gitmaster access

Hi

On Wed, 11 May 2022 at 08:21, Kyotaro Horiguchi <horikyota.ntt@gmail.com>
wrote:

(Sorry in advance if this is off-topic of -hackers, and please head me
to the right place if so.)

I'm stuck by connection failure to gitmaster.

I told that I already have the commit-bit on pgtranslation repository
for the community account "horiguti".

I did the following steps.

1. Add the public key for git-access to "SSH Key" field of "Edit User
Profile" page.(https://www.postgresql.org/account/profile/) I did
this more than few months ago.

2. Clone ssh://git@gitmaster.postgresql.org/pgtranslation/messages.git.

The correct repo is ssh://git@git.postgresql.org/pgtranslation/messages.git.

The problem for me here is I get "Permission denied" by the second
step.

The following is an extract of verbose log when I did:

GIT_SSH_COMMAND="ssh -vvvv" git clone ssh://

git@gitmaster.postgresql.org/pgtranslation/messages.git

debug1: Authenticating to gitmaster.postgresql.org:22 as 'git'
debug1: Offering public key: /home/horiguti/.ssh/postgresql ECDSA
SHA256:zMOonb8...
debug3: send packet: type 50
debug2: we sent a publickey packet, wait for reply
debug3: receive packet: type 51

The account and host looks correct. The server returns 51
(SSH_MSG_USERAUTH_FAILURE), which means the server didn't find my
public key, but the fingerprint shown above coincides with that of the
registered public key. I don't have a clue of the reason from my side.

Please someone tell me what to do to get over the situation.

regards.

--
Kyotaro Horiguchi
NTT Open Source Software Center

--
Dave Page
Blog: https://pgsnake.blogspot.com
Twitter: @pgsnake

EDB: https://www.enterprisedb.com

At Wed, 11 May 2022 08:46:40 +0100, Dave Page <dpage@pgadmin.org> wrote in

Hi

On Wed, 11 May 2022 at 08:21, Kyotaro Horiguchi <horikyota.ntt@gmail.com>
wrote:

2. Clone ssh://git@gitmaster.postgresql.org/pgtranslation/messages.git.

The correct repo is ssh://git@git.postgresql.org/pgtranslation/messages.git.

Thanks for the reply. I didn't wrote, but I have tried that and had
the same result.

regards.

--
Kyotaro Horiguchi
NTT Open Source Software Center

Hi

On Wed, 11 May 2022 at 08:55, Kyotaro Horiguchi <horikyota.ntt@gmail.com>
wrote:

At Wed, 11 May 2022 08:46:40 +0100, Dave Page <dpage@pgadmin.org> wrote
in

Hi

On Wed, 11 May 2022 at 08:21, Kyotaro Horiguchi <horikyota.ntt@gmail.com

wrote:

2. Clone ssh://git@gitmaster.postgresql.org/pgtranslation/messages.git

.

The correct repo is ssh://

git@git.postgresql.org/pgtranslation/messages.git.

Thanks for the reply. I didn't wrote, but I have tried that and had
the same result.

What is your community user ID?

--
Dave Page
Blog: https://pgsnake.blogspot.com
Twitter: @pgsnake

EDB: https://www.enterprisedb.com

At Wed, 11 May 2022 09:08:26 +0100, Dave Page <dpage@pgadmin.org> wrote in

What is your community user ID?

My community user name is "horiguti".

regards.

--
Kyotaro Horiguchi
NTT Open Source Software Center

Hi

On Wed, 11 May 2022 at 08:21, Kyotaro Horiguchi <horikyota.ntt@gmail.com>
wrote:

(Sorry in advance if this is off-topic of -hackers, and please head me
to the right place if so.)

I'm stuck by connection failure to gitmaster.

I told that I already have the commit-bit on pgtranslation repository
for the community account "horiguti".

I did the following steps.

1. Add the public key for git-access to "SSH Key" field of "Edit User
Profile" page.(https://www.postgresql.org/account/profile/) I did
this more than few months ago.

2. Clone ssh://git@gitmaster.postgresql.org/pgtranslation/messages.git.

The correct repo is ssh://git@git.postgresql.org/pgtranslation/messages.git.

This does not work for me neither. However, in my case following works:

ssh://git@gitmaster.postgresql.org/pgtranslation/messages.git

Also Tom Lane said:
On Sun, May 1, 2022 at 4:52 PM Tom Lane <tgl@sss.pgh.pa.us> wrote:

Tatsuo Ishii <ishii@sraoss.co.jp> writes:

This is ok:
git clone ssh://git@gitmaster.postgresql.org/postgresql.git

That's the thing to use if you're a committer.

Best reagards,
--
Tatsuo Ishii
SRA OSS, Inc. Japan
English: http://www.sraoss.co.jp/index_en.php
Japanese:http://www.sraoss.co.jp

Hi

On Wed, 11 May 2022 at 09:34, Tatsuo Ishii <ishii@sraoss.co.jp> wrote:

Hi

On Wed, 11 May 2022 at 08:21, Kyotaro Horiguchi <horikyota.ntt@gmail.com

wrote:

(Sorry in advance if this is off-topic of -hackers, and please head me
to the right place if so.)

I'm stuck by connection failure to gitmaster.

I told that I already have the commit-bit on pgtranslation repository
for the community account "horiguti".

I did the following steps.

1. Add the public key for git-access to "SSH Key" field of "Edit User
Profile" page.(https://www.postgresql.org/account/profile/) I did
this more than few months ago.

2. Clone ssh://git@gitmaster.postgresql.org/pgtranslation/messages.git.

The correct repo is ssh://

git@git.postgresql.org/pgtranslation/messages.git.

This does not work for me neither. However, in my case following works:

ssh://git@gitmaster.postgresql.org/pgtranslation/messages.git

If that works, then colour me confused because:

gemulon:~# host gitmaster.postgresql.org
gitmaster.postgresql.org is an alias for gemulon.postgresql.org.
gemulon.postgresql.org has address 72.32.157.198
gemulon.postgresql.org has IPv6 address 2001:4800:3e1:1::198
gemulon:~# find / -name pgtranslation
gemulon:~# find / -name messages.git
gemulon:~# ls -al /home/git/repositories/
total 16
drwxr-xr-x 4 git git 4096 Jan 4 2020 .
drwxr-xr-x 8 git git 4096 May 11 09:03 ..
drwxr-xr-x 7 git git 4096 Jan 4 2020 mhatest.git
drwxr-sr-x 7 git git 4096 May 11 06:39 postgresql.git
gemulon:~#

Also Tom Lane said:
On Sun, May 1, 2022 at 4:52 PM Tom Lane <tgl@sss.pgh.pa.us> wrote:

Tatsuo Ishii <ishii@sraoss.co.jp> writes:

This is ok:
git clone ssh://git@gitmaster.postgresql.org/postgresql.git

That's the thing to use if you're a committer.

Best reagards,
--
Tatsuo Ishii
SRA OSS, Inc. Japan
English: http://www.sraoss.co.jp/index_en.php
Japanese:http://www.sraoss.co.jp

--
Dave Page
Blog: https://pgsnake.blogspot.com
Twitter: @pgsnake

EDB: https://www.enterprisedb.com

On Wed, 11 May 2022 at 09:25, Kyotaro Horiguchi <horikyota.ntt@gmail.com>
wrote:

At Wed, 11 May 2022 09:08:26 +0100, Dave Page <dpage@pgadmin.org> wrote
in

What is your community user ID?

My community user name is "horiguti".

OK, so you have write access on the repo on git.postgresql.org, but I can't
find an SSH key for your account on the system. Can you check
https://www.postgresql.org/account/profile/ and make sure you've got the
correct SSH key in your profile? If you add one, it might take 10 minutes
or so to make its way to the git server.

--
Dave Page
Blog: https://pgsnake.blogspot.com
Twitter: @pgsnake

EDB: https://www.enterprisedb.com

This does not work for me neither. However, in my case following works:

ssh://git@gitmaster.postgresql.org/pgtranslation/messages.git

If that works, then colour me confused because:

gemulon:~# host gitmaster.postgresql.org
gitmaster.postgresql.org is an alias for gemulon.postgresql.org.
gemulon.postgresql.org has address 72.32.157.198
gemulon.postgresql.org has IPv6 address 2001:4800:3e1:1::198
gemulon:~# find / -name pgtranslation
gemulon:~# find / -name messages.git
gemulon:~# ls -al /home/git/repositories/
total 16
drwxr-xr-x 4 git git 4096 Jan 4 2020 .
drwxr-xr-x 8 git git 4096 May 11 09:03 ..
drwxr-xr-x 7 git git 4096 Jan 4 2020 mhatest.git
drwxr-sr-x 7 git git 4096 May 11 06:39 postgresql.git
gemulon:~#

Sorry, I meant ssh://git@gitmaster.postgresql.org/postgresql.git
works, but ssh://git@git.postgresql.org/postgresql.git does not work
for me.

Best reagards,
--
Tatsuo Ishii
SRA OSS, Inc. Japan
English: http://www.sraoss.co.jp/index_en.php
Japanese:http://www.sraoss.co.jp

Hi

On Wed, 11 May 2022 at 13:56, Tatsuo Ishii <ishii@sraoss.co.jp> wrote:

This does not work for me neither. However, in my case following works:

ssh://git@gitmaster.postgresql.org/pgtranslation/messages.git

If that works, then colour me confused because:

gemulon:~# host gitmaster.postgresql.org
gitmaster.postgresql.org is an alias for gemulon.postgresql.org.
gemulon.postgresql.org has address 72.32.157.198
gemulon.postgresql.org has IPv6 address 2001:4800:3e1:1::198
gemulon:~# find / -name pgtranslation
gemulon:~# find / -name messages.git
gemulon:~# ls -al /home/git/repositories/
total 16
drwxr-xr-x 4 git git 4096 Jan 4 2020 .
drwxr-xr-x 8 git git 4096 May 11 09:03 ..
drwxr-xr-x 7 git git 4096 Jan 4 2020 mhatest.git
drwxr-sr-x 7 git git 4096 May 11 06:39 postgresql.git
gemulon:~#

Sorry, I meant ssh://git@gitmaster.postgresql.org/postgresql.git
works, but ssh://git@git.postgresql.org/postgresql.git does not work
for me.

That is expected; no one has write access to that repo (and we only include
SSH keys for users with write access).

--
Dave Page
Blog: https://pgsnake.blogspot.com
Twitter: @pgsnake

EDB: https://www.enterprisedb.com

Sorry, I meant ssh://git@gitmaster.postgresql.org/postgresql.git
works, but ssh://git@git.postgresql.org/postgresql.git does not work
for me.

That is expected; no one has write access to that repo (and we only include
SSH keys for users with write access).

Then we need to change this, no?

https://git.postgresql.org/gitweb/?p=postgresql.git;a=summary

URL git://git.postgresql.org/git/postgresql.git
https://git.postgresql.org/git/postgresql.git
ssh://git@git.postgresql.org/postgresql.git

The last line should be "ssh://git@gitmaster.postgresql.org/postgresql.git"?

Best reagards,
--
Tatsuo Ishii
SRA OSS, Inc. Japan
English: http://www.sraoss.co.jp/index_en.php
Japanese:http://www.sraoss.co.jp

On Thu, May 12, 2022 at 09:04:38AM +0900, Tatsuo Ishii wrote:

Then we need to change this, no?

https://git.postgresql.org/gitweb/?p=postgresql.git;a=summary

URL git://git.postgresql.org/git/postgresql.git
https://git.postgresql.org/git/postgresql.git
ssh://git@git.postgresql.org/postgresql.git

The last line should be "ssh://git@gitmaster.postgresql.org/postgresql.git"?

-------------------------------------------------

That is the one I use.

--
Bruce Momjian <bruce@momjian.us> https://momjian.us
EDB https://enterprisedb.com

Indecision is a decision. Inaction is an action. Mark Batterson

On Wed, May 11, 2022 at 08:59:26PM -0400, Bruce Momjian wrote:

On Thu, May 12, 2022 at 09:04:38AM +0900, Tatsuo Ishii wrote:

Then we need to change this, no?

https://git.postgresql.org/gitweb/?p=postgresql.git;a=summary

URL git://git.postgresql.org/git/postgresql.git
https://git.postgresql.org/git/postgresql.git
ssh://git@git.postgresql.org/postgresql.git

The last line should be "ssh://git@gitmaster.postgresql.org/postgresql.git"?

-------------------------------------------------

That is the one I use.

I assume the URL list at:

https://git.postgresql.org/gitweb/?p=postgresql.git;a=summary

is for non-committers.

--
Bruce Momjian <bruce@momjian.us> https://momjian.us
EDB https://enterprisedb.com

Indecision is a decision. Inaction is an action. Mark Batterson

At Wed, 11 May 2022 10:40:00 +0100, Dave Page <dpage@pgadmin.org> wrote in

OK, so you have write access on the repo on git.postgresql.org, but I can't
find an SSH key for your account on the system. Can you check
https://www.postgresql.org/account/profile/ and make sure you've got the
correct SSH key in your profile? If you add one, it might take 10 minutes
or so to make its way to the git server.

Thanks for the inspection. I understand what the ssh server is facing.

I had already filled the filed with an (I beilive correct) openssh
public key, but to make sure, I emptied the field "SSH key", waited
for 20 minutes, then added a fresh pubkey and waited for 20 minutes.

I tried both git.postgresql.org and gitmaster and don't have better
luck. The server still says "I don't know you".

regards.

--
Kyotaro Horiguchi
NTT Open Source Software Center

Thanks for the inspection. I understand what the ssh server is facing.

I had already filled the filed with an (I beilive correct) openssh
public key, but to make sure, I emptied the field "SSH key", waited
for 20 minutes, then added a fresh pubkey and waited for 20 minutes.

I tried both git.postgresql.org and gitmaster and don't have better
luck. The server still says "I don't know you".

regards.

--
Kyotaro Horiguchi
NTT Open Source Software Center

Last year we faced a similar problem, namely, a new committer for
pgpool.git could not access the git repository (Permission denied
(publickey)). Magnus kindly advised following and it worked. Hope this
helps.

1. Log into the git server on https://git.postgresql.org/adm/. It
should be an automatic log in and show the repository.
2. *then* go back to the main website and delete the ssh key
3. Now add the ssh key again on the main website
4. Wait 10-15 minutes and then it should work

Best reagards,
--
Tatsuo Ishii
SRA OSS, Inc. Japan
English: http://www.sraoss.co.jp/index_en.php
Japanese:http://www.sraoss.co.jp

On Thu, May 12, 2022 at 10:34:49AM +0900, Tatsuo Ishii wrote:

Last year we faced a similar problem, namely, a new committer for
pgpool.git could not access the git repository (Permission denied
(publickey)). Magnus kindly advised following and it worked. Hope this
helps.

1. Log into the git server on https://git.postgresql.org/adm/. It
should be an automatic log in and show the repository.
2. *then* go back to the main website and delete the ssh key
3. Now add the ssh key again on the main website
4. Wait 10-15 minutes and then it should work

I don't see any repositories listed for my login, so I wonder if
gitmaster and pgpool are handled differently. When I changed my SSH key
for gitmaster recently, I had to phone someone to verify the change ---
I could not do it via a website.

--
Bruce Momjian <bruce@momjian.us> https://momjian.us
EDB https://enterprisedb.com

Indecision is a decision. Inaction is an action. Mark Batterson

On Thu, May 12, 2022 at 10:34:49AM +0900, Tatsuo Ishii wrote:

Last year we faced a similar problem, namely, a new committer for
pgpool.git could not access the git repository (Permission denied
(publickey)). Magnus kindly advised following and it worked. Hope this
helps.

1. Log into the git server on https://git.postgresql.org/adm/. It
should be an automatic log in and show the repository.
2. *then* go back to the main website and delete the ssh key
3. Now add the ssh key again on the main website
4. Wait 10-15 minutes and then it should work

I don't see any repositories listed for my login, so I wonder if
gitmaster and pgpool are handled differently.

I guess so too. I only see pgpool related repositories but
postgres.git on https://git.postgresql.org/adm/. According to Magnus,
this is necessary to trigger replication of SSH key.

When I changed my SSH key
for gitmaster recently, I had to phone someone to verify the change ---
I could not do it via a website.

Thank you for the info. I will be careful when I want to change SSH
key for gitmaster next time.

Best reagards,
--
Tatsuo Ishii
SRA OSS, Inc. Japan
English: http://www.sraoss.co.jp/index_en.php
Japanese:http://www.sraoss.co.jp

Bruce Momjian <bruce@momjian.us> writes:

On Wed, May 11, 2022 at 08:59:26PM -0400, Bruce Momjian wrote:

On Thu, May 12, 2022 at 09:04:38AM +0900, Tatsuo Ishii wrote:

The last line should be "ssh://git@gitmaster.postgresql.org/postgresql.git"?

I assume the URL list at:
https://git.postgresql.org/gitweb/?p=postgresql.git;a=summary
is for non-committers.

Yeah, I agree with that. If we advertise the gitmaster address here,
the primary result will be that we get a lot of complaints from random
people complaining that they can't access it. A secondary result
is likely to be an increase in attacks against that server.

The onboarding process for new committers should include explaining
about the separate master repo and how they can access it, but that
is absolutely not something we should advertise widely.

regards, tom lane

At Thu, 12 May 2022 10:34:49 +0900 (JST), Tatsuo Ishii <ishii@sraoss.co.jp> wrote in

Last year we faced a similar problem, namely, a new committer for
pgpool.git could not access the git repository (Permission denied
(publickey)). Magnus kindly advised following and it worked. Hope this
helps.

1. Log into the git server on https://git.postgresql.org/adm/. It
should be an automatic log in and show the repository.
2. *then* go back to the main website and delete the ssh key
3. Now add the ssh key again on the main website
4. Wait 10-15 minutes and then it should work

Thank you for the info, but unfortunately it hasn't worked.
I'm going to try a slightly different steps..

regards.

--
Kyotaro Horiguchi
NTT Open Source Software Center

I assume the URL list at:
https://git.postgresql.org/gitweb/?p=postgresql.git;a=summary
is for non-committers.

Yeah, I agree with that. If we advertise the gitmaster address here,
the primary result will be that we get a lot of complaints from random
people complaining that they can't access it. A secondary result
is likely to be an increase in attacks against that server.

The onboarding process for new committers should include explaining
about the separate master repo and how they can access it, but that
is absolutely not something we should advertise widely.

Agreed. Probably we should remove
ssh://git@git.postgresql.org/postgresql.git from the page.

Best reagards,
--
Tatsuo Ishii
SRA OSS, Inc. Japan
English: http://www.sraoss.co.jp/index_en.php
Japanese:http://www.sraoss.co.jp