[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[Traverso-devel] Fwd: FIXED: Cannot access project cvs repository via ss
[Traverso-devel] Fwd: FIXED: Cannot access project cvs repository via ssh from behind a NAT router
Tue, 29 Jul 2008 22:17:03 +0200
this message is just for information purposes.
I had problems accessing the project's cvs repository using ssh. I am member
of the resp. project, so I have a valid
savannah account. I also had uploaded my public ssh key to the savannah
website and an ssh test session showed that the
savannah cvs server accepted my login credentials.
The problem turned out to be that I am located behind a D-Link ADSL router
(which is a NAT router) plus using OpenSSH.
OpenSSH sets the 'type of service' field in the IP datagram after the password
has been given; some routers are known to
choke on that (my D-Link ADSL router is amongst them), so the session hangs
after the password has been given:
> > address@hidden:~$ ssh -vvv address@hidden
> > OpenSSH_4.7p1 Debian-8ubuntu1.2, OpenSSL 0.9.8g 19 Oct 2007
> > debug1: Reading configuration data /etc/ssh/ssh_config
> > [...]
> > Enter passphrase for key '/home/peter/.ssh/id_dsa':
> > debug1: read PEM private key done: type DSA
> > debug1: Authentication succeeded (publickey).
> > [...]
> > debug2: fd 5 setting TCP_NODELAY
> > debug2: callback done
> > debug2: channel 0: open confirm rwindow 0 rmax 32768
and from here on the session hangs.
The fix is to make ssh send all its traffic via netcat. netcat won't set the
TOS field. Therefore, add a directive to
the ssh config file '~/.ssh/config' (or, if that file doesn't exist, create
> > ProxyCommand nc %h %p
I set up my own ssh config file (/home/peter/.ssh/config), and it looks like
> # This is the ssh client user configuration file. See
> # ssh_config(5) for more information. This file provides defaults for
> # this user, and the values can be changed on the command line.
> # Configuration data is parsed as follows:
> # 1. command line options
> # 2. user-specific file
> # 3. system-wide file
> # Any configuration value is only changed the first time it is set.
> # Thus, host-specific definitions should be at the beginning of the
> # configuration file, and defaults at the end.
> # Directive to overcome TOS issue with our D-Link NAT router. During session
setup, OpenSSH sets the TOS
> # (type of service) field after the user has submitted the password. Some
routers are known to choke on this,
> # with the result that the session hangs during buildup.
> # As workaround we send our traffic via netcat which doesn't set the TOS
> ProxyCommand nc %h %p
With this config file I was able to perform a cvs checkout from the project
repository via ssh.
Obviously, the developer needs to install netcat on his/her machine. To test
whether it's installed, one can type
> which nc
on the command line shell. If that command yields something like '/bin/nc/'
then most likely netcat is installed. If
nothing is returned then netcat isn't installed.
I hope this helps any poor developer who sits behind one of those NAT routers
and cannot access the Savannah cvs
repositories using ssh.
Fame is probably the second most dangerous occupation after working in a coal
|[Prev in Thread]
||[Next in Thread]|
- [Traverso-devel] Fwd: FIXED: Cannot access project cvs repository via ssh from behind a NAT router,
Remon Sijrier <=