Thread: SSH connection problem (and a typo)
Hello. I'd like access git.postgresql.org via ssh protocol but I am failing so far. Following the instruction in [1], I added an SSH public key in my community account (horiguti) but the server looks like rejecting me after a night. The server seems to dislike my public key or something else. $ GIT_SSH_COMMAND="ssh -vvvv" git clone ssh://git@git.postgresql.org/postgresql.git ... debug1: Offering public key: .. ECDSA SHA256:zMOon..KQQM explicit agent debug3: send packet: type 50 debug2: we sent a publickey packet, wait for reply debug3: receive packet: type 51 ... git@git.postgresql.org: Permission denied (publickey). fatal: Could not read from remote repository. Please make sure you have the correct access rights and the repository exists. The finger print shown in the above log line is of the correct key, which is registered in my community account profile. Is there anything I can check or do to overcome this situation? [1] https://git.postgresql.org/adm/help/ By the way, there's a typo in the page [1]. > If you want to to use git regards. -- Kyotaro Horiguchi NTT Open Source Software Center
> On 27 Aug 2021, at 04:31, Kyotaro Horiguchi <horikyota.ntt@gmail.com> wrote:
> Is there anything I can check or do to overcome this situation?
I don’t think there is. Quoting Magnus from your thread on -hackers:
"ssh based access only works for repositories where you have explicit
permissions, it does not support anonymous access -- that has to be over
https (recommended) or git.
And specifically, the postgresql.git repo mirror only allows anonymous
access."
So the way I read it is that there is nothing wrong with your setup, but the
repository you are attempting to clone does not allow setting the access
control needed for it to work. postgresql.git only allows http or git, ssh
isn’t allowed as it only allows anonymous access.
--
Daniel Gustafsson https://vmware.com/
At Fri, 27 Aug 2021 09:13:29 +0200, Daniel Gustafsson <daniel@yesql.se> wrote in > > On 27 Aug 2021, at 04:31, Kyotaro Horiguchi <horikyota.ntt@gmail.com> wrote: > > > Is there anything I can check or do to overcome this situation? > > I don’t think there is. Quoting Magnus from your thread on -hackers: > > "ssh based access only works for repositories where you have explicit > permissions, it does not support anonymous access -- that has to be over > https (recommended) or git. > > And specifically, the postgresql.git repo mirror only allows anonymous > access." > > So the way I read it is that there is nothing wrong with your setup, but the > repository you are attempting to clone does not allow setting the access > control needed for it to work. postgresql.git only allows http or git, ssh > isn’t allowed as it only allows anonymous access. Ok. Thanks for clarification. I thought that ssh reading access to git.postgresql.org is allowed to all who have a community account. So if I fail to access an repository that I suppose I have an access, I understand that that means that I should ask the owner of the repository. Thank you! regards. -- Kyotaro Horiguchi NTT Open Source Software Center
> On 27 Aug 2021, at 09:37, Kyotaro Horiguchi <horikyota.ntt@gmail.com> wrote: > > At Fri, 27 Aug 2021 09:13:29 +0200, Daniel Gustafsson <daniel@yesql.se> wrote in >>> On 27 Aug 2021, at 04:31, Kyotaro Horiguchi <horikyota.ntt@gmail.com> wrote: >> >>> Is there anything I can check or do to overcome this situation? >> >> I don’t think there is. Quoting Magnus from your thread on -hackers: >> >> "ssh based access only works for repositories where you have explicit >> permissions, it does not support anonymous access -- that has to be over >> https (recommended) or git. >> >> And specifically, the postgresql.git repo mirror only allows anonymous >> access." >> >> So the way I read it is that there is nothing wrong with your setup, but the >> repository you are attempting to clone does not allow setting the access >> control needed for it to work. postgresql.git only allows http or git, ssh >> isn’t allowed as it only allows anonymous access. > > Ok. Thanks for clarification. I thought that ssh reading access to > git.postgresql.org is allowed to all who have a community account. It is, but only for repositories where you have explicitly been granted read access, it’s not on by default for all repositories. > So if I fail to access an repository that I suppose I have an access, > I understand that that means that I should ask the owner of the > repository. Correct. -- Daniel Gustafsson https://vmware.com/
On Fri, Aug 27, 2021 at 9:39 AM Daniel Gustafsson <daniel@yesql.se> wrote: > > > On 27 Aug 2021, at 09:37, Kyotaro Horiguchi <horikyota.ntt@gmail.com> wrote: > > > > At Fri, 27 Aug 2021 09:13:29 +0200, Daniel Gustafsson <daniel@yesql.se> wrote in > >>> On 27 Aug 2021, at 04:31, Kyotaro Horiguchi <horikyota.ntt@gmail.com> wrote: > >> > >>> Is there anything I can check or do to overcome this situation? > >> > >> I don’t think there is. Quoting Magnus from your thread on -hackers: > >> > >> "ssh based access only works for repositories where you have explicit > >> permissions, it does not support anonymous access -- that has to be over > >> https (recommended) or git. > >> > >> And specifically, the postgresql.git repo mirror only allows anonymous > >> access." > >> > >> So the way I read it is that there is nothing wrong with your setup, but the > >> repository you are attempting to clone does not allow setting the access > >> control needed for it to work. postgresql.git only allows http or git, ssh > >> isn’t allowed as it only allows anonymous access. > > > > Ok. Thanks for clarification. I thought that ssh reading access to > > git.postgresql.org is allowed to all who have a community account. > > It is, but only for repositories where you have explicitly been granted read > access, it’s not on by default for all repositories. > > > So if I fail to access an repository that I suppose I have an access, > > I understand that that means that I should ask the owner of the > > repository. > > Correct. This was definitely not clear in the instructions, so I've updated them with a sentence explaining this. -- Magnus Hagander Me: https://www.hagander.net/ Work: https://www.redpill-linpro.com/
> On 28 Aug 2021, at 16:51, Magnus Hagander <magnus@hagander.net> wrote: > This was definitely not clear in the instructions, so I've updated > them with a sentence explaining this. Good, that does clarify things a bit. Skimming the page I think we can also either apply the below, or remove the part entirely: -that are on pgfoundry, we strongly advise you to look at +that were on pgfoundry, we strongly advise you to look at -- Daniel Gustafsson https://vmware.com/
At Sat, 28 Aug 2021 16:51:59 +0200, Magnus Hagander <magnus@hagander.net> wrote in > > > Ok. Thanks for clarification. I thought that ssh reading access to > > > git.postgresql.org is allowed to all who have a community account. > > > > It is, but only for repositories where you have explicitly been granted read > > access, it’s not on by default for all repositories. > > > > > So if I fail to access an repository that I suppose I have an access, > > > I understand that that means that I should ask the owner of the > > > repository. > > > > Correct. > > This was definitely not clear in the instructions, so I've updated > them with a sentence explaining this. Thanks! It should be helpful for successors. regards. -- Kyotaro Horiguchi NTT Open Source Software Center
On Sat, Aug 28, 2021 at 10:03 PM Daniel Gustafsson <daniel@yesql.se> wrote: > > > On 28 Aug 2021, at 16:51, Magnus Hagander <magnus@hagander.net> wrote: > > > This was definitely not clear in the instructions, so I've updated > > them with a sentence explaining this. > > Good, that does clarify things a bit. Skimming the page I think we can also > either apply the below, or remove the part entirely: > > -that are on pgfoundry, we strongly advise you to look at > +that were on pgfoundry, we strongly advise you to look at Ah yeah, pgfoundry. I went with the "remove completely" path, I think that's cleaner. -- Magnus Hagander Me: https://www.hagander.net/ Work: https://www.redpill-linpro.com/
> On 30 Aug 2021, at 10:40, Magnus Hagander <magnus@hagander.net> wrote: > Ah yeah, pgfoundry. I went with the "remove completely" path, I think > that's cleaner. Agreed, the number of people who remember pgfoundry - and need this text - is likely to be low at this point. -- Daniel Gustafsson https://vmware.com/