[Savannah-help-public] Public key authentication for sftp/scp/rsync access to DownloadArea.

[slinger soul]

Hello.

I've been trying to upload files to the DownloadArea of my newly created project on savannah(nongnu), called "ReCaged". My account name is "Slinger" and I've created SSH private/public keys and added the public key to my savannah account.

The thing is, I'm able to successfully use cvs (for web pages and code hosting), git (code hosting) and even ssh to "cvs.savannah.gnu.org" (which of course does not allow an interactive shell and throws me out, as it should) using my ssh key.


But when I try to use sftp/scp/rsync I get a "Permission denied (publickey).".




The following is the output from sftp:

# sftp -v address@hidden:/releases/recaged/

OpenSSH_5.5p1 Debian-6, OpenSSL 0.9.8o 01 Jun 2010
debug1: Reading configuration data /home/slinger/.ssh/config
debug1: Reading configuration data /etc/ssh/ssh_config
debug1: Applying options for *
debug1: Connecting to dl.sv.nongnu.org [140.186.70.73] port 22.
debug1: Connection established.
debug1: identity file /home/slinger/.ssh/id_rsa type 1
debug1: Checking blacklist file /usr/share/ssh/blacklist.RSA-2048
debug1: Checking blacklist file /etc/ssh/blacklist.RSA-2048
debug1: identity file /home/slinger/.ssh/id_rsa-cert type -1
debug1: Remote protocol version 2.0, remote software version OpenSSH_5.5p1 Debian-6
debug1: match: OpenSSH_5.5p1 Debian-6 pat OpenSSH*
debug1: Enabling compatibility mode for protocol 2.0
debug1: Local version string SSH-2.0-OpenSSH_5.5p1 Debian-6
debug1: SSH2_MSG_KEXINIT sent
debug1: SSH2_MSG_KEXINIT received
debug1: kex: server->client aes128-ctr hmac-md5 none
debug1: kex: client->server aes128-ctr hmac-md5 none
debug1: SSH2_MSG_KEX_DH_GEX_REQUEST(1024<1024<8192) sent
debug1: expecting SSH2_MSG_KEX_DH_GEX_GROUP
debug1: SSH2_MSG_KEX_DH_GEX_INIT sent
debug1: expecting SSH2_MSG_KEX_DH_GEX_REPLY
debug1: Host 'dl.sv.nongnu.org' is known and matches the RSA host key.
debug1: Found key in /home/slinger/.ssh/known_hosts:6
debug1: ssh_rsa_verify: signature correct
debug1: SSH2_MSG_NEWKEYS sent
debug1: expecting SSH2_MSG_NEWKEYS
debug1: SSH2_MSG_NEWKEYS received
debug1: Roaming not allowed by server
debug1: SSH2_MSG_SERVICE_REQUEST sent
debug1: SSH2_MSG_SERVICE_ACCEPT received
debug1: Authentications that can continue: publickey
debug1: Next authentication method: publickey
debug1: Offering public key: /home/slinger/.ssh/id_rsa
debug1: Authentications that can continue: publickey
debug1: No more authentication methods to try.
Permission denied (publickey).
Couldn't read packet: Connection reset by peer




And the following is when ssh logging into savannah (which does work, but is here if it's of any use):

# ssh -v address@hidden

OpenSSH_5.5p1 Debian-6, OpenSSL 0.9.8o 01 Jun 2010
debug1: Reading configuration data /home/slinger/.ssh/config
debug1: Reading configuration data /etc/ssh/ssh_config
debug1: Applying options for *
debug1: Connecting to cvs.savannah.gnu.org [140.186.70.72] port 22.
debug1: Connection established.
debug1: identity file /home/slinger/.ssh/id_rsa type 1
debug1: Checking blacklist file /usr/share/ssh/blacklist.RSA-2048
debug1: Checking blacklist file /etc/ssh/blacklist.RSA-2048
debug1: identity file /home/slinger/.ssh/id_rsa-cert type -1
debug1: Remote protocol version 2.0, remote software version OpenSSH_5.5p1 Debian-6
debug1: match: OpenSSH_5.5p1 Debian-6 pat OpenSSH*
debug1: Enabling compatibility mode for protocol 2.0
debug1: Local version string SSH-2.0-OpenSSH_5.5p1 Debian-6
debug1: SSH2_MSG_KEXINIT sent
debug1: SSH2_MSG_KEXINIT received
debug1: kex: server->client aes128-ctr hmac-md5 none
debug1: kex: client->server aes128-ctr hmac-md5 none
debug1: SSH2_MSG_KEX_DH_GEX_REQUEST(1024<1024<8192) sent
debug1: expecting SSH2_MSG_KEX_DH_GEX_GROUP
debug1: SSH2_MSG_KEX_DH_GEX_INIT sent
debug1: expecting SSH2_MSG_KEX_DH_GEX_REPLY
debug1: Host 'cvs.savannah.gnu.org' is known and matches the RSA host key.
debug1: Found key in /home/slinger/.ssh/known_hosts:4
debug1: ssh_rsa_verify: signature correct
debug1: SSH2_MSG_NEWKEYS sent
debug1: expecting SSH2_MSG_NEWKEYS
debug1: SSH2_MSG_NEWKEYS received
debug1: Roaming not allowed by server
debug1: SSH2_MSG_SERVICE_REQUEST sent
debug1: SSH2_MSG_SERVICE_ACCEPT received
debug1: Authentications that can continue: publickey
debug1: Next authentication method: publickey
debug1: Offering public key: /home/slinger/.ssh/id_rsa
debug1: Server accepts key: pkalg ssh-rsa blen 279
debug1: Authentication succeeded (publickey).
debug1: channel 0: new [client-session]
debug1: Requesting address@hidden
debug1: Entering interactive session.
debug1: Sending environment.
debug1: Sending env LANG = sv_SE.UTF-8
Linux vcs.savannah.gnu.org 2.6.32-5-xen-686 #1 SMP Wed Mar 9 01:27:54 UTC 2011 i686

Interactive shell login is not possible for security reasons.
VCS commands are allowed.
Last login: Sun Aug  7 17:43:16 2011 from 217.208.13.111
debug1: client_input_channel_req: channel 0 rtype exit-status reply 0
debug1: client_input_channel_req: channel 0 rtype address@hidden reply 0
You tried to execute: 
Sorry, you are not allowed to execute that command.
debug1: channel 0: free: client-session, nchannels 1
Connection to cvs.savannah.gnu.org closed.
Transferred: sent 2648, received 2360 bytes, in 0.2 seconds
Bytes per second: sent 10626.0, received 9470.3
debug1: Exit status 1




If I understand it correctly (but I'm a complete novice on this area), this could indicate that the daemon handling sftp/scp/rsync for the DownloadArea (release/<project>) doesn't have my public key (unlike the other daemons). I've tried logging in (with different keys) on two different systems running debian testing and one running debian stable (squeeze). Is this a problem on the savannah server(s) or am I doing some really embarrassing mistake when trying to connect?

Anyway, thanks for you time!

/Mats Wahlberg