1991: Using an external ssh or cvs/svn commands + kerberized access

arjun.su********@gmai***** (Google Code) (Is this you? Claim this profile.)
Feb. 3, 2014 
What version are you running?
1.5

Is there a way to configure reviewboard to use an EXTERNAL ssh command
or EXTERNAL cvs/svn commands?

I need to access cvs and svn servers using ssh, but the ssh
connections are NOT on port 22 and they do NOT support public key
authentication, instead they support Kerberos authentication.    This
means I need a way to specify an external ssh command or external cvs/
svn commands.

Paramiko interface has port 22 hardcoded in it, and it doesnt support kerberos. So instead of using paramiko can i bypass it and ask reviewboard to use the default ssh of the the system.

http://code.fabfile.org/issues/show/195
https://bugs.launchpad.net/paramiko/+bug/507391



Due to the paramiko interface adding svn repository fails.
I had to fix it by following:
http://code.google.com/p/reviewboard/issues/detail?id=1750

I commented out the super(SVNTool, cls).check_repository(path, username, password) line in check_repository function of svn.py

Thus paramiko inteface is bypassed but the checkout works fine as it uses the pysvn package.

I switched to latest version of reviewboard 1.5.3 and CVS is not working anymore for the same setting that used to work on 1.5 So i reverted back to 1.5

So is there a way to bypass paramiko and use system defined cvs/svn/ssh tools?

Also the CVS diff file that is generated has the absolute path in the RCS file field. I was able to fix this with the help of

http://groups.google.com/group/reviewboard/browse_thread/thread/321cebee72e10dd9?pli=1
http://code.google.com/p/reviewboard/issues/detail?id=535

Hope this patch gets added to later versions.

Arjun Surendra
Software Engineer,AOL
chipx86
#1 chipx86 
Hi Arjun,

This is a bit tricky. So, there are two parts that deal with SSH: The repository verification (check_repository), which uses Paramiko, and as of RB 1.5.2, the rbssh script, which is a substitute for ssh that allows us to work around limitations in ssh for customizable, per-site .ssh directories.

The first part must use paramiko. We don't have any other API for the repository verification. Of course, in your case, you don't even really want that verification, and I wouldn't be totally opposed to support for skipping verification.

The second part, rbssh, also uses paramiko. So assuming the first is solved, what you want for the second is a way to say "Use the system ssh instead of rbssh," which I think is also a reasonable option to add, though we'll have to be very explicit on the limitations.

Another alternative for rbssh is to replace the system rbssh with a symlink to ssh. It will of course be overridden every time you upgrade, but that would solve that part.

The CVS thing is really a separate problem and I want to keep this ticket limited to Kerberos/system SSH support. That said, I'll reopen the ticket.
  • +Confirmed
  • +Component-SSH
    +Milestone-Release1.5.x
chipx86
#2 chipx86
  • +Milestone-Release1.6.x
david
#3 david
  • -Milestone-Release1.6.x
david
#4 david 
I think I'm going to close this out. Kerberos is very rare these days, and there's a workaround.
  • -Confirmed
    +WontFix