Commit Access (Level 1) for Ed Morley

VERIFIED FIXED

Status

task
VERIFIED FIXED
8 years ago
8 years ago

People

(Reporter: emorley, Assigned: ebalangue)

Tracking

Details

Attachments

(1 attachment, 1 obsolete attachment)

381 bytes, text/plain
Details
Reporter

Description

8 years ago
Posted file SSH Key (obsolete) —
Requesting level 1 for hg try server access, so I can test my patch in bug 648508 and subsequent [good first bug]s without having to bother others to push to try.

For login email, please use bmo at edmorley dot co dot uk (sorry for obfuscation, currently spam free on this domain so a little paranoid!).

SSH pub key attached.

Will email scan of committer's agreement shortly / find someone to vouch.

Thanks!
Reporter

Comment 1

8 years ago
Scanned committer's agreement emailed to Erica.

Comment 2

8 years ago
I'll vouch for him (if that's even needed! :-) )

Comment 3

8 years ago
I have received Ed's Committer's Agreement.
Reporter

Comment 4

8 years ago
Thanks Erica.

This request is ready for consideration.
Whiteboard: ssh-key,voucher,form

Comment 5

8 years ago
Should this be moved over to IT?
Reporter

Updated

8 years ago
Assignee: mozillamarcia.knous → server-ops
Assignee: server-ops → desktop-support
Component: Repository Account Requests → Server Operations: Desktop Issues
QA Contact: repo-acct-req → mrz
Assignee

Updated

8 years ago
Assignee: desktop-support → ebalangue
Assignee

Comment 6

8 years ago
We'll need to get approval from either Gavin, Marcia or Reed before proceeding
Status: NEW → ASSIGNED
Please do not move these bugs outside the Repository Account Requests component.

This is good for Level 1. ebalangue, you may proceed.
Component: Server Operations: Desktop Issues → Repository Account Requests
QA Contact: mrz → repo-acct-req
Mook: apologies for the delay here - the "Repository Access" component usually only handles new requests, and Marcia is away for a little bit, so it took a while for this to be noticed and moved over to server-ops.
Gah, sorry, that comment was on the wrong bug. Ignore!
Assignee

Updated

8 years ago
Status: ASSIGNED → RESOLVED
Closed: 8 years ago
Resolution: --- → FIXED
Assignee

Comment 10

8 years ago
Ed's ldap configurations have been created and a notification has been sent. If you have any questions or concerns, feel free to contact desktop upport
Reporter

Comment 11

8 years ago
Received the LDAP login details and I've just tried to change my temporary password, but the reset page is not accepting it. SSH hg access isn't accepting my username/priv key combo either. Do I just need to wait longer for my account change to propagate, or is there something up?

Thanks :-)

Comment 12

8 years ago
Reopening based on comment 11.
Status: RESOLVED → REOPENED
Resolution: FIXED → ---
Assignee

Comment 13

8 years ago
Ed, we've recreated your ldap and the required bits. An email notification on your account info has been sent. If you have any questions or concerns, feel free to contact desktop support.
Status: REOPENED → RESOLVED
Closed: 8 years ago8 years ago
Resolution: --- → FIXED
Reporter

Comment 14

8 years ago
I've been able to log in using the temporary LDAP user/pw and change the pw to something else; but whenever I try to connect via SSH and my private key (either using hg or Putty directly to test) I get the error:
"Disconnected: No supported authentication methods available"

I've spent an hour of trying different things and eliminating everything I can think of, but I'm now starting to think the problem isn't my end.

Are the SSH bits definitely set; and for the same login username as my LDAP?

Thanks!
Status: RESOLVED → REOPENED
Resolution: FIXED → ---
For SSH, your "username" is your full LDAP account address (bmo@edmorley.co.uk). See https://developer.mozilla.org/en/Mercurial_FAQ#Required_configuration for some configuration details (the ~/.ssh/config lines in particular).

Pastebinning output of ssh -v hg.mozilla.org could be useful.
Reporter

Comment 16

8 years ago
I'm using the full LDAP email address as username and have set it + host using .ssh/config/ in the format given in the Mercurial FAQ document.

Resultant output from ssh -v (thanks for the -v suggestion Gavin):
http://pastebin.com/hfnV5zyv

This didn't seem to shed any light, so tried -vvv:
http://pastebin.com/sNvGdfAE

Comment 17

8 years ago
Looks like your private key file is malformed.  See line 10 onwards here: http://pastebin.com/sNvGdfAE
Reporter

Comment 18

8 years ago
I thought that was expected, since it should be using v2?

ie http://groups.google.com/group/gitolite/browse_thread/thread/525468edfacd1beb ?

I've even tried creating a new private key, this time using ssh-keygen (via the MozillaBuild environment) instead of putty-gen - and it shows the same message (about v1; obviously I don't expect the new private key to actually work when it comes to authenticating, given it won't match the public key).
The SSH key was attached in SECSH form. ebalangue, did you convert it to OpenSSH form before adding it to LDAP? If that required step wasn't done, that would cause this.
Reporter

Comment 20

8 years ago
Sorry if that format wasn't the correct one; I was kind of winging it since I couldn't find a page that specified the preferred key type/format.

Would it be possible for someone to update http://www.mozilla.org/hacking/committer/ to specify:
- openSSH format is preferable
- DSA vs RSA?
- suggested key size
- perhaps suggest using MozillaBuild and ssh-keygen and give exact command line to ensure correct key output?

Thanks :-)

Comment 21

8 years ago
(In reply to comment #20)
> Sorry if that format wasn't the correct one; I was kind of winging it since I
> couldn't find a page that specified the preferred key type/format.
> 
> Would it be possible for someone to update
> http://www.mozilla.org/hacking/committer/ to specify:
> - openSSH format is preferable
> - DSA vs RSA?
> - suggested key size
> - perhaps suggest using MozillaBuild and ssh-keygen and give exact command line
> to ensure correct key output?

You should file a bug about that in Websites::www.mozilla.org.  :-)

Comment 22

8 years ago
(In reply to comment #18)
> I thought that was expected, since it should be using v2?
> 
> ie
> http://groups.google.com/group/gitolite/browse_thread/thread/525468edfacd1beb ?
> 
> I've even tried creating a new private key, this time using ssh-keygen (via the
> MozillaBuild environment) instead of putty-gen - and it shows the same message
> (about v1; obviously I don't expect the new private key to actually work when
> it comes to authenticating, given it won't match the public key).

If my memory serves, putty-gen could convert the public/private keys to the OpenSSH format (sorry I don't have a Windows machine handy, so I can't tell you how), but if that doesn't work out, I guess you can just use ssh-keygen and attach a new public key file.
(In reply to comment #22)
> If my memory serves, putty-gen could convert the public/private keys to the
> OpenSSH format (sorry I don't have a Windows machine handy, so I can't tell you
> how), but if that doesn't work out, I guess you can just use ssh-keygen and
> attach a new public key file.

No need for a new key. SECSH keys can be easily converted (by hand) into the OpenSSH format. IT already has a script for this.
Assignee

Updated

8 years ago
Whiteboard: ssh-key,voucher,form → [issues with ssh key]
Reporter

Comment 24

8 years ago
Ebalangue, do I need to do anything (CC someone/change assignee?) to ensure someone converts/checks the key per comment 19? Just wondering if you had perhaps only seen comment 17 and instead thought the ssh key was malformed, hence the new whiteboard value.

Thanks :-)
|ssh-keygen -i -f <keyfile>| will convert it into the right format, fwiw.
Reporter

Comment 26

8 years ago
Posted file SSH Key
Converted to OpenSSH format.
Ebalangue, please may you update my key.

Thanks Gavin, I didn't know that :-)
Attachment #524632 - Attachment is obsolete: true
Reporter

Updated

8 years ago
Whiteboard: [issues with ssh key]
Reporter

Comment 27

8 years ago
Is there any possibility someone could update my key before everyone goes home for the weekend? 

At present I'm having to ask for review/checkin on patches that haven't even been tested on try, which seems a little unfair on the reviewers (and also the kind people pushing to m-c for me), in case something gets missed.

It's slightly frustrating to have had absolutely everything complete for this request 7 hours after filing this bug (my original SSH key was fine, I've only converted it since in the hope it would expedite things)... but yet 14 days later still not have commit access to try.

Thanks :-)
Reporter

Updated

8 years ago
Blocks: 473687
Assignee

Comment 28

8 years ago
Ed, your SSH key has been updated. Feel free to check if you have access. Feel free to contact desktop support, for any questions or concerns.
Status: REOPENED → RESOLVED
Closed: 8 years ago8 years ago
Resolution: --- → FIXED
Reporter

Comment 29

8 years ago
Confirmed working now - thanks :-)
No longer blocks: 473687
Assignee

Updated

8 years ago
Status: RESOLVED → VERIFIED
You need to log in before you can comment on or make changes to this bug.