Trying to setup replication from gerrit to my github repo. Getting this stacktrace:
[2011-09-20 00:11:58,470] ERROR com.google.gerrit.server.git.PushReplication : Cannot replicate to git#github.com:myuser/myrepo.git
org.eclipse.jgit.errors.TransportException: git#github.com:myuser/myrepo.git: Session.connect: java.net.SocketTimeoutException: Read timed out
at org.eclipse.jgit.transport.JschConfigSessionFactory.getSession(JschConfigSessionFactory.java:138)
at org.eclipse.jgit.transport.SshTransport.getSession(SshTransport.java:121)
at org.eclipse.jgit.transport.TransportGitSsh$SshFetchConnection.(TransportGitSsh.java:248)
at org.eclipse.jgit.transport.TransportGitSsh.openFetch(TransportGitSsh.java:147)
at com.google.gerrit.server.git.PushOp.listRemote(PushOp.java:358)
at com.google.gerrit.server.git.PushOp.generateUpdates(PushOp.java:312)
at com.google.gerrit.server.git.PushOp.pushVia(PushOp.java:258)
at com.google.gerrit.server.git.PushOp.runImpl(PushOp.java:213)
at com.google.gerrit.server.git.PushOp.run(PushOp.java:166)
at java.util.concurrent.Executors$RunnableAdapter.call(Executors.java:441)
at java.util.concurrent.FutureTask$Sync.innerRun(FutureTask.java:303)
at java.util.concurrent.FutureTask.run(FutureTask.java:138)
at java.util.concurrent.ScheduledThreadPoolExecutor$ScheduledFutureTask.access$301(ScheduledThreadPoolExecutor.java:98)
at java.util.concurrent.ScheduledThreadPoolExecutor$ScheduledFutureTask.run(ScheduledThreadPoolExecutor.java:206)
at com.google.gerrit.server.git.WorkQueue$Task.run(WorkQueue.java:324)
at java.util.concurrent.ThreadPoolExecutor$Worker.runTask(ThreadPoolExecutor.java:886)
at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:908)
at java.lang.Thread.run(Thread.java:662)
Caused by: com.jcraft.jsch.JSchException: Session.connect: java.net.SocketTimeoutException: Read timed out
at com.jcraft.jsch.Session.connect(Session.java:504)
at org.eclipse.jgit.transport.JschConfigSessionFactory.getSession(JschConfigSessionFactory.java:128)
My config files are as follows:
replication.config:
[remote "github"]
url = git#github.com:myuser/${name}.git
push = +refs/heads/*:refs/heads/*
push = +refs/tags/*:refs/tags/*
timeout = 5
replicationDelay = 0
authGroup = Administrators
secure.config:
[database]
password = secret
[ssh]
file = /home/gerrit2/.ssh/config
.ssh/config:
Host github.com:
IdentityFile ~/.ssh/id_rsa
PreferredAuthentications publickey
I tried running
ssh -i etc/ssh_host_dsa_key git#github.com
ssh -i etc/ssh_host_rsa_key git#github.com
ssh -i ~/.ssh/id_rsa git#github.com
ssh -i ~/.ssh/id_dsa git#github.com
and was able to "hit" github so the keys are imported OK, not sure what the problem is,
any suggestions appreciated.
As the name of the exception SocketTimeoutException says (and its documentation details):
Signals that a timeout has occurred on a socket read or accept.
Looking in the documentation of Gerrit's replication.config:
remote.<name>.timeout
Number of seconds to wait for a network read or write to complete before giving up and declaring the remote side
is not responding. If 0, there is no timeout, and the push client waits indefinitely.
A timeout should be large enough to mostly transfer the objects to the other side. 1 second may be too small
for larger projects, especially over a WAN link, while 10-30 seconds is a much more reasonable timeout value.
Defaults to 0 seconds, wait indefinitely.
Your value is 5 seconds, you could try it with a larger value instead.
(The problem is only indirectly related to JSch - JSch's Session.connect(int) will simply take the timeout parameter and pass it on to the Socket it creates. That reminds me that I should document which unit this timeout is for JSch - seconds or milliseconds.)
Related
I'm trying to execute multiple SSH connection to one host but after 20 connections I've got disconnected without any particular reason.
Example test
for i in {1..30}; do ssh user#host & done
First 20 connection are ok but rest got:
kex_exchange_identification: read: Connection reset by peer
And at that time I cannot do ssh to that host for aprox few seconds.
I've tried a lot of configuration changes to /etc/ssh/sshd_config
Like:
MaxStartups
MaxSessions
ClientAliveCountMax
but nothing helps.
I'm trying to create a node on a remote host(I've already created a domain).
I'm running the command:
asadmin -p <port_number> create-node-ssh --nodehost <remote_hostname> --installdir <glassfish_installed_dir_path> <node_name>
and getting the following error everytime:
remote failure: Warning: some parameters appear to be invalid.
SSH node not created. To force creation of the node with these parameters rerun the command using the --force option.
Could not connect to host <hostname> using SSH.
There was a problem while connecting to <hostname>:22
Key exchange was not finished, connection is closed.
Command create-node-ssh failed.
From the error it seems that there is some connection problem. But I can ssh to the target server and I'm using the same key_pair.
After searching for some solution (link1, link2) I found that trying to login through ssh without password could solve this.
But no luck. Now I can ssh to & from the target server without password as well. But this issue is still there.
What should I check for, in order to resolve this ?
Let me know if I'm missing out anything.
Can you try to start sshd daemon in debug mode to a different port at the remote node host:
sudo sshd -D -d -e -p 23
and try create-node-ssh command against that ssh port?:
asadmin -p <port_number> create-node-ssh --nodehost <remote_hostname> --installdir <glassfish_installed_dir_path> --sshport 23 <node_name>
I had an issue regarding glassfish ssh exchange keys because of ssh newer versions deprecating older algorithms:
Unable to negotiate with X.X.X.X port XXXXX: no matching key exchange method found. Their offer: diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1 [preauth]
My solution was to add legacy keys to /etc/ssh/sshd_config:
KexAlgorithms +diffie-hellman-group1-sha1
Ciphers +aes128-cbc
Even if this is not your case, sshd debug will surelly give you more information.
Let me explain my very strange problem. I have one server (Linux Debian Jessie) which had access to my git repository on gitlab.com
Two days ago, I tried to pull some modifications on this server with a simple git pull. I received an error message :
ssh: connect to host gitlab.com port 22: Connection timed out
Si I have done some tests
1. TELNET
To understand why, I have tried a telnet on 22 port = TIMEOUT
2. IPTABLES
I checked my iptables to be sure that SSH port was allowed. It is. If I try a telnet on another service for example like github.com, it works. So I'm allowed in OUTPUT on this port.
3. PING
I thought a ip translation problem. I have done a ping, I obtain this message :
PING 104.210.2.228 (104.210.2.228) 56(84) bytes of data.
--- 104.210.2.228 ping statistics ---
87 packets transmitted, 0 received, 100% packet loss, time 86534ms
4. FAIL2BAN
I use fail2ban, so I have checked if gitlab was in jail address, but it seems not.
So my problem is that I can't reach gitlab.com
If I try from my local machine or from another server, I don't have this problem. It works.
I can't reach gitlab.com only from this server but I don't know why. Maybe someone has an idea which cans be very precious to help me ?
Probably some modification of firewall caused this. For a quick solution use http protocol instead of ssh. Change your url in the git config file to http.
git config --local -e
change entry of
url = git#gitlab.com:username/repo.git , to
url = https://gitlab.com/username/repo.git
You need to give your username and password to authenticate yourself while making a push or pull though as it's http based.
I have to connect to many server machines by ssh into them.
But if I didn't use terminal for some time, connections are getting disconnected. Now I have to close my terminal and login again with ssh.
Are there any plugins which does help me in this case?
I think there are built in functions in ssh solving your purpose.
From man ssh_config:
ServerAliveInterval
Sets a timeout interval in seconds after which if no data has been received from the server, ssh(1) will send a message through the encrypted channel to request a response from the server. The default is 0, indicating that these messages will not be sent to the server. This option applies to protocol version 2 only.
By default, keep alives are disabled but you can enable them for a single connection by passing the ServerAliveInterval-Parameter with the -o Option:
ssh -oServerAliveInterval=<time in seconds> <rest of your ssh command arguments>
If you like having this configuration for all of your SSH connections. It's easier to put the following in your ~/.ssh/config:
Host *
ServerAliveInterval <time in seconds>
Furthermore there is a second parameter affecting the keep-alive-behaviour: ServerAliveCountMax (see man ssh_config).
I've found a nice article about the ServerAlive-Parameter: How to Keep Alive SSH Sessions
everyday I encounter a very strange phenomenon.
From my university internet connection, sshing to my machine ("ssh example.com") works without any problems.
From my home adsl, "ssh example.com" my console gets stuck with this message:
debug1: Server accepts key: pkalg ssh-rsa blen 533
debug1: Enabling compression at level 6.
debug1: Authentication succeeded (publickey).
debug1: channel 0: new [client-session]
debug1: Requesting no-more-sessions#openssh.com
debug1: Entering interactive session.
Sometimes it might let me in but in most of the cases not.
The funny thing is that if I execute "ssh example.com bash -i" I get logged in immediately.
I finally found the source of the problem. It has to do with SSH type of service (ToS) TCP packets.
When you ask for a regular ssh teminal, ssh sets the TCP packet type of service (ToS) to "interactive". My router in my residence blocks those packet types!
Using netcat, the tunneled TCP packets get no type of service directives. Thus, if you tunnel all your ssh traffic through netcat, you reset the ToS of the TCP packets to the default ones.
In .ssh/config, you have to set:
Host *.example.com
ProxyCommand nc %h %p
So, each time you try to ssh to example.com, netcat will be called and will tunnel the packets.
As of OpenSSH 5.7, you can just add this to your ssh config file (either ~/.ssh/config or /etc/ssh/ssh_config):
Host *
IPQoS 0x00
This is a more-direct way to work around the problem Asterios identified.
I've just had the same problem. Try logging in with a different ssh client for more information. Whereas the linux command-line client didn't come back with any useful message, Putty came back with "server refused to allocate pty". I fixed it with mkdir /dev/pts and mount -a. How it got that mucked up in the first place I'm less sure about.
BTW, bash -l should act like a login shell so you should be able to prove Peter Westlake's suggestion correct or incorrect in your case fairly easily.
The difference between the two cases is that "bash -i" does not give you a login shell but just running ssh does. You can "man bash" for details of what a "login shell" is, but the main thing is that it runs /etc/profile and your .bash_profile. Have a look in those files for anything that might be causing a problem.
Maybe the server is out of ptys.