ssh woes on windows

John Arbash Meinel john at arbash-meinel.com
Sat Jun 28 03:42:32 BST 2008 

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Mark Hammond wrote:
| I'm having a couple of ssh issues with the bzr binary I'm putting together
| and I need some feedback on how to proceed.
|
| Background for non-Windows users: Putty is a suite of SSH related
tools for
| Windows, of which we reference 2 parts - 'plink.exe', which is basically a
| replacement for the 'ssh' executable, and 'pagaent.exe', which is
basically
| a replacement for ssh-agent (ie, a daemon which loads your SSH keys and
| makes them available to plink.exe etc for passwordless logins.)  I don't
| believe anything discussed here is specific to putty - it would also apply
| using ssh on Windows.
|
| By default, bzr will prefer to use ssh.exe or Putty's plink.exe over
| Paramiko.  A problem I'm having though is that Putty is unable to
connect to
| Launchpad, with or without my SSH keys loaded:
|
| % plink bazaar.launchpad.net -l mhammond
| | Using username "mhammond".
| | No supported authentication methods left to try!
|
| I believe this is the expected behaviour (ie, it is expected that you
can't
| establish an ssh connection even when Launchpad has your ssh keys.)
|
| As a result, when I attempt to push to Launchpad via a bzr+ssh: protocol,
| this is what I see:
|
| % push -v bzr+ssh://mhammond@bazaar.launchpad.net/~mhammond/+junk/test
| | No supported authentication methods left to try!
| | bzr: ERROR: Connection closed: please check connectivity and permissions
| (and try -Dhpss if further diagnosis is required)
|
| And .bzr.log shows:
|
| | 0.393  ssh implementation is Putty's plink.
| | 0.394  spawning ['plink', '-x', '-a', '-ssh', '-2', ...]
| | 3.337  Traceback (most recent call last):
| ...
| |  File "D:\src\bazaar\bzr.dev\bzrlib\smart\message.py", line 247, in
| _read_more
| | ConnectionReset: Connection closed: please check connectivity and
| permissions (and try -Dhpss if further diagnosis is required)
|
| [NOTE: the line starting with 'spawning' came from a mutter() line I added
| in ssh.py]
|
| However, if I force paramiko:
|
| % set BZR_SSH=paramiko
| % bzr push -v bzr+ssh://mhammond@bazaar.launchpad.net/~mhammond/+junk/test
| | Connected (version 2.0, client Twisted)
| | Authentication (publickey) failed.
| | Authentication (publickey) failed.
| | Authentication (publickey) successful!
| | ... it works
|
| Note that if my SSH public key is not loaded, I only see *one*
| 'Authentication (publickey) failed.' - so it seems my key is one of
the ones
| that is failing, which is consistent with plink being unable to connect
| using that key.  I'm not sure where the successful key is coming from
| though, but I assume this is also all expected behaviour.
|
| Digging into paramiko, it seems that already has code that knows how
to get
| the key from pageant.  In this case, that key isn't needed to connect, but
| if it was, I expect that paramiko would still work.  So, that implies
| paramiko should work everywhere plink does, but we can demonstrate that
| using plink doesn't work everywhere paramiko does.
|
| IMO it is probably not acceptable that bzr doesn't work "out of the box"
| using ssh against Launchpad, even if the fix is setting an environment
| variable.  Any thoughts on the best way to resolve this?  I'm leaning
| towards making paramiko the default ssh agent, but I understand it
might not
| be that simple - eg, bug https://bugs.launchpad.net/bzr/+bug/229679 shows
| plink support is very important to some people, but its not clear if
| paramiko didn't work for them, or it simply wasn't installed, or even
| possibly an older version that doesn't talk to putty?
|
| Any thoughts on how to set things up?
|
| Mark
|

I thought at one point we disabled plink from being autodetected because
we can't pass it a password. Was the previous autodetect behavior restored?

Put another way, we disabled plink unless people explicitly requested
it, in favor of always using paramiko (since it can talk to pageant
anyway). I don't know why this would have changed.

And I thought you always need an ssh-key to connect to launchpad. Not
for the xmlrpc stuff, but for bzr+ssh/sftp Launchpad doesn't allow
passwords.

John
=:->

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (Cygwin)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org

iEYEARECAAYFAkhlpRgACgkQJdeBCYSNAAOldwCfRoUUSuV2AcJnpHQrQD8q3noG
ZdwAoJX6bjvXLgT3OHcbjzuiY45kybeh
=BIKu
-----END PGP SIGNATURE-----

More information about the bazaar mailing list