I just updated my proxmox server based on wheezy 7.1. to the latest version (3.1). It acts as a central mercurial repository that is accessed via ssh as well. It seems like I am unable to use ssh-hg since then.
The repository is hosted at /home/hg, access is restricted to the repository by a command prefix in ~/.ssh/authorized_keys: command="hg-ssh /home/hg/*" ssh-rsa AAAAB3NzaC1yc2EAXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX..."
My mercurial.ini:
[ui]
username = hg <[email protected]>
ssh = C:\PROGRA~1\TORTOI~1\TORTOI~2.EXE -ssh -2 -i C:\pathToHGCert\cert.ppk
This is what I get now on the server /var/log/auth.log when I try a pull from Mercurial Eclipse or TortoiseHG:
sshd[305458]: debug1: Forked child 305486.
sshd[305486]: Set /proc/self/oom_score_adj to 0
sshd[305486]: debug1: rexec start in 5 out 5 newsock 5 pipe 7 sock 8
sshd[305486]: debug1: inetd sockets after dupping: 3, 3
sshd[305486]: Connection from xx.xx.xx.xx port 51306
sshd[305486]: debug1: Client protocol version 2.0; client software version PuTTY_Local:_Feb__4_2012_13:00:34
sshd[305486]: debug1: no match: PuTTY_Local:_Feb__4_2012_13:00:34
sshd[305486]: debug1: Enabling compatibility mode for protocol 2.0
sshd[305486]: debug1: Local version string SSH-2.0-OpenSSH_6.0p1 Debian-4
sshd[305486]: debug1: permanently_set_uid: 103/65534 [preauth]
sshd[305486]: debug1: list_hostkey_types: ssh-rsa,ssh-dss [preauth]
sshd[305486]: debug1: SSH2_MSG_KEXINIT sent [preauth]
sshd[305486]: debug1: SSH2_MSG_KEXINIT received [preauth]
sshd[305486]: debug1: kex: client->server aes256-ctr hmac-sha1 none [preauth]
sshd[305486]: debug1: kex: server->client aes256-ctr hmac-sha1 none [preauth]
sshd[305486]: debug1: SSH2_MSG_KEX_DH_GEX_REQUEST_OLD received [preauth]
sshd[305486]: debug1: SSH2_MSG_KEX_DH_GEX_GROUP sent [preauth]
sshd[305486]: debug1: expecting SSH2_MSG_KEX_DH_GEX_INIT [preauth]
sshd[305486]: debug1: SSH2_MSG_KEX_DH_GEX_REPLY sent [preauth]
sshd[305486]: debug1: SSH2_MSG_NEWKEYS sent [preauth]
sshd[305486]: debug1: expecting SSH2_MSG_NEWKEYS [preauth]
sshd[305486]: debug1: SSH2_MSG_NEWKEYS received [preauth]
sshd[305486]: debug1: KEX done [preauth]
sshd[305486]: debug1: userauth-request for user hg service ssh-connection method none [preauth]
sshd[305486]: debug1: attempt 0 failures 0 [preauth]
sshd[305486]: debug1: PAM: initializing for "hg"
sshd[305486]: debug1: PAM: setting PAM_RHOST to "myProviderHostName"
sshd[305486]: debug1: PAM: setting PAM_TTY to "ssh"
sshd[305486]: debug1: userauth-request for user hg service ssh-connection method publickey [preauth]
sshd[305486]: debug1: attempt 1 failures 0 [preauth]
sshd[305486]: debug1: test whether pkalg/pkblob are acceptable [preauth]
sshd[305486]: debug1: Checking blacklist file /usr/share/ssh/blacklist.RSA-2048
sshd[305486]: debug1: Checking blacklist file /etc/ssh/blacklist.RSA-2048
sshd[305486]: debug1: temporarily_use_uid: 1002/1002 (e=0/0)
sshd[305486]: debug1: trying public key file /home/hg/.ssh/authorized_keys
sshd[305486]: debug1: fd 4 clearing O_NONBLOCK
sshd[305486]: debug1: matching key found: file /home/hg/.ssh/authorized_keys, line 2
sshd[305486]: Found matching RSA key: xx:xx:xx:xx:xx:xx:xx:xx:xx:xx:xx:xx:xx:xx:xx:xx
sshd[305486]: debug1: restore_uid: 0/0
sshd[305486]: Postponed publickey for hg from xx.xx.xx.xx port 51306 ssh2 [preauth]
sshd[305486]: debug1: userauth-request for user hg service ssh-connection method publickey [preauth]
sshd[305486]: debug1: attempt 2 failures 0 [preauth]
sshd[305486]: debug1: Checking blacklist file /usr/share/ssh/blacklist.RSA-2048
sshd[305486]: debug1: Checking blacklist file /etc/ssh/blacklist.RSA-2048
sshd[305486]: debug1: temporarily_use_uid: 1002/1002 (e=0/0)
sshd[305486]: debug1: trying public key file /home/hg/.ssh/authorized_keys
sshd[305486]: debug1: fd 4 clearing O_NONBLOCK
sshd[305486]: debug1: matching key found: file /home/hg/.ssh/authorized_keys, line 2
sshd[305486]: Found matching RSA key: xx:xx:xx:xx:xx:xx:xx:xx:xx:xx:xx:xx:xx:xx:xx:xx
sshd[305486]: debug1: restore_uid: 0/0
sshd[305486]: debug1: ssh_rsa_verify: signature correct
sshd[305486]: debug1: do_pam_account: called
sshd[305486]: Accepted publickey for hg from xx.xx.xx.xx port 51306 ssh2
sshd[305486]: debug1: monitor_read_log: child log fd closed
sshd[305486]: debug1: monitor_child_preauth: hg has been authenticated by privileged process
sshd[305486]: debug1: PAM: establishing credentials
sshd[305486]: pam_unix(sshd:session): session opened for user hg by (uid=0)
sshd[305486]: User child is on pid 305509
sshd[305509]: debug1: SELinux support disabled
sshd[305509]: debug1: PAM: establishing credentials
sshd[305509]: debug1: permanently_set_uid: 1002/1002
sshd[305509]: debug1: Entering interactive session for SSH2.
sshd[305509]: debug1: server_init_dispatch_20
sshd[305509]: debug1: server_input_channel_open: ctype session rchan 256 win 16384 max 16384
sshd[305509]: debug1: input_session_request
sshd[305509]: debug1: channel 0: new [server-session]
sshd[305509]: debug1: session_new: session 0
sshd[305509]: debug1: session_open: channel 0
sshd[305509]: debug1: session_open: session 0: link with channel 0
sshd[305509]: debug1: server_input_channel_open: confirm session
sshd[305246]: debug1: server_input_channel_req: channel 0 request [email protected] reply 1
sshd[305246]: debug1: session_by_channel: session 0 channel 0
sshd[305246]: debug1: session_input_channel_req: session 0 req [email protected]
sshd[305509]: debug1: server_input_channel_req: channel 0 request exec reply 1
sshd[305509]: debug1: session_by_channel: session 0 channel 0
sshd[305509]: debug1: session_input_channel_req: session 0 req exec
sshd[305509]: debug1: Forced command (key option) 'hg-ssh /home/hg/*'
sshd[305509]: debug1: Received SIGCHLD.
sshd[305509]: debug1: session_by_pid: pid 305510
sshd[305509]: debug1: session_exit_message: session 0 channel 0 pid 305510
sshd[305509]: debug1: session_exit_message: release channel 0
sshd[305509]: debug1: session_by_channel: session 0 channel 0
sshd[305509]: debug1: session_close_by_channel: channel 0 child 0
sshd[305509]: debug1: session_close: session 0 pid 0
sshd[305509]: debug1: channel 0: free: server-session, nchannels 1
sshd[305509]: Connection closed by xx.xx.xx.xx
sshd[305509]: debug1: do_cleanup
sshd[305509]: Transferred: sent 3304, received 2512 bytes
sshd[305509]: Closing connection to xx.xx.xx.xx port 51306
sshd[305486]: debug1: PAM: cleanup
sshd[305486]: debug1: PAM: closing session
sshd[305486]: pam_unix(sshd:session): session closed for user hg
sshd[305486]: debug1: PAM: deleting credentials
Interestingly, I can login to the server with the same certficate using an unrestricted authorized_keys and Putty just fine.
Putty Version 0.62/0.63
TortoisePlink 0.61.0.9078 (ships with TortoiseHg 2.9, TortoiseHg 2.8.2, and probably before)
May it be that Wheezy introduced some changes that Putty can cope with whereas the out-dated TortoisePlink cannot?