unable to clone due to ssh issue

[Jen]

Hello,

I installed the latest version (2.8.1) of Gerrit and configured ldap authentication.  I was able to login as the administrator , added my ssh keys, and set up a new project through the UI. However when I try to clone a git repo, I see the following error message:

ssh: connect to host <hostname> port 29418: Connection timed out
fatal: The remote end hung up unexpectedly

I am able to telnet to the port on localhost where gerrit is installed.

telnet localhost 29418
 Trying 127.0.0.1...
 Connected to localhost.
 Escape character is '^]'.
 SSH-2.0-GerritCodeReview_2.8.1 (SSHD-CORE-0.9.0.201311081)
 \ɠf7??ڭU!?^0?x?6diffie-hellman-group14-sha1,diffie-hellman-group1-sha1ssh-rsa,ssh-dss6aes128-cbc,3des-cbc,blowfish-cbc,aes192-cbc,aes256-cbc6aes128-cbc,3des-cbc,blowfish-cbc,aes192-cbc,aes256-cbc+hmac-md5,hmac-sha1,hmac-md5-96,hmac-sha1-96+hmac-md5,hmac-sha1,hmac-md5-96,hmac-sha1-96nonenone=)lm??>|k?JM?*^C


However, I am not able to telnet to this port from outside the server. I contacted the network team to see if there is a firewall blocking it. However they have confirmed that there is nothing in front of the vlan.  I am wondering what could be causing this issue.

Thanks for any pointers.

[Robert Ward]

Hi Jen,

What output do you get if you run

ssh -p 29418 <hostname> gerrit

Cheers,

Rob

> --
> --
> To unsubscribe, email repo-discuss...@googlegroups.com
> More info at http://groups.google.com/group/repo-discuss?hl=en
>  
> ---
> You received this message because you are subscribed to the Google Groups "Repo and Gerrit Discussion" group.
> To unsubscribe from this group and stop receiving emails from it, send an email to repo-discuss...@googlegroups.com.
> For more options, visit https://groups.google.com/groups/opt_out.

[Jen]

Hi Rob,

Here is the output when I run the command:

ssh -p 29418 <hostname> gerrit

ssh: connect to host <hostname> port 29418: Connection timed out

Thanks,
Jen

[Robert Ward]

Hi Jen,

Are there any messages in the error_log or ssh_logs for the time you tried connecting.

Also can you confirm that the username you have set within gerrit matches the one you are logged into on your machine.

Cheer,
Rob

[Jen]

Hi Rob,

I am logged in as the same user that is registered with Gerrit.

sshd_log is empty.

Thre is nothing in the error_log for the time I tried connecting. However I see a warning in the error_log at midnight.

 WARN  org.eclipse.jetty.io.nio : javax.net.ssl.SSLException: Inbound closed before receiving peer's close_notify: possible truncation attack?

Thanks,
Jen

[Robert Ward]

Hi Jen,

Given that you have not been able to connect to the port which seems to be confirmed by the fact there is nothing in the logs and there is no firewall in the way my guess is that there is either a DNS issue or a config issue in gerrit.

From your machine can you ping <hostname>

Can you check your gerrit.config especially with regards to the sshd section [1] as it might not be listening on the correct interfaces.

Have you tried cloning on the server itself which eliminates the network completely for the clone, I'm guessing this will work as you are able to talk the the 29418 port when on the localhost.

Cheers,

Rob

--
------------------------------

Rob Ward
www.rob-ward.co.uk

[Robert Ward]

Hi Jen,

Given that you have not been able to connect to the port which seems to be confirmed by the fact there is nothing in the logs and there is no firewall in the way my guess is that there is either a DNS issue or a config issue in gerrit.

From your machine can you ping <hostname>

Can you check your gerrit.config especially with regards to the sshd section [1] as it might not be listening on the correct interfaces.

Have you tried cloning on the server itself which eliminates the network completely for the clone, I'm guessing this will work as you are able to talk the the 29418 port when on the localhost.

[1] - http://rob-i5-lm:8080/Documentation/config-gerrit.html#sshd

Cheers,

Rob