[NTLUG:Discuss] Can't login to CVS pserver over SSH tunnel

Richard Cobbe cobbe at airmail.net
Thu Feb 7 21:38:59 CST 2002 

Lo, on Thursday, February 7, Neil Aggarwal did write:

> Richard:
> 
> I copied your code to zzh.c and compiled it to zzh.
> 
> If I use ssh to do this:
> ssh cvs at dev.jammconsulting.com
> 
> Here is what I get:
> Could not create directory '/home/Administrator/.ssh'.
> The authenticity of host 'dev.jammconsulting.com (204.130.252.205)' can't be
> established.
> RSA key fingerprint is 77:12:5a:f6:36:c3:40:e7:e8:cc:69:f4:31:7b:f9:13.
> Are you sure you want to continue connecting (yes/no)? yes
> Failed to add the host to the list of known hosts
> (/home/Administrator/.ssh/known_hosts).
> Last login: Thu Feb  7 09:08:22 2002 from pppa52-nas1rack6017.dialinx.net
> 
> So, it looks like the login is OK.

Well, modulo the directory creation errors, but those are on the client
side and really not worth stressing.  (I tend to get annoyed by such
error messages, but most people have higher tolerance for that stuff
than I do.)

> Next I created the tunnel:
> ssh cvs at dev.jammconsulting.com -L 2401:dev.jammconsulting.com:2410 open

<SNIP>

Just out of curiosity, what does the `open' do?  At least on my version
of ssh, that's unnecessary and likely wrong.
 
> And it sits there.  I assume this means that everything is OK,
> especially because I now have a zzh process on the server owned by the
> cvs account.

Yeah, that matches what I saw this morning.

> Then, I tried the cvs login command:
> cvs -d :pserver:neil at localhost:/testproject login
> (Logging in to neil at localhost)
> CVS password: [I typed the password]
> cvs [login aborted]: recv() from server localhost: Connection reset by peer
> 
> I am still getting a connection reset by peer problem.
> 
> Any other ideas?

Ok.  Looks like the port is being forwarded, but the CVS server on the
remote side isn't accepting the connection.  Several things to check; in
no particular order:

1) Make sure you're running inetd or xinetd or something like that on
   the server side.

2) ssh cvs at dev.jammconsulting.com -L 2401:dev.jammconsulting.com:2410 open
                                       ~~                          ~~
   Check the port numbers in your ssh command invocation.  In
   particular, the latter port needs to match the port number specified
   for cvs in /etc/inetd.conf (usually 2401).

3) Run `netstat -a' on the server machine---anybody listening on
   tcp/2410 or whatever?

4) On the server machine, `telnet localhost 2410' (or whatever the port
   is) and hit enter after the first connection blurb.  You should get
   something that looks like this:

        [ankh-morpork:~]$ telnet localhost 2401
        Trying 127.0.0.1...
        Connected to localhost.
        Escape character is '^]'.

        cvs [pserver aborted]: bad auth protocol start: 

        Connection closed by foreign host.

5) Establish the ssh forwarding and try `telnet localhost 2401' on the
   client, again hitting enter.  You should see the same thing.

6) Any security issues (firewalls, tcp wrappers) that could get in the
   way?

Give those a shot, and let us know how it goes.

Richard

More information about the Discuss mailing list