Test Checkout Subversion svn checkout svn+ssh://test

I am attempting to try out Phacility and would be using a Subversion repo so I created a hosted svn repo. I configured and activated this repo but am unable to checkout the repo on a client machine using the checkout URL provided by Diffusion listed below.

svn checkout svn+ssh://test-dpljtnmalxi5@vault.phacility.com/source/TestA TestA

After sometime the system reports the following.

svn: To better debug SSH connection problems, remove the -q option from ‘ssh’ in the [tunnels] section of your Subversion configuration file.
svn: Network connection closed unexpectedly

Any suggestions?

What does this output?

$ ssh -T test-dpljtnmalxi5@vault.phacility.com

The output of ssh -T -p 2222 test-dpljtnmalxi5@vault.phacility.com is

ssh: connect to host vault.phacility.com port 2222: Connection timed out

I am running ssh -T test-dpljtnmalxi5@vault.phacility.com now and will update you.

The output of ssh -T test-dpljtnmalxi5@vault.phacility.com is:

ssh: connect to host vault.phacility.com port 22: Connection timed out

vault.phacility.com does not listen on port 2222 so the timeout when connecting on 2222 is expected.

The normal SSH port (22) should respond within about a second. If it does not, something is wrong; my best guess is that DNS or network settings may be misconfigured on your end. If I run the command, I get permission denied in about 450ms (which is expected, because my public key isn’t associated with any account on the instance).

$ time ssh -T test-dpljtnmalxi5@vault.phacility.com
test-dpljtnmalxi5@vault.phacility.com: Permission denied (publickey).

real	0m0.426s
user	0m0.012s
sys	0m0.008s

What does this produce?

$ ssh -T quack@secure.phabricator.com

Expected behavior is permission denied within a second or two.

Also perhaps useful:

$ ssh -T meta@vault.phacility.com

This command does not return within a second or two. It has not returned in over 1 minute so far.

Can you SSH to any external host at all (like ssh -T git@github.com or ssh -T git@gitlab.com)? This sounds like it might be outbound SSH connection filtering on your network given that you’re unable to reach two different hosts.

Thank you. That appears to be the case on this system. I’ll check internally on the reason for the filtering.

Although it’s not completely conclusive, you could also try this:

$ ssh -T -p 443 quack@vault.phacility.com
ssh_exchange_identification: read: Connection reset by peer

That will connect to the HTTPS server on the same host over SSH. The connection won’t work since the other end doesn’t know how to do an SSH handshake, but if you get an error back quickly that strongly points at outbound traffic to destination port 22 being filtered, versus a routing problem (between you and vault.phacility.com or between you and a larger set of external servers).

I have confirmed that ssh is blocked here except for specific servers. Thanks again.

BTW, the ssh -T -p 443 quack@vault.phacility.com command returns immediately.