Ask Your Question
0

Need help on Git over SSH or HTTPS

asked 2020-08-12 01:21:18 +0000

wiresharkyyh gravatar image

updated 2020-08-12 07:11:37 +0000

grahamb gravatar image

I am new contributor to wireshark. I cloned the code on windows from the anonymous git URL, did some changes locally and now am trying to submit the change. I am following 3.3.1. Git over SSH or HTTPS in https://www.wireshark.org/docs/wsdg_h..., but I couldn't clone the repository successfully.

I followed below steps and added the public key on https://code.wireshark.org/review/#/s...

From the Terminal or Git Bash, run ssh-keygen
Confirm the default path .ssh/id_rsa
Enter a passphrase (recommended) or leave it blank.
Remember this passphrase, as you will need it to unlock the key whenever you use it.
Open ~/.ssh/id_rsa.pub and copy & paste the contents into the box below, then click on "Add".
Note that id_rsa.pub is your public key and can be shared, while id_rsa is your private key and should be kept secret.

When generating the key, I left the passphrase blank. However, after all over this, when I run:

git clone ssh://[email protected]:29418/wireshark
Cloning into 'wireshark'...
The authenticity of host '[code.wireshark.org]:29418 ([2600:1f16:cb1:530b::65]:29418)' can't be established.
ECDSA key fingerprint is SHA256:UTO4rPCBD3QnRVN05Zt5ky2AZS9fasdfasYuU.
Are you sure you want to continue connecting (yes/no/[fingerprint])?

What else I need try to clone successfully? Thanks very much.

edit retag flag offensive close merge delete

Comments

Graham, Jaap, thanks very much for you help. I continued with yes, although it failed afterwards as below, it succeeded after I run clone command again in a new console.

Are you sure you want to continue connecting (yes/no/[fingerprint])? yes
Warning: Permanently added '[code.wireshark.org]:29418,[2600:1f16:cb1:530b::65]:29418' (ECDSA) to the list of known hosts.
ssh_dispatch_run_fatal: Connection to 2600:1f16:cb1:530b::65 port 29418: Broken pipe
fatal: Could not read from remote repository.

Please make sure you have the correct access rights
and the repository exists.
wiresharkyyh gravatar imagewiresharkyyh ( 2020-08-12 22:59:02 +0000 )edit

2 Answers

Sort by ยป oldest newest most voted
0

answered 2020-08-12 08:49:48 +0000

grahamb gravatar image

As this is the first time your client has connected has connected to the Wireshark code repository over ssh, your client has no means of determining if the remote end is what it thinks it is, hence this warning message. See this Super User question here.

Simply type "yes" (without the quotes) to accept that host key fingerprint, I have confirmed myself it's correct.

edit flag offensive delete link more

Comments

You can test your ssh setup using ssh -T -p 29418 [email protected], this should give output similar to:

 > ssh -T -p 29418 [email protected]

  ****    Welcome to Gerrit Code Review    ****

  Hi xxx, you have successfully connected over SSH.

  Unfortunately, interactive shells are disabled.
  To clone a hosted Git repository, use:

  git clone ssh://[email protected]:29418/REPOSITORY_NAME.git

Note that you might have to supply the path to ssh if you're using the Git supplied version, in which case it's likely to be C:\Program Files\Git\usr\bin\ssh.exe.

Personally I find it easier to use the Microsoft port of OpenSSH and to enable and start the ssh-agent service to hold your keys. OpenSSH is available on Window 10 from version 1809 onwards.

grahamb gravatar imagegrahamb ( 2020-08-13 07:57:02 +0000 )edit
0

answered 2020-08-12 07:35:36 +0000

Jaap gravatar image

You are on the right track, but need to clear one hurdle first. What's happening is that you've used the code.wireshark.org web interface (identified by the certificate) to setup your account with your public key. That allows code.wireshark.org to identify YOU when you make an SSH connection using the secret key matching the public key.

What you see now is that you're making an SSH connection but cannot be sure with whom. There is no certificate as with the web interface. What is there is the SSH server public key. If you've never contacted this SSH server before you're asked to verify the fingerprint of this server public key. How can you know the fingerprint? Usually this is published via some other means, e.g. the website. I can't really find it, but my scan of the server reveals:

jaap@host:~$ ssh-keyscan -6 -p 29418 -t ecdsa code.wireshark.org | ssh-keygen -l -f - 
# code.wireshark.org:29418 SSH-2.0-GerritCodeReview_2.14.11 (SSHD-CORE-1.4.0)
256 SHA256:UTO4rPCBD3QnRMX68UDb1wRk5RVN05Zt5ky2AZS9YuU [code.wireshark.org]:29418 (ECDSA)

So that looks okay to me.

What to do? Answer the question 'continue connecting' with yes. This will store the server key for the next time, and alert you if it ever changes (it shouldn't). Then you know the SSH server is the server you expect it to be, and the server knows who you are, so you can clone, pull, push as you wish.

edit flag offensive delete link more

Your Answer

Please start posting anonymously - your entry will be published after you log in or create a new account.

Add Answer

Question Tools

Stats

Asked: 2020-08-12 01:21:18 +0000

Seen: 657 times

Last updated: Aug 12 '20