I’ve been trying to talk to the nest via ssh, with no success so far.
First thing that’s unclear to me is the username; I take it I should be using my nest username, so e.g. pijul clone robx@nest.pijul.com/pijul/pijul should work? (I’m a bit unsure because e.g. github has a generic git@github.com user for ssh access.)
I believe I configured my public ssh key correctly, but access fails with Key "id_rsa.pub" (with agent) rejected (regardless of the username I use), and then prompts me for a password.
Here it seems that I can actually use my nest password, but there seems to be something wrong. Concretely, I’ve seen:
correct password:
$ pijul clone robx@nest.pijul.com:/robx/testing
Key "id_rsa.pub" (with agent) rejected
Password for robx@nest.pijul.com:
Error: Remote exited with status 1
incorrect password:
$ pijul clone robx@nest.pijul.com:/robx/testing
Key "id_rsa.pub" (with agent) rejected
Password for robx@nest.pijul.com:
Error: Not authenticated
I should note that in the process of figuring this out, I also tried renaming my account (from robx to rob) to match my local username. I was surprised that the nest allows renaming an account, and not particularly surprised that it didn’t really seem to successfully rename the account. There’s now both https://nest.pijul.com/rob and https://nest.pijul.com/robx, but I can’t seem to log in to the former.
Don’t worry, I have an idea how much work this all is. (Particularly dealing with users and not just code.) Everything you do much appreciated, and I don’t mind that things don’t “just work”.
That said, I do seem to be running into the same issues even with the modified command line.
When I run pijul clone emily@nest.pijul.com:emily/hello-pijul testing it works. I’m using an ed25519 ssh key, but I’m not sure if that makes any difference. For some reason pijul clone emily@nest.pijul.com:robx/testing testing crashes though.
Cloning repositories from other users, like pijul clone emily@nest.pijul.com:pijul/pijul pijul does seem to work for me. Maybe it doesn’t work for robx/testing because it’s an empty repository? Maybe you could try pijul push robx@nest.pijul.com:robx/testing from an existing repository.
I like to finally be able to deal with users! I’ve worked on that thing for years, frustrating everybody who wanted to try something that wasn’t even close to being remotely usable. I’m happy that the class of errors is down to user experience, extending basic features and the like.
You’re right, I can now clone non-empty repositories via ssh+password. I’m pretty sure I tried non-empty repositories before, but it seems like maybe something got into a bad state due to the failures.
Some progress here. I’ve created a dedicated ed25519 key. I think behaviour can be summarized as follows:
I have both my default RSA key and ed25519 configured on the nest now; it doesn’t seem to improve things if remove one or the other from nest config
if I have only the ed25519 key added to ssh-agent, passwordless auth works! (but I still run into Remote exited with status 1, even cloning /pijul/pijul)
if I have only the rsa key added to ssh-agent, I’ve seen Key "xxxx..." (with agent) rejected before being prompted for password. Notably, that “xxxx…” string is different from the fingerprint I see in ssh-add's output (but perhaps it’s the private key? it’s not actually “xxxx…”)
if I have both keys in ssh-agent, I’m prompted for password directly; judging by debug output the keys don’t seem to be tried
I also still see things lock up with Error: Connection reset by peer (os error 54) after failures. I can work around that by connecting from a different IP address, so it seems either something breaks on the networking side, or it’s some kind of defensive firewally measure after failed ssh connections.
This is all with a fresh (as of an hour ago) build of pijul, btw. (But no update to thrussh from cargo.)
Having now rebuilt after cargo update, which pulled in a new thrussh version, having both keys in ssh-agent now works in the sense that it combines the two single keys: I get the “rejected” message for the RSA key, but then authenticate successfully, presumably using the ed25519 key.
I’ve finally managed to clone via ssh. I might have noticed this earlier from some of your answers, but to repeat for anyone who might run into some of these problems:
Thanks, for the report, and especially for your perseverance. I think this is as much of a Nest issue as a Pijul one, I’ll look into it as soon as I can.
