Page MenuHomePhabricator

PhabricatorAuthSSHKeyQuery cache is not dirtied on username changes
Closed, ResolvedPublic


A git push to our Phacility hosted repository just failed with this message:

# git push
phabricator-ssh-exec: Invalid username ("eeeeeeeeeeeee"). There is no user with this username.
fatal: Could not read from remote repository.

Please make sure you have the correct access rights
and the repository exists.

This used to work a few days ago. Some of the recent configuration changes we have made that might have caused this bug include:

  • changing my user's username from eeeeeeeeeeeee to edward;
  • adding a new email address;
  • switching primary email address to the new address;
  • deleting the old (formerly primary) email address; and
  • enacting a promotion to administrator privilege.

When I changed the user's username there was a dialog that warned me about the potentially hazardous consequences of changing a user's username. I read like the first few words then decided to just hit the Move Fast! button without reading any further. If this bug is one of the scenarios warned against in the dialog box: sorry!

We have a workaround and this issue isn't holding us back. I was able to resolve the issue by deleting my user's ssh key, and uploading the original ssh key material as a new Phabricator sshkey.

Event Timeline

epriestley renamed this task from Git push failed, "there is no user with this username" to PhabricatorAuthSSHKeyQuery cache is not dirtied on username changes.Apr 14 2017, 11:50 AM
epriestley triaged this task as Normal priority.

See also somewhat-related task T12397.

We use a cache for SSH credentials. This is dirtied when users make changes to SSH keys, but not currently dirtied when usernames change.

We could either have this file generate with user PHIDs instead of usernames (which would fix the cache issue, but make debugging a bit tougher) or dirty the cache on username changes. For now, I'm inlined to do the cache dirty.

The cache expires automatically after 24 hours and it looks like it has already expired by the time I got to it to fix it -- are things working for you now?

I'll make the cache dirty properly too, and this should be easy, but if anyone else hits this in the very near future (or some similar bug), some workarounds are:

  • wait 24 hours for the cache to expire; or
  • make any edit to any SSH key.

I was able to resolve the issue by deleting my user's ssh key, and uploading the original ssh key material as a new Phabricator sshkey.

Oh, sorry, I missed this! It makes sense that these edits dirtied the cache and fixed the issue.

D17687 should dirty the cache properly on username changes. It should promote to stable within the next ~12 hours, and deploy to Phacility production about 24 hours from now.

(Until then, you can use the "edit SSH keys" workaround if you need to make additional username changes.)

And thanks for the report! Let us know if you run into anything else.

Thanks for looking into this so quickly.

Sorry it wasn't clearer that I had found a way of working around the problem.

Totally my fault, I just didn't read half that sentence. 🐈