Community
Participate
Working Groups
Created attachment 236224 [details] gerrit error message While trying to configure Gerrit using the steps from http://wiki.eclipse.org/Orion/How_Tos/Using_Gerrit_in_Orion I get an error message shown in the attached screen shot when I try to do a pull. Orion version: I20131007-2230
This looks like the standard warning message from jsch when you attempt connecting to a host that is not in the known_hosts file. I don't know if there is something different in how gerrit is configured, but I believe we have been able to push to other non-eclipse repositories from orion over ssh without having to manually configure known_hosts. This looks like a case where we should warn, but allow the user to proceed.
(In reply to John Arthorne from comment #1) > This looks like the standard warning message from jsch when you attempt > connecting to a host that is not in the known_hosts file. It's both an Orion issue and Gerrit configuration problem. Gerrit is listening on port 29418 @ git.eclipse.org, however provides a different host key than the standard ssh daemon running on port 22. According to the ssh protocol, known_hosts entries contain, apart from other data, a host name regex which is matched against the canonical host name. Since we implement only the standard and nothing more, we fall into a host key collision there. Gerrit is expecting key G (for Gerrit), however we have only one key S (for ssh client @ port 22). Of course, it's interchangeable - if we would have saved the Gerrit key first, we would get the same error for S. To conclude, we do not have a good support for multiple host keys at one host listening on multiple different ports. A workaround for Michael is to delete his known_hosts while switching from Orion to Gerrit (and vice versa). This could be achieved using 'localStorage.removeItem('known_hosts');'. Looking at how OpenSSH deals with this problem I think we could do something similar. Instead of keeping one known_hosts entry in local storage we should keep a set of equivalent entries with port numbers. Each time we need to send known_hosts to the server, we should fetch the correct entry from LS. To make life easier, we could assume that in case of missing entries for non-standard ports we send the 'main' 22 one. John, what do you think? Regardless, I tried to fetch from the Gerrit orion.client and was unable to authenticate. Does anyone else has the same problem?
That is true that our localStorage known hosts store only keeps standard host:key pairs, so for for git.eclipse.org it looks like this: git.eclipse.org ssh-rsa ... While my local known hosts used by Eclipse looks like this: git.eclipse.org ssh-rsa ... [git.eclipse.org]:29418 ssh-rsa ... Different keys for the same domain, but different ports.
It sure would be nice to get this fixed so I can use Orion as part of the Eclipse Gerrit workflow.
(In reply to Simon Kaegi from comment #4) > It sure would be nice to get this fixed so I can use Orion as part of the > Eclipse Gerrit workflow. +1, as a non-committer it is a huge pain to have to create patches so that I can push to Gerrit from non-Orion tooling.
Fixed with: http://git.eclipse.org/c/orion/org.eclipse.orion.client.git/commit/?id=ddfff07eb0a16a5c1aa32a3e295f004989d38f64 Turns out there was another issue related to known_hosts, i. e. known_host were shared among same browser users. If you logged in as user A, added a host key K, logged out and signed in as another user B - you were not asked for K anymore. Also fixed in the same commit. In order to use the new known_hosts storage, you need to clear your local storage.