[Top][All Lists]

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[Traverso-devel] Fwd: FIXED: Cannot access project cvs repository via ss

From: Remon Sijrier
Subject: [Traverso-devel] Fwd: FIXED: Cannot access project cvs repository via ssh from behind a NAT router
Date: Tue, 29 Jul 2008 22:17:03 +0200
User-agent: KMail/1.9.9


this message is just for information purposes.

I had problems accessing the project's cvs repository using ssh. I am member 
of the resp. project, so I have a valid
savannah account. I also had uploaded my public ssh key to the savannah 
website and an ssh test session showed that the
savannah cvs server accepted my login credentials.

The problem turned out to be that I am located behind a D-Link ADSL router 
(which is a NAT router) plus using OpenSSH.
OpenSSH sets the 'type of service' field in the IP datagram after the password 
has been given; some routers are known to
choke on that (my D-Link ADSL router is amongst them), so the session hangs 
after the password has been given:

> > address@hidden:~$ ssh -vvv address@hidden
> > OpenSSH_4.7p1 Debian-8ubuntu1.2, OpenSSL 0.9.8g 19 Oct 2007
> > debug1: Reading configuration data /etc/ssh/ssh_config
> > [...]
> > Enter passphrase for key '/home/peter/.ssh/id_dsa':
> > debug1: read PEM private key done: type DSA
> > debug1: Authentication succeeded (publickey).
> > [...]
> > debug2: fd 5 setting TCP_NODELAY
> > debug2: callback done
> > debug2: channel 0: open confirm rwindow 0 rmax 32768

and from here on the session hangs.

The fix is to make ssh send all its traffic via netcat. netcat won't set the 
TOS field. Therefore, add a directive to
the ssh config file '~/.ssh/config' (or, if that file doesn't exist, create 

> >     ProxyCommand nc %h %p

I set up my own ssh config file (/home/peter/.ssh/config), and it looks like 

> # This is the ssh client user configuration file.  See
> # ssh_config(5) for more information.  This file provides defaults for
> # this user, and the values can be changed on the command line.
> # Configuration data is parsed as follows:
> #  1. command line options
> #  2. user-specific file
> #  3. system-wide file
> # Any configuration value is only changed the first time it is set.
> # Thus, host-specific definitions should be at the beginning of the
> # configuration file, and defaults at the end.
> # Directive to overcome TOS issue with our D-Link NAT router. During session 
setup, OpenSSH sets the TOS
> # (type of service) field after the user has submitted the password. Some 
routers are known to choke on this,
> # with the result that the session hangs during buildup.
> # As workaround we send our traffic via netcat which doesn't set the TOS 
>     ProxyCommand nc %h %p

With this config file I was able to perform a cvs checkout from the project 
repository via ssh.

Obviously, the developer needs to install netcat on his/her machine. To test 
whether it's installed, one can type

> which nc

on the command line shell. If that command yields something like '/bin/nc/' 
then most likely netcat is installed. If
nothing is returned then netcat isn't installed.

I hope this helps any poor developer who sits behind one of those NAT routers 
and cannot access the Savannah cvs
repositories using ssh.


Fame is probably the second most dangerous occupation after working in a coal 
 - Moby

reply via email to

[Prev in Thread] Current Thread [Next in Thread]