Hi all,
Anyone able to use bazaar via corkscrew? I have tried the tips in the link below and am able to authenticate to the proxy but only get time outs.
http://omappedia.org/wiki/Using_bzr_and_launchpad_behind_a_proxy
I have also added an authentication file like so: Host *.launchpad.net ProxyCommand corkscrew <our proxy> 8080 %h %p ~/.auth User <my user>
This is specifically the ST-Ericsson network which may be nastier than yours? But any success stories would be nice to hear.
Thanks Mattias
On Tue, Jan 25, 2011 at 12:09:39PM +0100, Mattias Backman wrote:
http://omappedia.org/wiki/Using_bzr_and_launchpad_behind_a_proxy
I have also added an authentication file like so: Host *.launchpad.net ProxyCommand corkscrew <our proxy> 8080 %h %p ~/.auth User <my user>
I guess you've seen http://www.mtu.net/~engstrom/ssh-proxy.php already? At any rate, running an
ssh -v 91.189.90.11
may tell us more about what's happening.
On 25 January 2011 14:19, Christian Robottom Reis kiko@linaro.org wrote:
On Tue, Jan 25, 2011 at 12:09:39PM +0100, Mattias Backman wrote:
http://omappedia.org/wiki/Using_bzr_and_launchpad_behind_a_proxy
I have also added an authentication file like so: Host *.launchpad.net ProxyCommand corkscrew <our proxy> 8080 %h %p ~/.auth User <my user>
I guess you've seen http://www.mtu.net/~engstrom/ssh-proxy.php already?
Actually no, the web filter tells me I shouldn't read that... "ACCESS TO THIS CATEGORY OF WEB SITES (Proxy Avoidance;Information Technology) IS DENIED." So if you could paste the content in an email och repost it somewhere else it might be useful to me. :)
At any rate, running an
ssh -v 91.189.90.11
may tell us more about what's happening.
Sure, this the little that happens.
:~> ssh -v 91.189.90.11 OpenSSH_5.3p1 Debian-3ubuntu4, OpenSSL 0.9.8k 25 Mar 2009 debug1: Reading configuration data /home/ebacmat/.ssh/config debug1: Reading configuration data /etc/ssh/ssh_config debug1: Applying options for * debug1: Connecting to 91.189.90.11 [91.189.90.11] port 22. debug1: connect to address 91.189.90.11 port 22: Connection timed out ssh: connect to host 91.189.90.11 port 22: Connection timed out
:~> ssh -v bazaar.launchpad.net OpenSSH_5.3p1 Debian-3ubuntu4, OpenSSL 0.9.8k 25 Mar 2009 debug1: Reading configuration data /home/ebacmat/.ssh/config debug1: Applying options for *.launchpad.net debug1: Reading configuration data /etc/ssh/ssh_config debug1: Applying options for * debug1: Executing proxy command: exec corkscrew proxy.mydomain.com 8080 bazaar.launchpad.net 22 ~/.auth debug1: permanently_drop_suid: 71419 debug1: identity file /home/ebacmat/.ssh/identity type -1 debug1: identity file /home/ebacmat/.ssh/id_rsa type -1 debug1: identity file /home/ebacmat/.ssh/id_dsa type -1 ssh_exchange_identification: Connection closed by remote host
proxy.mydomain.com is of course an alias for our internal proxy.
-- Christian Robottom Reis | [+55] 16 9112 6430 | http://launchpad.net/~kiko Linaro Engineering VP | [ +1] 612 216 4935 | http://async.com.br/~kiko
On Tue, Jan 25, 2011 at 03:20:44PM +0100, Mattias Backman wrote:
On 25 January 2011 14:19, Christian Robottom Reis kiko@linaro.org wrote:
On Tue, Jan 25, 2011 at 12:09:39PM +0100, Mattias Backman wrote:
http://omappedia.org/wiki/Using_bzr_and_launchpad_behind_a_proxy
I have also added an authentication file like so: Host *.launchpad.net ProxyCommand corkscrew <our proxy> 8080 %h %p ~/.auth User <my user>
I guess you've seen http://www.mtu.net/~engstrom/ssh-proxy.php already?
Actually no, the web filter tells me I shouldn't read that... "ACCESS TO THIS CATEGORY OF WEB SITES (Proxy Avoidance;Information Technology) IS DENIED." So if you could paste the content in an email och repost it somewhere else it might be useful to me. :)
Man, that's painful. See attached.
Sure, this the little that happens.
:~> ssh -v 91.189.90.11 OpenSSH_5.3p1 Debian-3ubuntu4, OpenSSL 0.9.8k 25 Mar 2009 debug1: Reading configuration data /home/ebacmat/.ssh/config debug1: Reading configuration data /etc/ssh/ssh_config debug1: Applying options for * debug1: Connecting to 91.189.90.11 [91.189.90.11] port 22. debug1: connect to address 91.189.90.11 port 22: Connection timed out ssh: connect to host 91.189.90.11 port 22: Connection timed out
:~> ssh -v bazaar.launchpad.net OpenSSH_5.3p1 Debian-3ubuntu4, OpenSSL 0.9.8k 25 Mar 2009 debug1: Reading configuration data /home/ebacmat/.ssh/config debug1: Applying options for *.launchpad.net debug1: Reading configuration data /etc/ssh/ssh_config debug1: Applying options for * debug1: Executing proxy command: exec corkscrew proxy.mydomain.com 8080 bazaar.launchpad.net 22 ~/.auth debug1: permanently_drop_suid: 71419 debug1: identity file /home/ebacmat/.ssh/identity type -1 debug1: identity file /home/ebacmat/.ssh/id_rsa type -1 debug1: identity file /home/ebacmat/.ssh/id_dsa type -1 ssh_exchange_identification: Connection closed by remote host
Could you try applying the corkscrew proxy command for everything under the 91.189.90 subnet, just in case the name resolution is happening in a weird way?
You could also try strace -f -econnect to see what the bzr client is doing -- it might surprise us.
On 25 January 2011 15:27, Christian Robottom Reis kiko@linaro.org wrote:
On Tue, Jan 25, 2011 at 03:20:44PM +0100, Mattias Backman wrote:
On 25 January 2011 14:19, Christian Robottom Reis kiko@linaro.org wrote:
On Tue, Jan 25, 2011 at 12:09:39PM +0100, Mattias Backman wrote:
http://omappedia.org/wiki/Using_bzr_and_launchpad_behind_a_proxy
I have also added an authentication file like so: Host *.launchpad.net ProxyCommand corkscrew <our proxy> 8080 %h %p ~/.auth User <my user>
I guess you've seen http://www.mtu.net/~engstrom/ssh-proxy.php already?
Actually no, the web filter tells me I shouldn't read that... "ACCESS TO THIS CATEGORY OF WEB SITES (Proxy Avoidance;Information Technology) IS DENIED." So if you could paste the content in an email och repost it somewhere else it might be useful to me. :)
Man, that's painful. See attached.
Thanks. I actually already set everything up that way.
Sure, this the little that happens.
:~> ssh -v 91.189.90.11 OpenSSH_5.3p1 Debian-3ubuntu4, OpenSSL 0.9.8k 25 Mar 2009 debug1: Reading configuration data /home/ebacmat/.ssh/config debug1: Reading configuration data /etc/ssh/ssh_config debug1: Applying options for * debug1: Connecting to 91.189.90.11 [91.189.90.11] port 22. debug1: connect to address 91.189.90.11 port 22: Connection timed out ssh: connect to host 91.189.90.11 port 22: Connection timed out
:~> ssh -v bazaar.launchpad.net OpenSSH_5.3p1 Debian-3ubuntu4, OpenSSL 0.9.8k 25 Mar 2009 debug1: Reading configuration data /home/ebacmat/.ssh/config debug1: Applying options for *.launchpad.net debug1: Reading configuration data /etc/ssh/ssh_config debug1: Applying options for * debug1: Executing proxy command: exec corkscrew proxy.mydomain.com 8080 bazaar.launchpad.net 22 ~/.auth debug1: permanently_drop_suid: 71419 debug1: identity file /home/ebacmat/.ssh/identity type -1 debug1: identity file /home/ebacmat/.ssh/id_rsa type -1 debug1: identity file /home/ebacmat/.ssh/id_dsa type -1 ssh_exchange_identification: Connection closed by remote host
Could you try applying the corkscrew proxy command for everything under the 91.189.90 subnet, just in case the name resolution is happening in a weird way?
You could also try strace -f -econnect to see what the bzr client is doing -- it might surprise us.
I added the entire subnet which didn't help. The strace did tell me that nothing happens after the call to the proxy. After quite a few different attempts, I have tried to connect to a different server which I happen to know has ssh servers on nearly every port. The corkscrew solution works if I try to ssh to port 21 or 80, it does not work for 22 or anything else. Seems that our proxy will only let traffic out if it's bound for ftp or http ports.
-- Christian Robottom Reis | [+55] 16 9112 6430 | http://launchpad.net/~kiko Linaro Engineering VP | [ +1] 612 216 4935 | http://async.com.br/~kiko
On Wed, Jan 26, 2011 at 09:02:02AM +0100, Mattias Backman wrote:
:~> ssh -v 91.189.90.11 OpenSSH_5.3p1 Debian-3ubuntu4, OpenSSL 0.9.8k 25 Mar 2009 debug1: Reading configuration data /home/ebacmat/.ssh/config debug1: Reading configuration data /etc/ssh/ssh_config debug1: Applying options for * debug1: Connecting to 91.189.90.11 [91.189.90.11] port 22. debug1: connect to address 91.189.90.11 port 22: Connection timed out ssh: connect to host 91.189.90.11 port 22: Connection timed out
:~> ssh -v bazaar.launchpad.net OpenSSH_5.3p1 Debian-3ubuntu4, OpenSSL 0.9.8k 25 Mar 2009 debug1: Reading configuration data /home/ebacmat/.ssh/config debug1: Applying options for *.launchpad.net debug1: Reading configuration data /etc/ssh/ssh_config debug1: Applying options for * debug1: Executing proxy command: exec corkscrew proxy.mydomain.com 8080 bazaar.launchpad.net 22 ~/.auth debug1: permanently_drop_suid: 71419 debug1: identity file /home/ebacmat/.ssh/identity type -1 debug1: identity file /home/ebacmat/.ssh/id_rsa type -1 debug1: identity file /home/ebacmat/.ssh/id_dsa type -1 ssh_exchange_identification: Connection closed by remote host
One thing that I don't quite understand: why did you actually manage to connect in the second session? It points to a configuration problem.. but maybe this paste just isn't accurate.
I added the entire subnet which didn't help. The strace did tell me that nothing happens after the call to the proxy. After quite a few different attempts, I have tried to connect to a different server which I happen to know has ssh servers on nearly every port. The corkscrew solution works if I try to ssh to port 21 or 80, it does not work for 22 or anything else. Seems that our proxy will only let traffic out if it's bound for ftp or http ports.
What division do you work within, and who is your manager? If you mail me privately, I'm happy to take this up and get this sorted for you.
On 27 January 2011 08:02, Christian Robottom Reis kiko@linaro.org wrote:
On Wed, Jan 26, 2011 at 09:02:02AM +0100, Mattias Backman wrote:
:~> ssh -v 91.189.90.11 OpenSSH_5.3p1 Debian-3ubuntu4, OpenSSL 0.9.8k 25 Mar 2009 debug1: Reading configuration data /home/ebacmat/.ssh/config debug1: Reading configuration data /etc/ssh/ssh_config debug1: Applying options for * debug1: Connecting to 91.189.90.11 [91.189.90.11] port 22. debug1: connect to address 91.189.90.11 port 22: Connection timed out ssh: connect to host 91.189.90.11 port 22: Connection timed out
:~> ssh -v bazaar.launchpad.net OpenSSH_5.3p1 Debian-3ubuntu4, OpenSSL 0.9.8k 25 Mar 2009 debug1: Reading configuration data /home/ebacmat/.ssh/config debug1: Applying options for *.launchpad.net debug1: Reading configuration data /etc/ssh/ssh_config debug1: Applying options for * debug1: Executing proxy command: exec corkscrew proxy.mydomain.com 8080 bazaar.launchpad.net 22 ~/.auth debug1: permanently_drop_suid: 71419 debug1: identity file /home/ebacmat/.ssh/identity type -1 debug1: identity file /home/ebacmat/.ssh/id_rsa type -1 debug1: identity file /home/ebacmat/.ssh/id_dsa type -1 ssh_exchange_identification: Connection closed by remote host
One thing that I don't quite understand: why did you actually manage to connect in the second session? It points to a configuration problem.. but maybe this paste just isn't accurate.
Just tried to mask some network internals, but perhaps that's silly. Here's what it looks like with strace: steludxu1184:~> strace -f -econnect ssh -v bazaar.launchpad.net connect(3, {sa_family=AF_FILE, path="/var/run/nscd/socket"}, 110) = -1 ENOENT (No such file or directory) connect(3, {sa_family=AF_FILE, path="/var/run/nscd/socket"}, 110) = -1 ENOENT (No such file or directory) OpenSSH_5.3p1 Debian-3ubuntu4, OpenSSL 0.9.8k 25 Mar 2009 debug1: Reading configuration data /home/ebacmat/.ssh/config debug1: Applying options for *.launchpad.net debug1: Reading configuration data /etc/ssh/ssh_config debug1: Applying options for * connect(3, {sa_family=AF_FILE, path="/var/run/nscd/socket"}, 110) = -1 ENOENT (No such file or directory) connect(3, {sa_family=AF_FILE, path="/var/run/nscd/socket"}, 110) = -1 ENOENT (No such file or directory) debug1: Executing proxy command: exec corkscrew lps1.lud.stericsson.com 8080 bazaar.launchpad.net 22 ~/.auth Process 3250 attached debug1: permanently_drop_suid: 71419 Process 3251 attached Process 3251 detached [pid 3250] --- SIGCHLD (Child exited) @ 0 (0) --- [pid 3250] connect(4, {sa_family=AF_FILE, path="/var/run/nscd/socket"}, 110) = -1 ENOENT (No such file or directory) [pid 3250] connect(4, {sa_family=AF_FILE, path="/var/run/nscd/socket"}, 110) = -1 ENOENT (No such file or directory) [pid 3250] connect(4, {sa_family=AF_INET, sin_port=htons(53), sin_addr=inet_addr("10.211.0.100")}, 16) = 0 [pid 3250] connect(3, {sa_family=AF_INET, sin_port=htons(8080), sin_addr=inet_addr("10.211.0.9")}, 16debug1: identity file /home/ebacmat/.ssh/identity type -1 ) = 0 debug1: identity file /home/ebacmat/.ssh/id_rsa type 1 debug1: Checking blacklist file /usr/share/ssh/blacklist.RSA-2048 debug1: Checking blacklist file /etc/ssh/blacklist.RSA-2048 debug1: identity file /home/ebacmat/.ssh/id_dsa type -1 Process 3250 detached --- SIGCHLD (Child exited) @ 0 (0) --- ssh_exchange_identification: Connection closed by remote host
Something hangs forever just after the connect to the proxy (10.211.0.9) until the session returns and I get the error. The same happens to a server which responds to port 21, a long wait but then I get the ssh login prompt.
I added the entire subnet which didn't help. The strace did tell me that nothing happens after the call to the proxy. After quite a few different attempts, I have tried to connect to a different server which I happen to know has ssh servers on nearly every port. The corkscrew solution works if I try to ssh to port 21 or 80, it does not work for 22 or anything else. Seems that our proxy will only let traffic out if it's bound for ftp or http ports.
What division do you work within, and who is your manager? If you mail me privately, I'm happy to take this up and get this sorted for you.
Thank you very much. I'll send you an email right away.
-- Christian Robottom Reis | [+55] 16 9112 6430 | http://launchpad.net/~kiko Linaro Engineering VP | [ +1] 612 216 4935 | http://async.com.br/~kiko
On Tue, 2011-01-25 at 15:20 +0100, Mattias Backman wrote:
On 25 January 2011 14:19, Christian Robottom Reis kiko@linaro.org wrote:
On Tue, Jan 25, 2011 at 12:09:39PM +0100, Mattias Backman wrote:
http://omappedia.org/wiki/Using_bzr_and_launchpad_behind_a_proxy
I have also added an authentication file like so: Host *.launchpad.net ProxyCommand corkscrew <our proxy> 8080 %h %p ~/.auth User <my user>
I guess you've seen http://www.mtu.net/~engstrom/ssh-proxy.php already?
Actually no, the web filter tells me I shouldn't read that... "ACCESS TO THIS CATEGORY OF WEB SITES (Proxy Avoidance;Information Technology) IS DENIED." So if you could paste the content in an email och repost it somewhere else it might be useful to me. :)
At any rate, running an
ssh -v 91.189.90.11
may tell us more about what's happening.
Sure, this the little that happens.
:~> ssh -v 91.189.90.11 OpenSSH_5.3p1 Debian-3ubuntu4, OpenSSL 0.9.8k 25 Mar 2009 debug1: Reading configuration data /home/ebacmat/.ssh/config debug1: Reading configuration data /etc/ssh/ssh_config debug1: Applying options for * debug1: Connecting to 91.189.90.11 [91.189.90.11] port 22. debug1: connect to address 91.189.90.11 port 22: Connection timed out ssh: connect to host 91.189.90.11 port 22: Connection timed out
:~> ssh -v bazaar.launchpad.net OpenSSH_5.3p1 Debian-3ubuntu4, OpenSSL 0.9.8k 25 Mar 2009 debug1: Reading configuration data /home/ebacmat/.ssh/config debug1: Applying options for *.launchpad.net debug1: Reading configuration data /etc/ssh/ssh_config debug1: Applying options for * debug1: Executing proxy command: exec corkscrew proxy.mydomain.com 8080 bazaar.launchpad.net 22 ~/.auth debug1: permanently_drop_suid: 71419 debug1: identity file /home/ebacmat/.ssh/identity type -1 debug1: identity file /home/ebacmat/.ssh/id_rsa type -1 debug1: identity file /home/ebacmat/.ssh/id_dsa type -1 ssh_exchange_identification: Connection closed by remote host
This could be failing because you haven't uploaded your public SSH key to Launchpad yet.
proxy.mydomain.com is of course an alias for our internal proxy.
-- Christian Robottom Reis | [+55] 16 9112 6430 | http://launchpad.net/~kiko Linaro Engineering VP | [ +1] 612 216 4935 | http://async.com.br/~kiko
linaro-dev mailing list linaro-dev@lists.linaro.org http://lists.linaro.org/mailman/listinfo/linaro-dev
On Tue, Jan 25, 2011 at 12:29:51PM -0200, Guilherme Salgado wrote:
This could be failing because you haven't uploaded your public SSH key to Launchpad yet.
True, but he said he's been getting hangs which suggests that the proxy command isn't getting run at all -- it definitely was in his manual ssh though.
On 25 January 2011 15:31, Christian Robottom Reis kiko@canonical.com wrote:
On Tue, Jan 25, 2011 at 12:29:51PM -0200, Guilherme Salgado wrote:
This could be failing because you haven't uploaded your public SSH key to Launchpad yet.
True, but he said he's been getting hangs which suggests that the proxy command isn't getting run at all -- it definitely was in his manual ssh though.
Yes, I tried then to upload my ssh key, but it's true I don't seem to get that far even.
-- Christian Robottom Reis | [+55 16] 3376 0125 | http://launchpad.net/~kiko Canonical Ltd. | [+55 16] 9112 6430 | http://async.com.br/~kiko
On Tue, Jan 25, 2011 at 12:09 PM, Mattias Backman < mattias.backman@linaro.org> wrote:
Hi all,
Anyone able to use bazaar via corkscrew? I have tried the tips in the link below and am able to authenticate to the proxy but only get time outs.
http://omappedia.org/wiki/Using_bzr_and_launchpad_behind_a_proxy
I have also added an authentication file like so: Host *.launchpad.net ProxyCommand corkscrew <our proxy> 8080 %h %p ~/.auth User <my user>
This is specifically the ST-Ericsson network which may be nastier than yours? But any success stories would be nice to hear.
yes, that works for me (behind TI corporate firewall). I actually wrote the instructions on the wiki above. but you need to use the full bzr+ssh:// link as I put on the wiki. i have not been able to use shorthand link using lp: type of link.
Thanks Mattias
linaro-dev mailing list linaro-dev@lists.linaro.org http://lists.linaro.org/mailman/listinfo/linaro-dev
-
Christian Robottom Reis -
Christian Robottom Reis -
Dechesne, Nicolas -
Guilherme Salgado -
Mattias Backman