We're working on mirroring the add-on SDK repo in github to mercurial and we have an automated tools set up that will push changes from github into the mercurial repositories at http://hg.mozilla.org/projects/addon-sdk, http://hg.mozilla.org/projects/addon-sdk-beta and http://hg.mozilla.org/projects/addon-sdk-release. For testing we've just been using a user's ldap account but now we'd like to get a custom ldap account set up for this. It's private key would live on a machine hosted by IT (see bug 753527). We only care about writing to those three repositories. How do we go about getting this created?
Dave: We have done this before for releng but I cannot find the bug currently. In the meantime perhaps Reed can chime in with some suggestions.
Bug 658673 has a similar request from the releng side - so I think we pretty much would have to mirror what they have done in that bug. So we would need a user name, which repos to access, SSH key, etc.
Created attachment 652486 [details] Public key So the username I guess "addonsdk", the repos to access: addon-sdk addon-sdk-beta addon-sdk-jetperf-tests addon-sdk-release Attached is a new public key.
Over to server-ops to create this account. I assume server-ops can give Dave the LDAP password once these have been created for user addonsdk.
Assignee: mozillamarcia.knous → server-ops
The LDAP password shouldn't be needed if they're just going to use SSH auth to push.
User has been created. Let me know if access doesn't work.
Getting access denied running "ssh -v email@example.com whoami": OpenSSH_4.6p1, OpenSSL 0.9.8e 23 Feb 2007 debug1: Reading configuration data /c/Users/Dave Townsend/.ssh/config debug1: Applying options for hg.mozilla.org debug1: Reading configuration data /etc/ssh/ssh_config debug1: Connecting to hg.mozilla.org [184.108.40.206] port 22. debug1: Connection established. debug1: identity file /c/Users/Dave Townsend/.ssh/identity type -1 debug1: identity file /c/Users/Dave Townsend/.ssh/id_rsa type -1 debug1: identity file /c/Users/Dave Townsend/.ssh/id_dsa type -1 debug1: Remote protocol version 2.0, remote software version OpenSSH_5.4 debug1: match: OpenSSH_5.4 pat OpenSSH* debug1: Enabling compatibility mode for protocol 2.0 debug1: Local version string SSH-2.0-OpenSSH_4.6 debug1: SSH2_MSG_KEXINIT sent debug1: SSH2_MSG_KEXINIT received debug1: kex: server->client aes128-cbc hmac-md5 none debug1: kex: client->server aes128-cbc hmac-md5 none debug1: SSH2_MSG_KEX_DH_GEX_REQUEST(1024<1024<8192) sent debug1: expecting SSH2_MSG_KEX_DH_GEX_GROUP debug1: SSH2_MSG_KEX_DH_GEX_INIT sent debug1: expecting SSH2_MSG_KEX_DH_GEX_REPLY debug1: Host 'hg.mozilla.org' is known and matches the RSA host key. debug1: Found key in /c/Users/Dave Townsend/.ssh/known_hosts:10 debug1: ssh_rsa_verify: signature correct debug1: SSH2_MSG_NEWKEYS sent debug1: expecting SSH2_MSG_NEWKEYS debug1: SSH2_MSG_NEWKEYS received debug1: SSH2_MSG_SERVICE_REQUEST sent debug1: SSH2_MSG_SERVICE_ACCEPT received debug1: Authentications that can continue: publickey,keyboard-interactive debug1: Next authentication method: publickey debug1: Offering public key: /c/Users/Dave Townsend/.ssh/id_dsa debug1: Authentications that can continue: publickey,keyboard-interactive debug1: Trying private key: /c/Users/Dave Townsend/.ssh/identity debug1: Trying private key: /c/Users/Dave Townsend/.ssh/id_rsa debug1: Trying private key: /c/Users/Dave Townsend/.ssh/id_dsa debug1: read PEM private key done: type DSA debug1: Authentications that can continue: publickey,keyboard-interactive debug1: Next authentication method: keyboard-interactive debug1: Authentications that can continue: publickey,keyboard-interactive debug1: No more authentication methods to try. Permission denied (publickey,keyboard-interactive).
Sorry Dave. I've reset :addonsdk's permissions. Within about 20 minutes, if this doesn't start working for you, please let me know.
(In reply to Michael Burns [:mburns] from comment #9) > Sorry Dave. > > I've reset :addonsdk's permissions. Within about 20 minutes, if this doesn't > start working for you, please let me know. Still getting the same result
Bumping the priority here as we've been waiting for basically a month here
Severity: normal → critical
What is the ETA on getting a response here? Last I heard from Michael was 11 days ago via email where he said that he was getting help from someone else with more experience with our repo setup.
Dave, tried getting in touch with you on IRC, no response. I'd like you to try this simple change : ssh -v firstname.lastname@example.org@hg.mozilla.org With the correct SSH keys and let me know if that doesn't work. Thanks!
Should be good to go. The account was created incorrectly and I had to fiddle with LDAP to make sure it was good to go. I blew away the old one and re-did the account. Dave says he can now auth successfully. I've given the account scm_level_2 which should be sufficient to commit to the repos mentioned in comment #3.
Status: NEW → RESOLVED
Last Resolved: 6 years ago
Resolution: --- → FIXED
You need to log in before you can comment on or make changes to this bug.