Wanting to get involved, but can't clone repositories

bcbarnes · November 4, 2023, 8:42am

I am trying to clone the buildtools repository, as outlined on the “Get the Haiku Source Code …” web page, but am getting the following error:

bcbarnes-gmx@git.haiku-os.org: Permission denied (publickey)

I have uploaded my SSH key (ed25519), and the user name is what shows on the settings page of review.haiku-os.org.

Is there a step I missed about requesting access or something else?

Brian

korli · November 4, 2023, 9:11am

Looks correct. Maybe check the public key in Gerrit.

PulkoMandy · November 4, 2023, 9:15am

to debug this, try connecting using ssh:

ssh -v bcbarnes-gmx@git.haiku-os.org

With the -v flag, ssh will tell which keys it is sending, maybe you can find something relevant there (wrong path used for the key maybe?)

Look for the lines saying “Will attempt key:” and then “Offering public key:” which should send the right key, with the server reply “Server accepts key:”

bcbarnes · November 4, 2023, 12:24pm

ssh -v is getting the public key from the “known_hosts” file. This file is apparently created the first time I run the git clone command. I confirmed this by deleting the “known_hosts” file and then running the clone command again. Sure enough, “known_hosts” had been created.

The problem is that the public key put into the “known_hosts” file is different from the public key that I uploaded to the Gerrit SSH Keys Settings page.

So I guess I need to figure out where ‘git clone’ gets the key it puts into the “known_hosts” file.

Begasus · November 4, 2023, 12:26pm

From my experience working with git (haikuports) it stores the key in ~/config/settings/ssh

nephele · November 4, 2023, 12:27pm

No, known hosts is the servers key. not yours.

SSH uses this for trust on first use (TOFU)
to determine wether the host at the address is the same one it saw in the past.

bcbarnes · November 4, 2023, 2:37pm

Thanks to both of you.

I used ssh -v as suggested, and I see a number of ‘Will Attempt’ lines, but no ‘offering public key’. I’ve pasted the whole output below:

OpenSSH_8.8p1, OpenSSL 1.1.1s  1 Nov 2022
debug1: Reading configuration data /packages/openssh-8.8p1-1/.settings/ssh/ssh_config
debug1: Authenticator provider $SSH_SK_PROVIDER did not resolve; disabling
debug1: Connecting to git.haiku-os.org [206.189.242.242] port 22.
debug1: Connection established.
debug1: identity file /boot/home/config/settings/ssh/id_rsa type -1
debug1: identity file /boot/home/config/settings/ssh/id_rsa-cert type -1
debug1: identity file /boot/home/config/settings/ssh/id_dsa type -1
debug1: identity file /boot/home/config/settings/ssh/id_dsa-cert type -1
debug1: identity file /boot/home/config/settings/ssh/id_ecdsa type -1
debug1: identity file /boot/home/config/settings/ssh/id_ecdsa-cert type -1
debug1: identity file /boot/home/config/settings/ssh/id_ecdsa_sk type -1
debug1: identity file /boot/home/config/settings/ssh/id_ecdsa_sk-cert type -1
debug1: identity file /boot/home/config/settings/ssh/id_ed25519 type -1
debug1: identity file /boot/home/config/settings/ssh/id_ed25519-cert type -1
debug1: identity file /boot/home/config/settings/ssh/id_ed25519_sk type -1
debug1: identity file /boot/home/config/settings/ssh/id_ed25519_sk-cert type -1
debug1: identity file /boot/home/config/settings/ssh/id_xmss type -1
debug1: identity file /boot/home/config/settings/ssh/id_xmss-cert type -1
debug1: Local version string SSH-2.0-OpenSSH_8.8
debug1: Remote protocol version 2.0, remote software version GerritCodeReview_3.7.3 (APACHE-SSHD-2.9.2)
debug1: compat_banner: no match: GerritCodeReview_3.7.3 (APACHE-SSHD-2.9.2)
debug1: Authenticating to git.haiku-os.org:22 as 'bcbarnes-gmx'
debug1: load_hostkeys: fopen /boot/home/config/settings/ssh/known_hosts2: No such file or directory
debug1: load_hostkeys: fopen /packages/openssh-8.8p1-1/.settings/ssh/ssh_known_hosts: No such file or directory
debug1: load_hostkeys: fopen /packages/openssh-8.8p1-1/.settings/ssh/ssh_known_hosts2: No such file or directory
debug1: SSH2_MSG_KEXINIT sent
debug1: SSH2_MSG_KEXINIT received
debug1: kex: algorithm: curve25519-sha256
debug1: kex: host key algorithm: ssh-ed25519
debug1: kex: server->client cipher: chacha20-poly1305@openssh.com MAC: <implicit> compression: none
debug1: kex: client->server cipher: chacha20-poly1305@openssh.com MAC: <implicit> compression: none
debug1: expecting SSH2_MSG_KEX_ECDH_REPLY
debug1: SSH2_MSG_KEX_ECDH_REPLY received
debug1: Server host key: ssh-ed25519 SHA256:Go37CBc4QorVvZ5fVncu2J78c1ve/BGqklYwoNMa9mQ
debug1: load_hostkeys: fopen /boot/home/config/settings/ssh/known_hosts2: No such file or directory
debug1: load_hostkeys: fopen /packages/openssh-8.8p1-1/.settings/ssh/ssh_known_hosts: No such file or directory
debug1: load_hostkeys: fopen /packages/openssh-8.8p1-1/.settings/ssh/ssh_known_hosts2: No such file or directory
debug1: Host 'git.haiku-os.org' is known and matches the ED25519 host key.
debug1: Found key in /boot/home/config/settings/ssh/known_hosts:1
debug1: rekey out after 134217728 blocks
debug1: SSH2_MSG_NEWKEYS sent
debug1: expecting SSH2_MSG_NEWKEYS
debug1: SSH2_MSG_NEWKEYS received
debug1: rekey in after 134217728 blocks
debug1: Will attempt key: /boot/home/config/settings/ssh/id_rsa 
debug1: Will attempt key: /boot/home/config/settings/ssh/id_dsa 
debug1: Will attempt key: /boot/home/config/settings/ssh/id_ecdsa 
debug1: Will attempt key: /boot/home/config/settings/ssh/id_ecdsa_sk 
debug1: Will attempt key: /boot/home/config/settings/ssh/id_ed25519 
debug1: Will attempt key: /boot/home/config/settings/ssh/id_ed25519_sk 
debug1: Will attempt key: /boot/home/config/settings/ssh/id_xmss 
debug1: SSH2_MSG_EXT_INFO received
debug1: kex_input_ext_info: server-sig-algs=<ecdsa-sha2-nistp256-cert-v01@openssh.com,ecdsa-sha2-nistp384-cert-v01@openssh.com,ecdsa-sha2-nistp521-cert-v01@openssh.com,ssh-ed25519-cert-v01@openssh.com,rsa-sha2-512-cert-v01@openssh.com,rsa-sha2-256-cert-v01@openssh.com,ecdsa-sha2-nistp256,ecdsa-sha2-nistp384,ecdsa-sha2-nistp521,ssh-ed25519,sk-ecdsa-sha2-nistp256@openssh.com,sk-ssh-ed25519@openssh.com,rsa-sha2-512,rsa-sha2-256,ssh-rsa>
debug1: SSH2_MSG_SERVICE_ACCEPT received
debug1: Authentications that can continue: publickey
debug1: Next authentication method: publickey
debug1: Trying private key: /boot/home/config/settings/ssh/id_rsa
debug1: Trying private key: /boot/home/config/settings/ssh/id_dsa
debug1: Trying private key: /boot/home/config/settings/ssh/id_ecdsa
debug1: Trying private key: /boot/home/config/settings/ssh/id_ecdsa_sk
debug1: Trying private key: /boot/home/config/settings/ssh/id_ed25519
debug1: Trying private key: /boot/home/config/settings/ssh/id_ed25519_sk
debug1: Trying private key: /boot/home/config/settings/ssh/id_xmss
debug1: No more authentication methods to try.
bcbarnes-gmx@git.haiku-os.org: Permission denied (publickey).

nephele · November 4, 2023, 2:55pm

to use a key you need to add -i identityFile to the commandline, or have it configured in the ssh config, unfortunately I can’t tell if you did that since the commandline isn’t posted : )

bcbarnes · November 4, 2023, 4:48pm

nephele,

The command line I used was “ssh -v bcbarnes-gmx@git.haiku-os.org”.

madmax · November 4, 2023, 6:58pm

Those identity file ... type -1 mean there’s no corresponding public file, so there’s no public key to offer. Either use the -i option or put the public key file in ~/config/settings/ssh with its corresponding private part.

bcbarnes · November 4, 2023, 7:38pm

madmax, nephele

Moving my key files into ~/config/settings/ssh and adding the key file name to ssh_config has done the trick. I am now downloading build tools.

Thank you both, and all the others that took the time to respond to my question.

Brian