgvNzDzAriQKRvNxpQos explicit agent debug1: Server accepts key: /home/martin/.ssh/id_rsa.pub RSA SHA256:bHNp1Vhqsa4aRUMuVsXdBIALgvNzDzAriQKRvNxpQos explicit agent debug1: Authentication succeeded (publickey). Authenticated to pkgs.fedoraproject.org ([209.132.181.4]:22). debug1: channel 0: new [client-session] debug1: Requesting no-more-sessions@openssh.com debug1: Entering interactive session. debug1: pledge: network debug1: client_input_global_request: rtype hostkeys-00@openssh.com want_reply 0 debug1: Remote: Forced command. debug1: Remote: Port forwarding disabled. debug1: Remote: X11 forwarding disabled. debug1: Remote: Agent forwarding disabled. debug1: Remote: PTY allocation disabled. debug1: Remote: Forced command. debug1: Remote: Port forwarding disabled. debug1: Remote: X11 forwarding disabled. debug1: Remote: Agent forwarding disabled. debug1: Remote: PTY allocation disabled. debug1: Sending environment. debug1: Sending env XMODIFIERS = @im=ibus debug1: Sending env LANG = C debug1: Sending env LC_CTYPE = C.UTF-8 debug1: Sending command: git-upload-pack '/rpms/lollypop' packet_write_wait: Connection to 209.132.181.4 port 22: Broken pipe fatal: Could not read from remote repository.
Please try:
GIT_SSH_COMMAND="ssh -o IPQoS=af21" fedpkg clone lollypop
Does that work?
[martin@f30 ~]$ GIT_SSH_COMMAND="ssh -o IPQoS=af21" fedpkg clone lollypop Cloning into 'lollypop'... packet_write_wait: Connection to 209.132.181.4 port 22: Broken pipe fatal: Could not read from remote repository.
ok, does:
fedpkg clone -a lollypop
work?
with the anonymously flag it works:
[martin@f30 ~]$ fedpkg clone -a lollypop; Cloning into 'lollypop'... remote: Counting objects: 593, done. remote: Compressing objects: 100% (592/592), done. remote: Total 593 (delta 248), reused 2 (delta 0) Receiving objects: 100% (593/593), 90.59 KiB | 234.00 KiB/s, done. Resolving deltas: 100% (248/248), done.
but fedpkg new-sources fails
[martin@f30 lollypop]$ fedpkg new-sources lollypop-1.0.3.tar.xz Could not execute new_sources: Request is unauthorized.
Does 'klist -A' show you have a valid FEDORAPROJECT.ORG kerberos ticket? if not, do a 'kinit martinkg@FEDORAPROJECT.ORG' and retry?
[martin@f30 SPECS]$ klist -A Ticket cache: KCM:1000 Default principal: martinkg@FEDORAPROJECT.ORG
Valid starting Expires Service principal 03/30/19 19:33:57 03/31/19 20:33:41 krbtgt/FEDORAPROJECT.ORG@FEDORAPROJECT.ORG renew until 04/06/19 20:33:41 03/30/19 19:34:24 03/31/19 20:33:41 HTTP/src.fedoraproject.org@FEDORAPROJECT.ORG renew until 04/06/19 20:33:41
with 'kinit martinkg@FEDORAPROJECT.ORG' i can run 'fedpkg new-sources' successfully.
but why runs clone only anonymously ?
Well, my theory was that it was this bug in vmware:
https://forums.gentoo.org/viewtopic-t-1082598-postdays-0-postorder-asc-start-25.html?sid=d946e18195a3a214aba15d24d742b596
https://communities.vmware.com/message/2778248
But the ssh command should have worked around that, so I am not sure what the problem is. You are connecting and your key is accepted, but then when you try and transfer data it resets on you.
You should be able to use https / -a clones to work around this. I am not sure what else to do to debug it. Can you test a non vmware instance? Are there any network settings in vmware you could try changing?
Thanks Kevin for your help :-) I will try i later w/o vmware.
I'm going to go ahead and close this, since I don't think there's much we can do from our side...
if you do find something we need to adjust or hit some additional problem, please feel free to re-open or file a new ticket.
Thanks and sorry it's been such a pain.
Metadata Update from @kevin: - Issue close_status updated to: Will Not/Can Not fix - Issue status updated to: Closed (was: Open)
Login to comment on this ticket.