Page MenuHomePhabricator
Create Task
Maniphest T12554

PhabricatorAuthSSHKeyQuery cache is not dirtied on username changes
Closed, ResolvedPublic
Actions

Description

A git push to our Phacility hosted repository just failed with this message:

# git push
phabricator-ssh-exec: Invalid username ("eeeeeeeeeeeee"). There is no user with this username.
fatal: Could not read from remote repository.

Please make sure you have the correct access rights
and the repository exists.

This used to work a few days ago. Some of the recent configuration changes we have made that might have caused this bug include:

  • changing my user's username from eeeeeeeeeeeee to edward;
  • adding a new email address;
  • switching primary email address to the new address;
  • deleting the old (formerly primary) email address; and
  • enacting a promotion to administrator privilege.

When I changed the user's username there was a dialog that warned me about the potentially hazardous consequences of changing a user's username. I read like the first few words then decided to just hit the Move Fast! button without reading any further. If this bug is one of the scenarios warned against in the dialog box: sorry!

We have a workaround and this issue isn't holding us back. I was able to resolve the issue by deleting my user's ssh key, and uploading the original ssh key material as a new Phabricator sshkey.

Revisions and Commits

rP Phabricator
D17687rP69053a40f947 Dirty the SSH key cache when usernames change

Related Objects

Event Timeline

edward created this task.Apr 14 2017, 10:49 AM
epriestley renamed this task from Git push failed, "there is no user with this username" to PhabricatorAuthSSHKeyQuery cache is not dirtied on username changes.Apr 14 2017, 11:50 AM
epriestley triaged this task as Normal priority.
epriestley added projects: Diffusion, Infrastructure, Customer Impact.
Herald added a subscriber: eadler. · View Herald TranscriptApr 14 2017, 11:50 AM
epriestley added a subscriber: epriestley.Apr 14 2017, 11:55 AM

See also somewhat-related task T12397.

We use a cache for SSH credentials. This is dirtied when users make changes to SSH keys, but not currently dirtied when usernames change.

We could either have this file generate with user PHIDs instead of usernames (which would fix the cache issue, but make debugging a bit tougher) or dirty the cache on username changes. For now, I'm inlined to do the cache dirty.

The cache expires automatically after 24 hours and it looks like it has already expired by the time I got to it to fix it -- are things working for you now?

I'll make the cache dirty properly too, and this should be easy, but if anyone else hits this in the very near future (or some similar bug), some workarounds are:

  • wait 24 hours for the cache to expire; or
  • make any edit to any SSH key.
epriestley added a comment.Apr 14 2017, 12:02 PM

I was able to resolve the issue by deleting my user's ssh key, and uploading the original ssh key material as a new Phabricator sshkey.

Oh, sorry, I missed this! It makes sense that these edits dirtied the cache and fixed the issue.

epriestley added a revision: D17687: Dirty the SSH key cache when usernames change.Apr 14 2017, 12:09 PM
epriestley added a comment.Apr 14 2017, 12:10 PM

D17687 should dirty the cache properly on username changes. It should promote to stable within the next ~12 hours, and deploy to Phacility production about 24 hours from now.

(Until then, you can use the "edit SSH keys" workaround if you need to make additional username changes.)

epriestley added a comment.Apr 14 2017, 12:10 PM

And thanks for the report! Let us know if you run into anything else.

epriestley claimed this task.Apr 14 2017, 12:59 PM
edward added a comment.Apr 14 2017, 2:59 PM

Thanks for looking into this so quickly.

Sorry it wasn't clearer that I had found a way of working around the problem.

epriestley added a comment.Apr 14 2017, 2:59 PM

Totally my fault, I just didn't read half that sentence. 🐈

epriestley closed this task as Resolved by committing rP69053a40f947: Dirty the SSH key cache when usernames change.Apr 14 2017, 3:03 PM
epriestley added a commit: rP69053a40f947: Dirty the SSH key cache when usernames change.
Phabricator · Built by Phacility