[Top][All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[Savannah-cvs] administration/content/gnu-content/faq User_Acc...
From: |
Sylvain Beucler |
Subject: |
[Savannah-cvs] administration/content/gnu-content/faq User_Acc... |
Date: |
Wed, 04 May 2005 14:40:07 -0400 |
CVSROOT: /cvsroot/administration
Module name: administration
Branch:
Changes by: Sylvain Beucler <address@hidden> 05/05/04 18:40:07
Modified files:
content/gnu-content/faq:
User_Account_-_How_do_I_configure_my_SSH_access.txt
Log message:
rearranged
CVSWeb URLs:
http://savannah.gnu.org/cgi-bin/viewcvs/administration/administration/content/gnu-content/faq/User_Account_-_How_do_I_configure_my_SSH_access.txt.diff?tr1=1.1&tr2=1.2&r1=text&r2=text
Patches:
Index:
administration/content/gnu-content/faq/User_Account_-_How_do_I_configure_my_SSH_access.txt
diff -u
administration/content/gnu-content/faq/User_Account_-_How_do_I_configure_my_SSH_access.txt:1.1
administration/content/gnu-content/faq/User_Account_-_How_do_I_configure_my_SSH_access.txt:1.2
---
administration/content/gnu-content/faq/User_Account_-_How_do_I_configure_my_SSH_access.txt:1.1
Thu Apr 14 21:19:54 2005
+++
administration/content/gnu-content/faq/User_Account_-_How_do_I_configure_my_SSH_access.txt
Wed May 4 18:40:06 2005
@@ -10,31 +10,14 @@
<p>Generally, if you can't access to your CVS trees or your download
area, it means that your SSH access is not correctly configured. The
-*only* thing to do is to create a ssh-key and register it.</p>
+<i>only</i> thing to do is to create a ssh-key and register it.</p>
<p>Note that if you're not member of any project, no account will
created on the system - you will have your web account, but not system
access. A system account will be created after you become a member of
at least one project.</p>
-<p>First, you should know that here, on Savannah, we use SSH version
-2.</p>
-
-<p>It is usually not needed to precise it in the SSH client
-configuration file (<code>~/.ssh/config</code>). You can add
-
-<pre>
-Host cvs.savannah.gnu.org
- Protocol 2
-</pre>
-
-in that file when you think your SSH client will try to make a SSHv1
-connection by default (you can incidentally do that as well to avoid a
-man-in-the-middle attack that tries to move the connection from
-protocol 2 to protocol 1 during its establishment, since v1 has some
-flaws and is more easily crackable).</p>
-
-<p>After this, you must create the ssh-key. In general, it is done
+<p>First, you need to create the ssh-key. In general, this is done by
using <pre>ssh-keygen -t dsa</pre> It will ask you for a
passphrase. Only this passphrase will be accepted for CVS or scp
authentification, <b class="error">not the Savannah password</b>. The
@@ -55,14 +38,15 @@
<p>Try to download your CVS tree (take a look at your CVS project page
- or read *How do I import my project into the CVS?*)</p>
-<h3>Common troubles:</h3>
-<ul><li><p>If, when (for example) you try to write on your download
-area, it asks you for a password and not a passphrase, then means that
-your key is not recognized. It could be a matter of time (the cron
-job...) or, generally, it means that your key is not a correct SSH2
-DSA key. If you think you have done everything correctly, use the
-support manager
+<h3>Troubleshootings</h3>
+
+<ul><li><p>If, when (for example) you try to use CVS, it asks you for
+a <i>password</i> and not a <i>passphrase</i>, then means that your
+key is not recognized. It could be a matter of time (cron job) or,
+generally, it means that your key is not a correct SSH2 DSA key (the
+key registration page contains a sample key for you to compare). If
+you think you have done everything correctly, use the support manager
(https://savannah.gnu.org/support/?group=administration) or write to
address@hidden explaining your problem, providing
copy/paste from the errors messages. It would also be good to provide
@@ -76,6 +60,7 @@
</p></li>
+
<li><p>When you try to cvs, it will reports <code>the authenticity of
host subversions.gnu.org cannot be established, RSA key fingerprint is
80:5a:b0:0c:ec:93:66:29:49:7e:04:2b:fd:ba:2c:d5</code>.
@@ -83,7 +68,56 @@
Why RSA here and not DSA? This is the RSA fingerprint of the Savannah
site-wide server key. It is used to verify that the site you are
connecting to is well GNU Savannah, and not a fake website. It is
-totally different from your SSH key.</p></li></ol>
+totally different from your SSH key.</p></li>
+
+
+<li><p>When trying to connect you get <i>Protocol major versions
+differ: 1 vs. 2</i></p>
+
+<p>First, you should know that here, on Savannah, we use SSH version
+2. The error you got means that either:
+<ul><li>You are using an old implementation of SSH that does not support
protocol version 2 - you need to upgrade.</li>
+<li>OpenSSH is configured, site-wide, to use protocol version 1 only. In this
case, you need to edit <code>/etc/ssh/ssh_config</code>, and replace
+<pre>
+Protocol 1
+</pre>
+by
+<pre>
+Protocol 2,1
+</pre>
+<li>You configured SSH to use version 1 when connecting to Savannah. If you
see something like:
+<pre>
+Protocol 1
+</pre>
+or
+<pre>
+Host cvs.savannah.gnu.org
+ Protocol 1
+</pre>
+then simply remove it (or see next question).
+</li></ul>
+
+
+<li><p>It is necessary to specify <code>Protocol 2</code> in the SSH
+configuration files?</p>
+
+<p>It is usually not needed to precise it in the SSH client
+configuration files (<code>~/.ssh/config</code> and
+<code>/etc/ssh/ssh_config</code>).
+
+<p>You can however add
+
+<pre>
+Host cvs.savannah.gnu.org
+ Protocol 2
+</pre>
+
+in that file when you think your SSH client will try to make a SSHv1
+connection by default. You can incidentally do that as well to avoid a
+man-in-the-middle attack that tries to move the connection from
+protocol 2 to protocol 1 during its establishment, since v1 has some
+flaws and is more easily crackable).</p></li>
+</ol>
-<p style="font-size: smaller">Updated $Date: 2005/04/14 21:19:54 $</p>
+<p style="font-size: smaller">Updated $Date: 2005/05/04 18:40:06 $</p>
[Prev in Thread] |
Current Thread |
[Next in Thread] |
- [Savannah-cvs] administration/content/gnu-content/faq User_Acc...,
Sylvain Beucler <=