Apache OpenOffice (AOO) Bugzilla – Issue 359
David Cobb having issues with establishing ssh tunnel
Last modified: 2003-12-06 14:52:32 UTC
Kat, please work with louis on what is going on here, and coordinate with any second-level technical support as necessary to help david successfully establish his ssh tunnel. We want to be very careful about documenting these issues, and folding them back into the initial documentation that louis authored on establishing a ssh tunnel to OOo. Kat, you should get a copy of the tunnel documentation if you havn't already. Here is david's report of the issue: ************************************** Date: Tue, 30 Jan 2001 11:07:31 -0500 From: David A. Cobb <superbiskit@home.com> To: Adam Gould <goolie@collab.net> Subject: Light at the end of the tunnel: oncomming express! Hi again, Goolie. Here is what I can do, and what I cannot. My environment: Win98se + Cygwin (latest). OpenSSH. Xemacs (21.1.13=latest) I do: $ env `SSH-AGENT` Xemacs -f shell everything launches ok: I'm in the Xemacs shell now: $ ssh-add ~/.ssh/id_dsa I do the passphrase dialog & it says my identity is added. I have been doing this so there are no nasty timing glitches: my identity can be silently exchanged. Here, I've tried various things: Xemacs command "ssh" should set up the secure shell -- this would probably be my first choice, but I haven't been able to make it work. >From *shell* I do the $ ssh -2 -L 2401:localhost:2402 tunnel@openoffice.org and I DO get the "last login" message. So, now what? The page I sent you at xemacs.org suggested "noop" with a response "OK" I get an echo "noop" Most anything I type gets echoed (slowly). Nothing else happens. The ssh client owns this shell now: I /think/ I should execute it in the background: "ssh . . . . &" so I get my command line back (?) Also, I get the ^M characters that indicate your server thinks the connection is a tty (pty). If that is the case, this might run better from Xemacs-term. I tried that but I don't know how to get an echo, so I'm flying blind. Anyway, with the connection open, I did get a second shell running. >From there I tried the sort of shell the Xemacs page suggested to run CVS in ":ext:" mode and do a checkout. It failed with a "Connection Refused" So, yes I can get into the tunnel but I just walk into walls in the dark. I can't even get an anonymous checkout from the webCVS because the links for "www" or for "whiteboard" don't seem to be setup correctly (?) Pass this on to a *nix or Cygwin guru, maybe what I'm doing wrong is so trivial she will see it at once.
Date: Thu, 1 Feb 2001 15:56:30 -0800 From: Louis Suarez-Potts <lupo@socrates.Berkeley.EDU> To: Kathy Gavin <kat@collab.net> Cc: Adam Gould <goolie@collab.net> Subject: Re: Light at the end of the tunnel: oncomming express! Kat: I'll send you the documentation; it will also be going up on the OOo site, under the "documentation" link in the left navbar. I read through David's problems, and my documentation doesn't quite cover his issues. The ssh guide dicusses how to set up the tunnel (esp. for windows boxes) but not how to use the cvs. The way the tunnel works--and David seems to be getting this--is that it sets up the tunnel and then nothing else happens; there is no shell at the end of the tunnel, no light. This can be bewildering, at first, but that is the nature of an ssh tunnel. The tunnel can go into the background, but I am unsure of the logic of actually specifying this. What one does from there ... Well, with a windows system, one can start WinCVS and configure it to use the tunnel as localhost. For xemacs, etc.--well that goes beyond my competence. Goolie- I'll send David the full document and post it to the documentation page, tho he's pretty much doing everything the document says (which doc. was vetted by Shane). When we resolve David's problem, that resolution should definitely be added to the document. As I mention above, I don't have experience with Xemacs or really with the nuances of cvs. -louis
Date: Thu, 1 Feb 2001 16:11:56 -0800 (PST) From: Adam Gould <goolie@collab.net> To: Louis Suarez-Potts <lupo@socrates.Berkeley.EDU> Cc: Kathy Gavin <kat@collab.net>, David A. Cobb <superbiskit@home.com> Subject: Re: Light at the end of the tunnel: oncomming express! It only makes sense that the tunnel doc should: a) step people though establishing the tunnel b) provide them a means to test it It appears that b) is missing. And in order to provide it, we should have a small 1K testfile in a test module somewhere that people can "check out" to test their tunnel. IMO, the tunnel documentation does no good if people don't know, in the end, if it's working or not. I guess the final bit of ssh tunnel documentation should just tell where the module is, and then point people to a cvs help documentation from there... See, what were are dealing with here is what i call an "info joint" and it's where people often get dropped: 1) Establish ssh tunnel ---> 2) Check out CVS test module the "info joint" is the arrow. That should be just as well documented as 1) and 2) I think, this is where David is stuck. I'm going to copy this email thread into IssueZilla so we can track it. Let's please try and have this conv as much as possible in IZ, see how well that's able to document our thoughts. --goolz
Date: Thu, 1 Feb 2001 16:19:40 -0800 From: Louis Suarez-Potts <lupo@socrates.Berkeley.EDU> To: Adam Gould <goolie@collab.net> Cc: Kathy Gavin <kat@collab.net>, David A. Cobb <superbiskit@home.com> Subject: Re: Light at the end of the tunnel: oncomming express! Goolz, Agreed. My documentation *does* stress that once the tunnel has been achieved there is no "light": only darkness (so to speak). But the weakness is exactly as you point out, viz, that there is no clear guidance on connecting with CVS. I am not really competent to document the CVS part. I'll (or Kat: can you?) see if I can find other documentation that addresses that point, however. My suggestion is also to see if we can get Niels or Shane to "transfer knowledge" (write the doc., or at least block it out). -Louis
David, Once the tunnel is established have you been able to log in from a seperate terminal via the pserver?(I assume CVSROOT:pserver:anoncvs@anoncvs.openoffice.org:/cvs is set) What does 'cvs login' return or is this where your connection is first refused? Kat
This documentation may also be of help: Secure CVS http://cuba.xs4all.nl/~tim/scvs/ Kathy
Re: The :pserver: connection -- When I did so it asked for a password. Following the cite Xemacs documentation I also tried replacing :pserver: -- which means "password mode" with :ext:. Of course I do not know what :ext: means. Please (anybody) take a good look at <http://cvs.xemacs.org/> as an example of introducing potential contributors to SSH + CVS usage.
David, The :ext: option is used to refer to an external repository accessed through rsh or ssh. This repository uses a password server for authentication (the :pserver: option) for anonymous access. Once you log in are you able to check out code? Thank you for the XEmacs link - it is a very nice walk through and should be considered.
Closing issue for lack of activity. Please re-open if there are still problems. Kathy
As agreed by Louis I will close these resolved fixed kat (support)-owned issues now. If you have trouble with that, please re-open the issue.