Re: Access to Porter machines as Debian Maintainer?

To: debian-mentors@lists.debian.org
Subject: Re: Access to Porter machines as Debian Maintainer?
From: Hilmar Preuße <hille42@web.de>
Date: Fri, 26 Apr 2019 10:05:33 +0200
Message-id: <[🔎] fdddffbc-334c-945f-2973-d02749eca293@web.de>
In-reply-to: <[🔎] CAHKYmeumFy7ACQ+k6dggmKs7EMNFdgH_VJFk7yDAF4o7QPP+Gw@mail.gmail.com>
References: <[🔎] ad24c11a-248f-60a9-ef08-1cfcbb62a3ad@web.de> <[🔎] CAKTje6GOvqkNBQ1s3EJ_FNHAztj=3Q1R8W-+Twv3ejqPQipX9A@mail.gmail.com> <[🔎] CAHKYmeumFy7ACQ+k6dggmKs7EMNFdgH_VJFk7yDAF4o7QPP+Gw@mail.gmail.com>

On 26.04.19 06:13, Mattia Rizzolo wrote:
> On Fri, 26 Apr 2019, 4:48 am Paul Wise, <pabs@debian.org> wrote:
>> On Thu, Apr 25, 2019 at 6:11 PM Hilmar Preuße wrote:

Hi Paul, hi Mattia,

>>> Unfortunately, that does not work. Because I suspect rather an
>>> organizational, than a technical problem suspect, I don't post extensive
>>> logs. What am I missing? Do I need to be DD to login into porter boxes
>>> or should it be possible as DM too?
>>
>> Debian guest accounts are only allowed to access particular machines
>> but according to your account information in LDAP, you don't appear to
>> be allowed to access any Debian hosts. It looks like whoever did the
>> LDAP update forgot to add which machines you are allowed to access or
>> something. Please contact the person who requested you get a guest
>> account so they can follow up on the request ticket.
> 
> The problem here is that guest accounts need to be approved for each host,
> and the approval has an expiration (iirc it lasts 3 months by default).
> Now, your account was created on 2011 if memory serves right, and it
> expired right after, and this year we just updated the attached got key
> while you became a DM.
> 
> So at this point you'd need to ask access to the single hosts you need;
> being a DM is just a trivial matter that doesn't need approval, afaik DSA
> just adds the bits, but will still expire at some point.
> 
OK, many thanks for explanation!

So the advantage over being a Debian Contributor is that I don't need an
advocate for each host access, but still need to request access to each
box, right? Whom to I ask: simply send a mail to
debian-admin@lists.debian.org containing a list of hosts I need access to?

Regarding the mails from Geert:

What is the guest account name that is being used?
-> I tested hille42 (my login on Debian LDAP) and hilmar-guest (was my
Login on alioth and is on salsa).

What is the exact ssh command that is being used?
What is the error message?

-> Output of ssh -vvv user@host is attached.

On how many SSH servers does the same ssh-key work?

-> Currently I tested abel & plummer, both did not work.

Thanks,
  Hilmar
-- 
sigfault
#206401 http://counter.li.org

hille@sid:~ $ ssh -vvv hille42@abel.debian.org
OpenSSH_7.9p1 Debian-10, OpenSSL 1.1.1b  26 Feb 2019
debug1: Reading configuration data /etc/ssh/ssh_config
debug1: /etc/ssh/ssh_config line 19: Applying options for *
debug2: resolving "abel.debian.org" port 22
debug2: ssh_connect_direct
debug1: Connecting to abel.debian.org [217.140.96.56] port 22.
debug1: Connection established.
debug1: identity file /home/hille/.ssh/id_rsa type 0
debug1: identity file /home/hille/.ssh/id_rsa-cert type -1
debug1: identity file /home/hille/.ssh/id_dsa type 1
debug1: identity file /home/hille/.ssh/id_dsa-cert type -1
debug1: identity file /home/hille/.ssh/id_ecdsa type -1
debug1: identity file /home/hille/.ssh/id_ecdsa-cert type -1
debug1: identity file /home/hille/.ssh/id_ed25519 type 3
debug1: identity file /home/hille/.ssh/id_ed25519-cert type -1
debug1: identity file /home/hille/.ssh/id_xmss type -1
debug1: identity file /home/hille/.ssh/id_xmss-cert type -1
debug1: Local version string SSH-2.0-OpenSSH_7.9p1 Debian-10
debug1: Remote protocol version 2.0, remote software version OpenSSH_7.4p1 Debian-10+deb9u6
debug1: match: OpenSSH_7.4p1 Debian-10+deb9u6 pat OpenSSH_7.0*,OpenSSH_7.1*,OpenSSH_7.2*,OpenSSH_7.3*,OpenSSH_7.4*,OpenSSH_7.5*,OpenSSH_7.6*,OpenSSH_7.7* compat 0x04000002
debug2: fd 3 setting O_NONBLOCK
debug1: Authenticating to abel.debian.org:22 as 'hille42'
debug3: hostkeys_foreach: reading file "/home/hille/.ssh/known_hosts"
debug3: record_hostkey: found key type ED25519 in file /home/hille/.ssh/known_hosts:64
debug3: load_hostkeys: loaded 1 keys from abel.debian.org
debug3: order_hostkeyalgs: prefer hostkeyalgs: ssh-ed25519-cert-v01@openssh.com,ssh-ed25519
debug3: send packet: type 20
debug1: SSH2_MSG_KEXINIT sent
debug3: receive packet: type 20
debug1: SSH2_MSG_KEXINIT received
debug2: local client KEXINIT proposal
debug2: KEX algorithms: curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c
debug2: host key algorithms: ssh-ed25519-cert-v01@openssh.com,ssh-ed25519,ecdsa-sha2-nistp256-cert-v01@openssh.com,ecdsa-sha2-nistp384-cert-v01@openssh.com,ecdsa-sha2-nistp521-cert-v01@openssh.com,rsa-sha2-512-cert-v01@openssh.com,rsa-sha2-256-cert-v01@openssh.com,ssh-rsa-cert-v01@openssh.com,ecdsa-sha2-nistp256,ecdsa-sha2-nistp384,ecdsa-sha2-nistp521,rsa-sha2-512,rsa-sha2-256,ssh-rsa
debug2: ciphers ctos: chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com
debug2: ciphers stoc: chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com
debug2: MACs ctos: umac-64-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha1-etm@openssh.com,umac-64@openssh.com,umac-128@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1
debug2: MACs stoc: umac-64-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha1-etm@openssh.com,umac-64@openssh.com,umac-128@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1
debug2: compression ctos: none,zlib@openssh.com,zlib
debug2: compression stoc: none,zlib@openssh.com,zlib
debug2: languages ctos: 
debug2: languages stoc: 
debug2: first_kex_follows 0 
debug2: reserved 0 
debug2: peer server KEXINIT proposal
debug2: KEX algorithms: curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1
debug2: host key algorithms: ssh-rsa,rsa-sha2-512,rsa-sha2-256,ssh-ed25519
debug2: ciphers ctos: chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com
debug2: ciphers stoc: chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com
debug2: MACs ctos: umac-64-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha1-etm@openssh.com,umac-64@openssh.com,umac-128@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1
debug2: MACs stoc: umac-64-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha1-etm@openssh.com,umac-64@openssh.com,umac-128@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1
debug2: compression ctos: none,zlib@openssh.com
debug2: compression stoc: none,zlib@openssh.com
debug2: languages ctos: 
debug2: languages stoc: 
debug2: first_kex_follows 0 
debug2: reserved 0 
debug1: kex: algorithm: curve25519-sha256
debug1: kex: host key algorithm: ssh-ed25519
debug1: kex: server->client cipher: chacha20-poly1305@openssh.com MAC: <implicit> compression: none
debug1: kex: client->server cipher: chacha20-poly1305@openssh.com MAC: <implicit> compression: none
debug3: send packet: type 30
debug1: expecting SSH2_MSG_KEX_ECDH_REPLY
debug3: receive packet: type 31
debug1: Server host key: ssh-ed25519 SHA256:1ojC0ehdNMu3GPDUBykHgBtnSgV1f7GmkZTLh5xp++s
debug3: hostkeys_foreach: reading file "/home/hille/.ssh/known_hosts"
debug3: record_hostkey: found key type ED25519 in file /home/hille/.ssh/known_hosts:64
debug3: load_hostkeys: loaded 1 keys from abel.debian.org
debug3: hostkeys_foreach: reading file "/home/hille/.ssh/known_hosts"
debug3: record_hostkey: found key type ED25519 in file /home/hille/.ssh/known_hosts:65
debug3: load_hostkeys: loaded 1 keys from 217.140.96.56
debug1: Host 'abel.debian.org' is known and matches the ED25519 host key.
debug1: Found key in /home/hille/.ssh/known_hosts:64
debug3: send packet: type 21
debug2: set_newkeys: mode 1
debug1: rekey after 134217728 blocks
debug1: SSH2_MSG_NEWKEYS sent
debug1: expecting SSH2_MSG_NEWKEYS
debug3: receive packet: type 21
debug1: SSH2_MSG_NEWKEYS received
debug2: set_newkeys: mode 0
debug1: rekey after 134217728 blocks
debug1: Skipping ssh-dss key /home/hille/.ssh/id_dsa - not in PubkeyAcceptedKeyTypes
debug1: Will attempt key: /home/hille/.ssh/id_rsa RSA SHA256:x21n/NL3d68wg+4uyMxZmyz0YpbdUQHsG0o4Se4Iw5I
debug1: Will attempt key: /home/hille/.ssh/id_ecdsa 
debug1: Will attempt key: /home/hille/.ssh/id_ed25519 ED25519 SHA256:vG5XjmnxWKuGuJf0fzrvkCAoQXhunp5RD1cGJN6Luig
debug1: Will attempt key: /home/hille/.ssh/id_xmss 
debug2: pubkey_prepare: done
debug3: send packet: type 5
debug3: receive packet: type 7
debug1: SSH2_MSG_EXT_INFO received
debug1: kex_input_ext_info: server-sig-algs=<ssh-ed25519,ssh-rsa,ssh-dss,ecdsa-sha2-nistp256,ecdsa-sha2-nistp384,ecdsa-sha2-nistp521>
debug3: receive packet: type 6
debug2: service_accept: ssh-userauth
debug1: SSH2_MSG_SERVICE_ACCEPT received
debug3: send packet: type 50
debug3: receive packet: type 51
debug1: Authentications that can continue: publickey
debug3: start over, passed a different list publickey
debug3: preferred gssapi-keyex,gssapi-with-mic,publickey,keyboard-interactive,password
debug3: authmethod_lookup publickey
debug3: remaining preferred: keyboard-interactive,password
debug3: authmethod_is_enabled publickey
debug1: Next authentication method: publickey
debug1: Offering public key: /home/hille/.ssh/id_rsa RSA SHA256:x21n/NL3d68wg+4uyMxZmyz0YpbdUQHsG0o4Se4Iw5I
debug3: send packet: type 50
debug2: we sent a publickey packet, wait for reply
debug3: receive packet: type 51
debug1: Authentications that can continue: publickey
debug1: Trying private key: /home/hille/.ssh/id_ecdsa
debug3: no such identity: /home/hille/.ssh/id_ecdsa: No such file or directory
debug1: Offering public key: /home/hille/.ssh/id_ed25519 ED25519 SHA256:vG5XjmnxWKuGuJf0fzrvkCAoQXhunp5RD1cGJN6Luig
debug3: send packet: type 50
debug2: we sent a publickey packet, wait for reply
debug3: receive packet: type 51
debug1: Authentications that can continue: publickey
debug1: Trying private key: /home/hille/.ssh/id_xmss
debug3: no such identity: /home/hille/.ssh/id_xmss: No such file or directory
debug2: we did not send a packet, disable method
debug1: No more authentication methods to try.
hille42@abel.debian.org: Permission denied (publickey).
hille@sid:~ $

Attachment: signature.asc
Description: OpenPGP digital signature

Reply to:

Follow-Ups:
- Re: Access to Porter machines as Debian Maintainer?
  - From: Paul Wise <pabs@debian.org>
- Re: Access to Porter machines as Debian Maintainer?
  - From: Geert Stappers <stappers@stappers.nl>

References:
- Access to Porter machines as Debian Maintainer?
  - From: Hilmar Preuße <hille42@web.de>
- Re: Access to Porter machines as Debian Maintainer?
  - From: Paul Wise <pabs@debian.org>
- Re: Access to Porter machines as Debian Maintainer?
  - From: Mattia Rizzolo <mattia@debian.org>

Prev by Date: Bug#927996: RFS: diskfit/2.0.2.3 [ITP] -- Simple disk fit calculator
Next by Date: Re: Access to Porter machines as Debian Maintainer?
Previous by thread: Re: Access to Porter machines as Debian Maintainer?
Next by thread: Re: Access to Porter machines as Debian Maintainer?
Index(es):
- Date
- Thread