Received: by 10.68.227.230 with SMTP id sd6mr7419159pbc.8.1335485667094;
        Thu, 26 Apr 2012 17:14:27 -0700 (PDT)
X-BeenThere: repo-discuss@googlegroups.com
Received: by 10.68.223.72 with SMTP id qs8ls3723847pbc.6.gmail; Thu, 26 Apr
 2012 17:14:24 -0700 (PDT)
Received: by 10.68.189.105 with SMTP id gh9mr352791pbc.0.1335485664738;
        Thu, 26 Apr 2012 17:14:24 -0700 (PDT)
Date: Thu, 26 Apr 2012 17:14:24 -0700 (PDT)
From: shaheen <visig...@gmail.com>
To: repo-discuss@googlegroups.com
Cc: shaheen <visig...@gmail.com>
Message-ID: <7985980.1063.1335485664046.JavaMail.geo-discussion-forums@pbsw19>
In-Reply-To: <CAH+XAAoRcuSUsUt_92tXueLJihLbvm8fKr_x5MYKjnVxoMyFkg@mail.gmail.com>
References: <5657146.5.1335127565991.JavaMail.geo-discussion-forums@pbtd9>
 <CAH+XAAoRcuSUsUt_92tXueLJihLbvm8fKr_x5MYKjnVxoMyFkg@mail.gmail.com>
Subject: Re: gerrit peer host key ring?
MIME-Version: 1.0
Content-Type: multipart/mixed; 
	boundary="----=_Part_1061_18673521.1335485664026"

------=_Part_1061_18673521.1335485664026
Content-Type: multipart/alternative; 
	boundary="----=_Part_1062_11275338.1335485664026"

------=_Part_1062_11275338.1335485664026
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 7bit

thanks for the clarification.  i've added the public key in etc/peer_keys 
and restarted gerrit.  i have to assume that gerrit actually read it.

i tried logging in using the private key as Gerrit Code Review and i wasn't 
able to do so.  here's the command i tried.  should i have expected this to 
work?

ssh -v -p 29418 -l "Gerrit Code Review" -i /tmp/gerrit_peer_key localhost
debug1: Next authentication method: publickey
debug1: Offering public key: /tmp/gerrit_peer_key
debug1: Authentications that can continue: publickey
debug1: No more authentication methods to try.
Permission denied (publickey).

On Monday, April 23, 2012 1:19:22 AM UTC, Shawn Pearce wrote:
>
> > the suexec documentation mentions gerrit's peer host key ring.  what does
> > this mean?  i understand the use of the host key itself, but how do i get
> > gerrit to trust access from a different machine without using the same 
> key
> > on both of them?
>
> Its just a text file in $SITE_PATH/etc/peer_keys in the OpenSSH
> authorized_keys file format, that is one public key per line.
>

------=_Part_1062_11275338.1335485664026
Content-Type: text/html; charset=utf-8
Content-Transfer-Encoding: quoted-printable

thanks for the clarification. &nbsp;i've added the public key in etc/peer_k=
eys and restarted gerrit. &nbsp;i have to assume that gerrit actually read =
it.<div><br></div><div>i tried logging in using the private key as Gerrit C=
ode Review and i wasn't able to do so. &nbsp;here's the command i tried. &n=
bsp;should i have expected this to work?</div><div><br></div><div>ssh -v -p=
 29418 -l "Gerrit Code Review" -i /tmp/gerrit_peer_key localhost</div><div>=
<div>debug1: Next authentication method: publickey</div><div>debug1: Offeri=
ng public key: /tmp/gerrit_peer_key</div><div>debug1: Authentications that =
can continue: publickey</div><div>debug1: No more authentication methods to=
 try.</div><div>Permission denied (publickey).</div><br>On Monday, April 23=
, 2012 1:19:22 AM UTC, Shawn Pearce wrote:<blockquote class=3D"gmail_quote"=
 style=3D"margin: 0;margin-left: 0.8ex;border-left: 1px #ccc solid;padding-=
left: 1ex;">&gt; the suexec documentation mentions gerrit's peer host key r=
ing. &nbsp;what does<br>&gt; this mean? &nbsp;i understand the use of the h=
ost key itself, but how do i get<br>&gt; gerrit to trust access from a diff=
erent machine without using the same key<br>&gt; on both of them?<p>Its jus=
t a text file in $SITE_PATH/etc/peer_keys in the OpenSSH<br>authorized_keys=
 file format, that is one public key per line.<br></p></blockquote></div>
------=_Part_1062_11275338.1335485664026--

------=_Part_1061_18673521.1335485664026--