Developer Services
7 months ago
7 months ago


(Reporter: armenzg, Unassigned)





7 months ago
I set up a new laptop and I'm not sure if I did set it up correctly.
I can't push to the build repositories.

~/.ssh/config contents:
  IdentityFile /Users/armenzg/.ssh/id_rsa_mozilla_2016-04-13

armenzg@armenzg-mbp buildbotcustom$ ls -l ~/.ssh/id_rsa_mozilla_2016-04-13
-rwx------  1 armenzg  staff  3326 Apr 19 11:10 /Users/armenzg/.ssh/id_rsa_mozilla_2016-04-1

armenzg@armenzg-mbp buildbotcustom$ hg push --debug
automatically setting Bugzilla API Key auth
pushing to
sending capabilities command
query 1; heads
sending batch command
sending 191 bytes
searching for changes
all remote heads known locally
preparing listkeys for "phases"
sending listkeys command
sending 16 bytes
received listkey for "phases": 15 bytes
checking for updated bookmarks
preparing listkeys for "bookmarks"
sending listkeys command
sending 19 bytes
received listkey for "bookmarks": 0 bytes
sending branchmap command
sending branchmap command
preparing listkeys for "bookmarks"
sending listkeys command
sending 19 bytes
received listkey for "bookmarks": 0 bytes
1 changesets found
list of changesets:
bundle2-output-bundle: "HG20", 4 parts total
bundle2-output-part: "replycaps" 155 bytes payload
bundle2-output-part: "check:heads" streamed payload
bundle2-output-part: "changegroup" (params: 1 mandatory) streamed payload
bundle2-output-part: "pushkey" (params: 4 mandatory) empty payload
sending unbundle command
sending 1494 bytes
abort: authorization failed


armenzg@armenzg-mbp buildbotcustom$ hg push --traceback
pushing to
searching for changes
Traceback (most recent call last):
  File "/usr/local/Cellar/mercurial/4.1.3/lib/python2.7/site-packages/mercurial/", line 239, in _runcatchfunc
    return _dispatch(req)
  File "/usr/local/Cellar/mercurial/4.1.3/lib/python2.7/site-packages/mercurial/", line 842, in _dispatch
    cmdpats, cmdoptions)
  File "/usr/local/Cellar/mercurial/4.1.3/lib/python2.7/site-packages/mercurial/", line 594, in runcommand
    ret = _runcommand(ui, options, cmd, d)
  File "/usr/local/Cellar/mercurial/4.1.3/lib/python2.7/site-packages/mercurial/", line 223, in closure
    return func(*(args + a), **kw)
  File "/usr/local/Cellar/mercurial/4.1.3/lib/python2.7/site-packages/hgext/", line 159, in pagecmd
    return orig(ui, options, cmd, cmdfunc)
  File "/usr/local/Cellar/mercurial/4.1.3/lib/python2.7/site-packages/mercurial/", line 223, in closure
    return func(*(args + a), **kw)
  File "/usr/local/Cellar/mercurial/4.1.3/lib/python2.7/site-packages/hgext/", line 460, in colorcmd
    return orig(ui_, opts, cmd, cmdfunc)
  File "/usr/local/Cellar/mercurial/4.1.3/lib/python2.7/site-packages/mercurial/", line 850, in _runcommand
    return cmdfunc()
  File "/usr/local/Cellar/mercurial/4.1.3/lib/python2.7/site-packages/mercurial/", line 839, in <lambda>
    d = lambda: util.checksignature(func)(ui, *args, **strcmdopt)
  File "/usr/local/Cellar/mercurial/4.1.3/lib/python2.7/site-packages/mercurial/", line 1051, in check
    return func(*args, **kwargs)
  File "/usr/local/Cellar/mercurial/4.1.3/lib/python2.7/site-packages/mercurial/", line 223, in closure
    return func(*(args + a), **kw)
  File "/usr/local/Cellar/mercurial/4.1.3/lib/python2.7/site-packages/mercurial/", line 1051, in check
    return func(*args, **kwargs)
  File "/Users/armenzg/.mozbuild/version-control-tools/hgext/reviewboard/", line 178, in pushcommand
    return orig(ui, repo, *args, **kwargs)
  File "/usr/local/Cellar/mercurial/4.1.3/lib/python2.7/site-packages/mercurial/", line 1051, in check
    return func(*args, **kwargs)
  File "/usr/local/Cellar/mercurial/4.1.3/lib/python2.7/site-packages/mercurial/", line 223, in closure
    return func(*(args + a), **kw)
  File "/usr/local/Cellar/mercurial/4.1.3/lib/python2.7/site-packages/mercurial/", line 1051, in check
    return func(*args, **kwargs)
  File "/Users/armenzg/.mozbuild/version-control-tools/hgext/firefoxtree/", line 491, in pushcommand
    return orig(ui, repo, dest=dest, **opts)
  File "/usr/local/Cellar/mercurial/4.1.3/lib/python2.7/site-packages/mercurial/", line 1051, in check
    return func(*args, **kwargs)
  File "/usr/local/Cellar/mercurial/4.1.3/lib/python2.7/site-packages/mercurial/", line 5292, in push
  File "/usr/local/Cellar/mercurial/4.1.3/lib/python2.7/site-packages/mercurial/", line 223, in closure
    return func(*(args + a), **kw)
  File "/Users/armenzg/.mozbuild/version-control-tools/hgext/reviewboard/", line 197, in wrappedpush
    newbranch=newbranch, **kwargs)
  File "/usr/local/Cellar/mercurial/4.1.3/lib/python2.7/site-packages/mercurial/", line 223, in closure
    return func(*(args + a), **kw)
  File "/Users/armenzg/.mozbuild/version-control-tools/hgext/firefoxtree/", line 294, in push
  File "/usr/local/Cellar/mercurial/4.1.3/lib/python2.7/site-packages/mercurial/", line 481, in push
  File "/usr/local/Cellar/mercurial/4.1.3/lib/python2.7/site-packages/mercurial/", line 908, in _pushbundle2
    stream, ['force'], pushop.remote.url())
  File "/usr/local/Cellar/mercurial/4.1.3/lib/python2.7/site-packages/mercurial/", line 442, in unbundle
    stream = self._calltwowaystream('unbundle', cg, heads=heads)
  File "/usr/local/Cellar/mercurial/4.1.3/lib/python2.7/site-packages/mercurial/", line 339, in _calltwowaystream
    return self._callstream(cmd, data=fp_, headers=headers, **args)
  File "/usr/local/Cellar/mercurial/4.1.3/lib/python2.7/site-packages/mercurial/", line 219, in _callstream
    raise error.Abort(_('authorization failed'))
Abort: authorization failed
abort: authorization failed

Comment 1

7 months ago
Generate a new Bugzilla API key at and replace the old one in your ~/.hgrc under the [bugzilla] section.
Last Resolved: 7 months ago
Resolution: --- → INVALID

Comment 2

7 months ago
I had created a new key last week.
I've created a new one upon request and I still get the same error.

Anything else I could try?
Resolution: INVALID → ---

Comment 3

7 months ago


* ssh-add -l
  -- This will list your keys in your ssh agent, useful to make sure that your new key is indeed added.
* ssh -G
  -- This will print out the effective full configuration of your ssh command as it would attempt to connect to
* ssh [-vvv]
  -- This will attempt to connect to to test your ssh connection, the -v's add increasing amounts of debug info.

One thing that comes to mind, is if your agent has the identity but hg.m.o isn't seeing it before giving up, you can try adding to the .ssh/config  "IdentitiesOnly yes"  which makes the ssh-agent only consult identities in `IdentityFile` matches (rather than giving up after X tries)

Comment 4

7 months ago
I see both of my keys being listed (one for hg and the other one for GH)
I also added IdentitiesOnly and I get the same result.

armenzg@armenzg-mbp braindump$ ls -l ~/.ssh/id_rsa_mozilla_*
-rwx------  1 armenzg  staff  3326 Apr 19 11:10 /Users/armenzg/.ssh/id_rsa_mozilla_2016-04-13
-rw-------  1 armenzg  staff   755 Apr 19 11:10 /Users/armenzg/.ssh/
-rw-------  1 armenzg  staff  3326 Apr 19 11:10 /Users/armenzg/.ssh/id_rsa_mozilla_github_2015-10-19
-rw-------  1 armenzg  staff   748 Apr 19 11:10 /Users/armenzg/.ssh/

armenzg@armenzg-mbp braindump$ ssh -G
port 22
addressfamily any
batchmode no
canonicalizefallbacklocal yes
canonicalizehostname false
challengeresponseauthentication yes
checkhostip yes
compression no
controlmaster false
enablesshkeysign no
clearallforwardings no
exitonforwardfailure no
fingerprinthash SHA256
forwardagent no
forwardx11 no
forwardx11trusted no
gatewayports no
gssapiauthentication no
gssapidelegatecredentials no
hashknownhosts no
hostbasedauthentication no
identitiesonly yes
kbdinteractiveauthentication yes
nohostauthenticationforlocalhost no
passwordauthentication yes
permitlocalcommand no
protocol 2
proxyusefdpass no
pubkeyauthentication yes
requesttty auto
rhostsrsaauthentication no
rsaauthentication yes
streamlocalbindunlink no
stricthostkeychecking ask
tcpkeepalive yes
tunnel false
useprivilegedport no
verifyhostkeydns false
visualhostkey no
updatehostkeys false
canonicalizemaxdots 1
compressionlevel 6
connectionattempts 1
forwardx11timeout 1200
numberofpasswordprompts 3
serveralivecountmax 3
serveraliveinterval 0
kexalgorithms curve25519-sha256,,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1
loglevel INFO
xauthlocation xauth
identityfile /Users/armenzg/.ssh/id_rsa_mozilla_2016-04-13
globalknownhostsfile /etc/ssh/ssh_known_hosts /etc/ssh/ssh_known_hosts2
userknownhostsfile ~/.ssh/known_hosts ~/.ssh/known_hosts2
connecttimeout none
tunneldevice any:any
controlpersist no
escapechar ~
ipqos lowdelay throughput
rekeylimit 0 0
streamlocalbindmask 0177

armenzg@armenzg-mbp braindump$ ssh -vv
OpenSSH_7.4p1, LibreSSL 2.5.0
debug1: Reading configuration data /Users/armenzg/.ssh/config
debug1: /Users/armenzg/.ssh/config line 3: Applying options for
debug1: Reading configuration data /etc/ssh/ssh_config
debug2: resolving "" port 22
debug2: ssh_connect_direct: needpriv 0
debug1: Connecting to [] port 22.
debug1: Connection established.
debug1: identity file /Users/armenzg/.ssh/id_rsa_mozilla_2016-04-13 type 1
debug1: key_load_public: No such file or directory
debug1: identity file /Users/armenzg/.ssh/id_rsa_mozilla_2016-04-13-cert type -1
debug1: Enabling compatibility mode for protocol 2.0
debug1: Local version string SSH-2.0-OpenSSH_7.4
debug1: Remote protocol version 2.0, remote software version OpenSSH_6.6.1
debug1: match: OpenSSH_6.6.1 pat OpenSSH_6.6.1* compat 0x04000000
debug2: fd 6 setting O_NONBLOCK
debug1: Authenticating to as ''
debug1: SSH2_MSG_KEXINIT sent
debug1: SSH2_MSG_KEXINIT received
debug2: local client KEXINIT proposal
debug2: KEX algorithms: curve25519-sha256,,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c
debug2: host key algorithms:,ssh-ed25519,,,,,ecdsa-sha2-nistp256,ecdsa-sha2-nistp384,ecdsa-sha2-nistp521,rsa-sha2-512,rsa-sha2-256,ssh-rsa
debug2: ciphers ctos:,aes128-ctr,aes192-ctr,aes256-ctr,,,aes128-cbc,aes192-cbc,aes256-cbc
debug2: ciphers stoc:,aes128-ctr,aes192-ctr,aes256-ctr,,,aes128-cbc,aes192-cbc,aes256-cbc
debug2: MACs ctos:,,,,,,,hmac-sha2-256,hmac-sha2-512,hmac-sha1
debug2: MACs stoc:,,,,,,,hmac-sha2-256,hmac-sha2-512,hmac-sha1
debug2: compression ctos: none,,zlib
debug2: compression stoc: none,,zlib
debug2: languages ctos:
debug2: languages stoc:
debug2: first_kex_follows 0
debug2: reserved 0
debug2: peer server KEXINIT proposal
debug2: KEX algorithms:,ecdh-sha2-nistp521,ecdh-sha2-nistp384,ecdh-sha2-nistp256,diffie-hellman-group-exchange-sha256
debug2: host key algorithms: ssh-ed25519,ssh-rsa
debug2: ciphers ctos:,,,aes256-ctr,aes192-ctr,aes128-ctr
debug2: ciphers stoc:,,,aes256-ctr,aes192-ctr,aes128-ctr
debug2: MACs ctos:,,,hmac-sha2-512,hmac-sha2-256,,hmac-ripemd160,
debug2: MACs stoc:,,,hmac-sha2-512,hmac-sha2-256,,hmac-ripemd160,
debug2: compression ctos: none,
debug2: compression stoc: none,
debug2: languages ctos:
debug2: languages stoc:
debug2: first_kex_follows 0
debug2: reserved 0
debug1: kex: algorithm:
debug1: kex: host key algorithm: ssh-ed25519
debug1: kex: server->client cipher: MAC: <implicit> compression: none
debug1: kex: client->server cipher: MAC: <implicit> compression: none
debug1: expecting SSH2_MSG_KEX_ECDH_REPLY
debug1: Server host key: ssh-ed25519 SHA256:7MBAdqLe8+aSYkv+5/2LUUxd+WdgYcVSV+ZQVEKA7jA
debug1: Host '' is known and matches the ED25519 host key.
debug1: Found key in /Users/armenzg/.ssh/known_hosts:1
debug2: set_newkeys: mode 1
debug1: rekey after 134217728 blocks
debug1: SSH2_MSG_NEWKEYS sent
debug1: expecting SSH2_MSG_NEWKEYS
debug1: SSH2_MSG_NEWKEYS received
debug2: set_newkeys: mode 0
debug1: rekey after 134217728 blocks
debug2: key: /Users/armenzg/.ssh/id_rsa_mozilla_2016-04-13 (0x7fb345609790), explicit, agent
debug2: service_accept: ssh-userauth
debug1: SSH2_MSG_SERVICE_ACCEPT received
debug1: Authentications that can continue: publickey
debug1: Next authentication method: publickey
debug1: Offering RSA public key: /Users/armenzg/.ssh/id_rsa_mozilla_2016-04-13
debug2: we sent a publickey packet, wait for reply
debug1: Server accepts key: pkalg ssh-rsa blen 535
debug2: input_userauth_pk_ok: fp SHA256:Dj6SLoxc7J8gCP13iuAwfZIOdCdQWIqq66+YpGWnEG0
debug1: Authentication succeeded (publickey).
Authenticated to ([]:22).
debug1: channel 0: new [client-session]
debug2: channel 0: send open
debug1: Requesting
debug1: Entering interactive session.
debug1: pledge: network
debug2: callback start
debug2: fd 6 setting TCP_NODELAY
debug2: client_session2_setup: id 0
debug2: channel 0: request pty-req confirm 1
debug2: channel 0: request shell confirm 1
debug2: callback done
debug2: channel 0: open confirm rwindow 0 rmax 32768
debug2: channel_input_status_confirm: type 99 id 0
debug2: PTY allocation request accepted on channel 0
debug2: channel 0: rcvd adjust 2097152
debug2: channel_input_status_confirm: type 99 id 0
debug2: shell request accepted on channel 0
A SSH connection has been successfully established.

Your account ( has privileges to access Mercurial over

You did not specify a command to run on the server. This server only
supports running specific commands. Since there is nothing to do, you
are being disconnected.
debug1: client_input_channel_req: channel 0 rtype exit-status reply 0
debug1: client_input_channel_req: channel 0 rtype reply 0
debug2: channel 0: rcvd eow
debug2: channel 0: close_read
debug2: channel 0: input open -> closed
debug2: channel 0: rcvd eof
debug2: channel 0: output open -> drain
debug2: channel 0: obuf empty
debug2: channel 0: close_write
debug2: channel 0: output drain -> closed
debug2: channel 0: rcvd close
debug2: channel 0: almost dead
debug2: channel 0: gc: notify user
debug2: channel 0: gc: user detached
debug2: channel 0: send close
debug2: channel 0: is dead
debug2: channel 0: garbage collecting
debug1: channel 0: free: client-session, nchannels 1
Connection to closed.
Transferred: sent 3848, received 2188 bytes, in 0.3 seconds
Bytes per second: sent 14234.6, received 8093.9
debug1: Exit status 1

Comment 5

7 months ago
Looks like you're able to connect to successfully, it could be an LDAP group bit not set correctly, but I don't *think* thats the case.

I'll defer to :gps at this point.

Comment 6

7 months ago
You are trying to push to instead of ssh://

Modify your .hg/hgrc so a [paths] entry has e.g. `default:pushurl = ssh://`

Comment 7

7 months ago
Can mach mercurial-setup catch this kind of issues?

I also seen this error:
> abort: you must set mozilla.ircnick in your hgrc config file to your IRC nickname in order to perform code reviews

Comment 8

7 months ago
Or where is this documented?
You need to log in before you can comment on or make changes to this bug.