key files not placed in correct files

Asked by PeterDz on 2011-05-18

Have been trying to get Bazaar working for some time (this is 2.0 over XP w/SP3). I used to run it under Linux and it seemed fine and acceptable. I am trying to access a remote site for which I am fully authorised. I went back to it today and managed to generate a "meaningful" error. It was

host keys for [target URL] do not match!
XXXXXXXXXXXXXXXXXXX != YYYYYYYYYYYYYYYYYYYYYYYY

[Try editing C:\\ ....Owner/.ssh/known_hosts
or C:\\ ....Owner/Application Data/Bazaar 2.0/ssh_host_keys]

Original; installation went OK, but the files mentioned in the first line don't appear to exist and that in the second line are empty.

I generated the keys in a standard way and they used to work under SVN so bazaar should be able to see them and gain access in the usual way.

So:

 (i) why aren't they in the place named in the error;

(ii) why do the keys not seem to be accessible.

Lastly can we have automatic update detection please on Bazaar.

Question information

Language:
English Edit question
Status:
Answered
For:
Bazaar Explorer Edit question
Assignee:
No assignee Edit question
Last query:
2011-05-18
Last reply:
2011-05-20
Martin Pool (mbp) said : #1

Hi Peter,

First off I would really recommend running bzr 2.3 not 2.0.

Do you have Putty or any other ssh client installed on this machine? If so, perhaps it's caching the host keys (in the registry?) and our guess about where they are is incorrect. It does seem like there is some bug here.

> Lastly can we have automatic update detection please on Bazaar.

If you mean automatic updating of bzr to later versions, that's an interesting point. Do you have any opinion or advice on what framework or tool we ought to use to do that?

PeterDz (pdzwig) said : #2

Martin,

yes I do have PuTTY installed. It puts the keys in \Documents and Settings\Owner\..names of your choice one for each Public and Private.

If it is that your guess is wrong then since the name is pretty arbitrary I can only suggest that you offer the user the chance to specifiy where the keys are - and modify the name if appropriate. I guess that that means the usual kind of UI with a "browse" option.

As for auto-updates I guess that there are two options:

(i) the sort of thing that looks at your current version and compares it with the home website (the sort of thing that they do with something like TortoiseSVN and others) and then offers the chance to upgrade. I frankly wouldn't suggest that you do it for every minor upgrade if you decide to do them frequently,

(ii) The other is some kind of auto-updating system a la Mozilla or whatever. I am sure that there must be something of that ilk in Sourceforge or similar.

A quick hunt gives me:

http://sourceforge.net/projects/autoupdater/

http://autoupdater.codeplex.com/ (free)

http://www.advancedinstaller.com/auto-updater.html (paid for) but this page might provide a few ideas

Obviously what is needed is Linux/RoW portability.

Peter

Alexander Belchenko (bialix) said : #3

PeterDz пишет:
> yes I do have PuTTY installed. It puts the keys in \Documents and
> Settings\Owner\..names of your choice one for each Public and Private.

I have Putty on my machine, and as I can see it puts SSH Host keys to
the registry, at HKCU\Software\SimonTatham\PuTTY\SshHostKeys

If you have problems with PuTTY I may suggest you force using paramiko
library for bzr+ssh/sftp access. To make sure you're using paramiko, set
the environment variable BZR_SSH=paramiko.

> If it is that your guess is wrong then since the name is pretty
> arbitrary I can only suggest that you offer the user the chance to
> specifiy where the keys are - and modify the name if appropriate. I
> guess that that means the usual kind of UI with a "browse" option.

I don't think those locations are configurable.

Alexander Belchenko (bialix) said : #4

PeterDz пишет:
> New question #158043 on Bazaar Explorer:
> https://answers.launchpad.net/bzr-explorer/+question/158043
>
> Have been trying to get Bazaar working for some time (this is 2.0 over XP w/SP3). I used to run it under Linux and it seemed fine and acceptable. I am trying to access a remote site for which I am fully authorised. I went back to it today and managed to generate a "meaningful" error. It was
>
> host keys for [target URL] do not match!
> XXXXXXXXXXXXXXXXXXX != YYYYYYYYYYYYYYYYYYYYYYYY

Host key is the special key which should uniquely identify the host. It
does not related to your own secret/public key.

> [Try editing C:\\ ....Owner/.ssh/known_hosts

I think you're using paramiko for bzr+ssh access and thus this message
is incorrect for Windows.

> or C:\\ ....Owner/Application Data/Bazaar 2.0/ssh_host_keys]
>
> Original; installation went OK, but the files mentioned in the first line don't appear to exist and that in the second line are empty.

I think this is a bug. I don't have .ssh/known_hosts on my computer at
that location either.

> I generated the keys in a standard way and they used to work under SVN so bazaar should be able to see them and gain access in the usual way.

I don't think that SVN and bzr using the same approach re SSH keys. As I
know SVN uses TortoisePlink utility, buit bzr doesn't.

For bzr you'd better use pageant from PuTTY package to hold your
personal secret key.

> So:
>
> (i) why aren't they in the place named in the error;

> (ii) why do the keys not seem to be accessible.

Please, file a bug against bzr itself. That's not Bazaar Explorer fault.

Martin Pool (mbp) said : #5

what software component generates the warning? if it's bzr, we can
potentially fix it.

PeterDz (pdzwig) said : #6

Martin,

The logo in the top LH corner is a bzr explorer logo. It does say "Transport Error" before the stuff I put in above. So I am unclear.

To be a bit more explicit, the sequence is something like:

Open Bzr Exp

"Open an existing Location" > Open
Identify folder which is supposedly a downloaded branch > OK

Error....

It goes to look at an existing site, for which as I say I am fully authorised

etc etc
Any more info that you need?

Alexander,

I am using PuTTY and pageant to generate the keys. What I meant about bzr and SVN, was that the keys themselves on my machine are visible and accessible (as made clear by using SVN), so they are were valid and hopefully correctly generated.

FWIW I **THINK** that this is bzr explorer; but I can't be sure.

Peter

Peter

Alexander Belchenko (bialix) said : #7

PeterDz пишет:
> FWIW I **THINK** that this is bzr explorer; but I can't be sure.

I think we need to see corresponding part of .bzr.log, so maybe you'd
better file a bug against bzr itself (because bzr-explorer is based on
bzr) and attach relevant part of .bzr.log there.

Can you help with this problem?

Provide an answer of your own, or ask PeterDz for more information if necessary.

To post a message you must log in.