[NTLUG:Discuss] Can't login to CVS pserver over SSH tunnel

[MadHat]

Hey guys,
I haven't had a chance to keep up with this thread, as I have been busy
with work this past week, but is there a reason you are using port
forwarding for CVS?

I do CVS with SSH daily, and never use port forwarding, just setting a
couple of environment variables and some configs in the local rc files.


On Thu, 2002-02-07 at 21:38, Richard Cobbe wrote:
> Lo, on Thursday, February 7, Neil Aggarwal did write:
> 
> > Richard:
> > 
> > I copied your code to zzh.c and compiled it to zzh.
> > 
> > If I use ssh to do this:
> > ssh cvs at dev.jammconsulting.com
> > 
> > Here is what I get:
> > Could not create directory '/home/Administrator/.ssh'.
> > The authenticity of host 'dev.jammconsulting.com (204.130.252.205)' can't be
> > established.
> > RSA key fingerprint is 77:12:5a:f6:36:c3:40:e7:e8:cc:69:f4:31:7b:f9:13.
> > Are you sure you want to continue connecting (yes/no)? yes
> > Failed to add the host to the list of known hosts
> > (/home/Administrator/.ssh/known_hosts).
> > Last login: Thu Feb  7 09:08:22 2002 from pppa52-nas1rack6017.dialinx.net
> > 
> > So, it looks like the login is OK.
> 
> Well, modulo the directory creation errors, but those are on the client
> side and really not worth stressing.  (I tend to get annoyed by such
> error messages, but most people have higher tolerance for that stuff
> than I do.)
> 
> > Next I created the tunnel:
> > ssh cvs at dev.jammconsulting.com -L 2401:dev.jammconsulting.com:2410 open
> 
> <SNIP>
> 
> Just out of curiosity, what does the `open' do?  At least on my version
> of ssh, that's unnecessary and likely wrong.
>  
> > And it sits there.  I assume this means that everything is OK,
> > especially because I now have a zzh process on the server owned by the
> > cvs account.
> 
> Yeah, that matches what I saw this morning.
> 
> > Then, I tried the cvs login command:
> > cvs -d :pserver:neil at localhost:/testproject login
> > (Logging in to neil at localhost)
> > CVS password: [I typed the password]
> > cvs [login aborted]: recv() from server localhost: Connection reset by peer
> > 
> > I am still getting a connection reset by peer problem.
> > 
> > Any other ideas?
> 
> Ok.  Looks like the port is being forwarded, but the CVS server on the
> remote side isn't accepting the connection.  Several things to check; in
> no particular order:
> 
> 1) Make sure you're running inetd or xinetd or something like that on
>    the server side.
> 
> 2) ssh cvs at dev.jammconsulting.com -L 2401:dev.jammconsulting.com:2410 open
>                                        ~~                          ~~
>    Check the port numbers in your ssh command invocation.  In
>    particular, the latter port needs to match the port number specified
>    for cvs in /etc/inetd.conf (usually 2401).
> 
> 3) Run `netstat -a' on the server machine---anybody listening on
>    tcp/2410 or whatever?
> 
> 4) On the server machine, `telnet localhost 2410' (or whatever the port
>    is) and hit enter after the first connection blurb.  You should get
>    something that looks like this:
> 
>         [ankh-morpork:~]$ telnet localhost 2401
>         Trying 127.0.0.1...
>         Connected to localhost.
>         Escape character is '^]'.
> 
>         cvs [pserver aborted]: bad auth protocol start: 
> 
>         Connection closed by foreign host.
> 
> 5) Establish the ssh forwarding and try `telnet localhost 2401' on the
>    client, again hitting enter.  You should see the same thing.
> 
> 6) Any security issues (firewalls, tcp wrappers) that could get in the
>    way?
> 
> Give those a shot, and let us know how it goes.
> 
> Richard
> 
> _______________________________________________
> http://www.ntlug.org/mailman/listinfo/discuss
> 
-- 
MadHat at Unspecific.com
gpg --keyserver wwwkeys.us.pgp.net --recv-keys 9DDC3E98
Key fingerprint = E786 7B30 7534 DCC2 94D5  91DE E922 0B21 9DDC 3E98