Why there is no ssh_host_key_dsa in review_site/etc

325 views
Skip to first unread message

Ping Yin

unread,
May 31, 2011, 7:10:08 AM5/31/11
to repo-discuss
I want to run suexec command, however, i can't find ssh_host_key_dsa. What's wrong with my setup?

review_site/etc$ ls
gerrit.config  mail  replication.config  secure.config  ssh_host_key

the gerrit version is 2.1.6.1, having run normally for a long time.

Shawn Pearce

unread,
May 31, 2011, 10:57:39 AM5/31/11
to Ping Yin, repo-discuss

You didn't use BouncyCastle when you setup the server, so it had to
use the MINA SSHD custom format for the host key. Both the public and
private halves are stored in the "ssh_host_key" file using a Java
serialization format.

Instead generate your own key pair using ssh-key-gen and add the
public half to the $site_dir/etc/peer_keys files using the standard
OpenSSH authorized_keys file format (one public key per line). The
server will automatically load this file when created/modified, there
isn't a need to restart it when you add keys to it.

Ping Yin

unread,
May 31, 2011, 10:12:47 PM5/31/11
to Shawn Pearce, repo-discuss

It doesn't work

WARN com.google.gerrit.sshd.DatabasePubKeyAuth : Invalid key in
/home/gerrit2/review_site/etc/peer_keys:
ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDTzewbK3HOOc18ru7NoQu1cGM5ElsvYdcS1rM7L2qPp90kRaHlrGMZFx/e6Y0OVrvDy16662MSgMcfnf/xhsQekNsUyrJzXMGujzsnMGB/LPbJK/j8OXJz/BDZnkPtvRfCvmb5ZnVC20lPHOK8jlaBmnNKLwpNto1b/0x5B79iNWrtcVRBPBPkXHfjXQbePboh9nUvscSs5nVcBrssA0k56hh9EDBZIkiSyUwzfPd+QBHQaPlKz87dVUgHMyXcr12FzeVRkAHNwkNsoa8WTiniG/7zdNG260xJXeWSvoWtjynqfyvKn49ieAyRrHMrVdI179uwMYv6loiinMxaM25z
java.lang.IllegalStateException: Bad item length: -1295483218
at org.apache.sshd.common.util.Buffer.getString(Buffer.java:176)
at org.apache.sshd.common.util.Buffer.getRawPublicKey(Buffer.java:230)
at com.google.gerrit.sshd.DatabasePubKeyAuth$PeerKeyCache.read(DatabasePubKeyAuth.java:236)
at com.google.gerrit.sshd.DatabasePubKeyAuth$PeerKeyCache.<init>(DatabasePubKeyAuth.java:219)
at com.google.gerrit.sshd.DatabasePubKeyAuth$PeerKeyCache.reload(DatabasePubKeyAuth.java:265)
at com.google.gerrit.sshd.DatabasePubKeyAuth.getPeerKeys(DatabasePubKeyAuth.java:149)
at com.google.gerrit.sshd.DatabasePubKeyAuth.authenticate(DatabasePubKeyAuth.java:99)
at org.apache.sshd.server.auth.UserAuthPublicKey.auth(UserAuthPublicKey.java:71)
at org.apache.sshd.server.session.ServerSession.userAuth(ServerSession.java:350)
at org.apache.sshd.server.session.ServerSession.handleMessage(ServerSession.java:193)
at org.apache.sshd.common.session.AbstractSession.decode(AbstractSession.java:522)
at org.apache.sshd.common.session.AbstractSession.messageReceived(AbstractSession.java:225)
at org.apache.sshd.common.AbstractSessionIoHandler.messageReceived(AbstractSessionIoHandler.java:58)
at org.apache.mina.core.filterchain.DefaultIoFilterChain$TailFilter.messageReceived(DefaultIoFilterChain.java:716)
at org.apache.mina.core.filterchain.DefaultIoFilterChain.callNextMessageReceived(DefaultIoFilterChain.java:434)
at org.apache.mina.core.filterchain.DefaultIoFilterChain.access$1200(DefaultIoFilterChain.java:46)
at org.apache.mina.core.filterchain.DefaultIoFilterChain$EntryImpl$1.messageReceived(DefaultIoFilterChain.java:796)
at org.apache.mina.core.filterchain.IoFilterAdapter.messageReceived(IoFilterAdapter.java:119)
at org.apache.mina.core.filterchain.DefaultIoFilterChain.callNextMessageReceived(DefaultIoFilterChain.java:434)
at org.apache.mina.core.filterchain.DefaultIoFilterChain.fireMessageReceived(DefaultIoFilterChain.java:426)
at org.apache.mina.core.polling.AbstractPollingIoProcessor.read(AbstractPollingIoProcessor.java:692)
at org.apache.mina.core.polling.AbstractPollingIoProcessor.process(AbstractPollingIoProcessor.java:645)
at org.apache.mina.core.polling.AbstractPollingIoProcessor.process(AbstractPollingIoProcessor.java:634)
at org.apache.mina.core.polling.AbstractPollingIoProcessor.access$400(AbstractPollingIoProcessor.java:66)
at org.apache.mina.core.polling.AbstractPollingIoProcessor$Processor.run(AbstractPollingIoProcessor.java:1078)
at org.apache.mina.util.NamePreservingRunnable.run(NamePreservingRunnable.java:64)
at java.util.concurrent.ThreadPoolExecutor$Worker.runTask(ThreadPoolExecutor.java:886)
at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:908)
at java.lang.Thread.run(Thread.java:662)

Shawn Pearce

unread,
Jun 1, 2011, 10:05:23 AM6/1/11
to Ping Yin, repo-discuss
On Tue, May 31, 2011 at 19:12, Ping Yin <pkuf...@gmail.com> wrote:
> On Tue, May 31, 2011 at 10:57 PM, Shawn Pearce <s...@google.com> wrote:
>> On Tue, May 31, 2011 at 04:10, Ping Yin <pkuf...@gmail.com> wrote:
>
>> Instead generate your own key pair using ssh-key-gen and add the
>> public half to the $site_dir/etc/peer_keys files using the standard
>> OpenSSH authorized_keys file format (one public key per line). The
>> server will automatically load this file when created/modified, there
>> isn't a need to restart it when you add keys to it.
>
> It doesn't work
>
> WARN  com.google.gerrit.sshd.DatabasePubKeyAuth : Invalid key in
> /home/gerrit2/review_site/etc/peer_keys:
>  ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDTzewbK3HOOc18ru7NoQu1cGM5ElsvYdcS1rM7L2qPp90kRaHlrGMZFx/e6Y0OVrvDy16662MSgMcfnf/xhsQekNsUyrJzXMGujzsnMGB/LPbJK/j8OXJz/BDZnkPtvRfCvmb5ZnVC20lPHOK8jlaBmnNKLwpNto1b/0x5B79iNWrtcVRBPBPkXHfjXQbePboh9nUvscSs5nVcBrssA0k56hh9EDBZIkiSyUwzfPd+QBHQaPlKz87dVUgHMyXcr12FzeVRkAHNwkNsoa8WTiniG/7zdNG260xJXeWSvoWtjynqfyvKn49ieAyRrHMrVdI179uwMYv6loiinMxaM25z
> java.lang.IllegalStateException: Bad item length: -1295483218

Hmm. Maybe I am wrong. Did you try just the key by itself, without the
ssh-rsa prefix? Looking at the code it seems to Base64 decode the
entire line, without trying to remove that prefix.

Ping Yin

unread,
Jun 2, 2011, 10:02:50 PM6/2/11
to Shawn Pearce, repo-discuss
On Wed, Jun 1, 2011 at 10:05 PM, Shawn Pearce <s...@google.com> wrote:
>> WARN  com.google.gerrit.sshd.DatabasePubKeyAuth : Invalid key in
>> /home/gerrit2/review_site/etc/peer_keys:
>>  ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDTzewbK3HOOc18ru7NoQu1cGM5ElsvYdcS1rM7L2qPp90kRaHlrGMZFx/e6Y0OVrvDy16662MSgMcfnf/xhsQekNsUyrJzXMGujzsnMGB/LPbJK/j8OXJz/BDZnkPtvRfCvmb5ZnVC20lPHOK8jlaBmnNKLwpNto1b/0x5B79iNWrtcVRBPBPkXHfjXQbePboh9nUvscSs5nVcBrssA0k56hh9EDBZIkiSyUwzfPd+QBHQaPlKz87dVUgHMyXcr12FzeVRkAHNwkNsoa8WTiniG/7zdNG260xJXeWSvoWtjynqfyvKn49ieAyRrHMrVdI179uwMYv6loiinMxaM25z
>> java.lang.IllegalStateException: Bad item length: -1295483218
>
> Hmm. Maybe I am wrong. Did you try just the key by itself, without the
> ssh-rsa prefix? Looking at the code it seems to Base64 decode the
> entire line, without trying to remove that prefix.
>

Thanks, shawn. After removing the ssh-rsa prefix, it works.

Reply all
Reply to author
Forward
0 new messages