[Savannah-cvs] administration/content/gnu-content/faq User_Acc...

[Sylvain Beucler]

CVSROOT:        /cvsroot/administration
Module name:    administration
Branch:         
Changes by:     Sylvain Beucler <address@hidden>        05/05/04 18:40:07

Modified files:
        content/gnu-content/faq: 
                                 
User_Account_-_How_do_I_configure_my_SSH_access.txt 

Log message:
        rearranged

CVSWeb URLs:
http://savannah.gnu.org/cgi-bin/viewcvs/administration/administration/content/gnu-content/faq/User_Account_-_How_do_I_configure_my_SSH_access.txt.diff?tr1=1.1&tr2=1.2&r1=text&r2=text

Patches:
Index: 
administration/content/gnu-content/faq/User_Account_-_How_do_I_configure_my_SSH_access.txt
diff -u 
administration/content/gnu-content/faq/User_Account_-_How_do_I_configure_my_SSH_access.txt:1.1
 
administration/content/gnu-content/faq/User_Account_-_How_do_I_configure_my_SSH_access.txt:1.2
--- 
administration/content/gnu-content/faq/User_Account_-_How_do_I_configure_my_SSH_access.txt:1.1
      Thu Apr 14 21:19:54 2005
+++ 
administration/content/gnu-content/faq/User_Account_-_How_do_I_configure_my_SSH_access.txt
  Wed May  4 18:40:06 2005
@@ -10,31 +10,14 @@
 
 <p>Generally, if you can't access to your CVS trees or your download
 area, it means that your SSH access is not correctly configured. The
-*only* thing to do is to create a ssh-key and register it.</p>
+<i>only</i> thing to do is to create a ssh-key and register it.</p>
 
 <p>Note that if you're not member of any project, no account will
 created on the system - you will have your web account, but not system
 access. A system account will be created after you become a member of
 at least one project.</p>
 
-<p>First, you should know that here, on Savannah, we use SSH version
-2.</p>
-
-<p>It is usually not needed to precise it in the SSH client
-configuration file (<code>~/.ssh/config</code>). You can add
-
-<pre>
-Host cvs.savannah.gnu.org
-     Protocol 2
-</pre>
-
-in that file when you think your SSH client will try to make a SSHv1
-connection by default (you can incidentally do that as well to avoid a
-man-in-the-middle attack that tries to move the connection from
-protocol 2 to protocol 1 during its establishment, since v1 has some
-flaws and is more easily crackable).</p>
-
-<p>After this, you must create the ssh-key. In general, it is done
+<p>First, you need to create the ssh-key. In general, this is done by
 using <pre>ssh-keygen -t dsa</pre> It will ask you for a
 passphrase. Only this passphrase will be accepted for CVS or scp
 authentification, <b class="error">not the Savannah password</b>. The
@@ -55,14 +38,15 @@
 <p>Try to download your CVS tree (take a look at your CVS project page
 - or read *How do I import my project into the CVS?*)</p>
 
-<h3>Common troubles:</h3>
 
-<ul><li><p>If, when (for example) you try to write on your download
-area, it asks you for a password and not a passphrase, then means that
-your key is not recognized. It could be a matter of time (the cron
-job...) or, generally, it means that your key is not a correct SSH2
-DSA key. If you think you have done everything correctly, use the
-support manager
+<h3>Troubleshootings</h3>
+
+<ul><li><p>If, when (for example) you try to use CVS, it asks you for
+a <i>password</i> and not a <i>passphrase</i>, then means that your
+key is not recognized. It could be a matter of time (cron job) or,
+generally, it means that your key is not a correct SSH2 DSA key (the
+key registration page contains a sample key for you to compare). If
+you think you have done everything correctly, use the support manager
 (https://savannah.gnu.org/support/?group=administration) or write to
 address@hidden explaining your problem, providing
 copy/paste from the errors messages. It would also be good to provide
@@ -76,6 +60,7 @@
 
 </p></li>
 
+
 <li><p>When you try to cvs, it will reports <code>the authenticity of
 host subversions.gnu.org cannot be established, RSA key fingerprint is
 80:5a:b0:0c:ec:93:66:29:49:7e:04:2b:fd:ba:2c:d5</code>.
@@ -83,7 +68,56 @@
 Why RSA here and not DSA? This is the RSA fingerprint of the Savannah
 site-wide server key. It is used to verify that the site you are
 connecting to is well GNU Savannah, and not a fake website. It is
-totally different from your SSH key.</p></li></ol>
+totally different from your SSH key.</p></li>
+
+
+<li><p>When trying to connect you get <i>Protocol major versions
+differ: 1 vs. 2</i></p>
+
+<p>First, you should know that here, on Savannah, we use SSH version
+2. The error you got means that either:
+<ul><li>You are using an old implementation of SSH that does not support 
protocol version 2 - you need to upgrade.</li>
+<li>OpenSSH is configured, site-wide, to use protocol version 1 only. In this 
case, you need to edit <code>/etc/ssh/ssh_config</code>, and replace
+<pre>
+Protocol 1
+</pre>
+by
+<pre>
+Protocol 2,1
+</pre>
+<li>You configured SSH to use version 1 when connecting to Savannah. If you 
see something like:
+<pre>
+Protocol 1
+</pre>
+or
+<pre>
+Host cvs.savannah.gnu.org
+     Protocol 1
+</pre>
+then simply remove it (or see next question).
+</li></ul>
+
+
+<li><p>It is necessary to specify <code>Protocol 2</code> in the SSH
+configuration files?</p>
+
+<p>It is usually not needed to precise it in the SSH client
+configuration files (<code>~/.ssh/config</code> and
+<code>/etc/ssh/ssh_config</code>).
+
+<p>You can however add
+
+<pre>
+Host cvs.savannah.gnu.org
+     Protocol 2
+</pre>
+
+in that file when you think your SSH client will try to make a SSHv1
+connection by default. You can incidentally do that as well to avoid a
+man-in-the-middle attack that tries to move the connection from
+protocol 2 to protocol 1 during its establishment, since v1 has some
+flaws and is more easily crackable).</p></li>
+</ol>
 
 
-<p style="font-size: smaller">Updated $Date: 2005/04/14 21:19:54 $</p>
+<p style="font-size: smaller">Updated $Date: 2005/05/04 18:40:06 $</p>