Though I have followed the usual steps for using the dotCloud CLI under Cygwin, dotcloud push fails in all cases: --rsync, --hg, and --git.
I am on Windows 8 and Cygwin.
How can I push successfully?
Sample output:
me#host /cygdrive/d/project
$ dotcloud push --rsync
==> Pushing code with rsync from "./" to application myapp
rsync: connection unexpectedly closed (0 bytes received so far) [sender]
rsync error: unexplained error (code 255) at /home/lapo/package/rsync-3.0.9-1/src/rsync-3.0.9/io.c(605) [sender=3.0.9]
me#host /cygdrive/d/project
$ dotcloud push --git
Permission denied (publickey,password).r from "./" to application myapp
fatal: The remote end hung up unexpectedly
me#host /cygdrive/d/project
$ dotcloud push --hg
==> Pushing code with mercurial from "./" to application myapp
abort: no suitable response from remote hg!
Error: Mercurial returned a fatal error
You may be running into a bug in Cygwin's group permissions. Vineet Gupta gives a workaround in his blog. The problem comes from the very strict permissions expected by ssh around the keys, and the solution is to set the permission on the ssh key properly (to 600, rw by owner only). Cygwin seems to need the group to be added manually.
Updating the steps to get the dotCloud CLI installed, including setting the permissions, leads to:
Start the Cygwin Setup.
Select default choices until you reach the package selection dialog.
Enable the following packages:
net/openssh
net/rsync
devel/git
devel/mercurial
python/python (make sure it’s at least 2.6!)
web/wget
After the installation, you should have a Cygwin icon on your desktop. Start it: you will get a command-line shell.
Download easy_install
wget http://peak.telecommunity.com/dist/ez_setup.py
Install easy_install
python ez_setup.py
You now have easy_install; let’s use it to install pip:
easy_install pip
Now install dotcloud (the CLI)
pip install dotcloud
Set up the CLI with your credentials. This will also download the ssh key.
dotcloud setup
New Step Update the permissions on your dotCloud key:
chgrp Users ~/.dotcloud_cli/dotcloud.key
chmod 600 ~/.dotcloud_cli/dotcloud.key
Now you should be able to dotcloud push
If you have multiple dotCloud accounts, then you will need to repeat this process for each account, since each account has its own key. Also note that you shouldn't have to set these permissions manually, but it seems like the group ownership is sometimes the wrong default in Cygwin. Linux and OSX don't seem to show this problem, though the permissions must be 600 for all OSes, so it is worth checking.
Related
I have been using the docker build --ssh flag to give builds access to my keys from ssh-agent.
When I try the same thing with podman it does not work. I am working on macOS Monterey 12.0.1. Intel chip. I have also reproduced this on Ubuntu and WSL2.
❯ podman --version
podman version 3.4.4
This is an example Dockerfile:
FROM python:3.10
RUN mkdir -p -m 0600 ~/.ssh \
&& ssh-keyscan github.com >> ~/.ssh/known_hosts
RUN --mount=type=ssh git clone git#github.com:ruarfff/a-private-repo-of-mine.git
When I run DOCKER_BUILDKIT=1 docker build --ssh default . it works i.e. the build succeeds, the repo is cloned and the ssh key is not baked into the image.
When I run podman build --ssh default . the build fails with:
git#github.com: Permission denied (publickey).
fatal: Could not read from remote repository.
Please make sure you have the correct access rights
and the repository exists.
Error: error building at STEP "RUN --mount=type=ssh git clone git#github.com:ruarfff/a-private-repo-of-mine.git": error while running runtime: exit status 128
I have just begun playing around with podman. Looking at the docs, that flag does appear to be supported. I have tried playing around with the format a little, specifying the id directly for example but no variation of specifying the flag or the mount has worked so far. Is there something about how podman works that I may be missing that explains this?
Adding this line as suggested in the comments:
RUN --mount=type=ssh ssh-add -l
Results in this error:
STEP 4/5: RUN --mount=type=ssh ssh-add -l
Could not open a connection to your authentication agent.
Error: error building at STEP "RUN --mount=type=ssh ssh-add -l": error while running runtime: exit status 2
Edit:
I belive this may have something to do with this issue in buildah. A fix has been merged but has not been released yet as far as I can see.
The error while running runtime: exit status 2 does not to me appear to be necessarily related to SSH or --ssh for podman build. It's hard to say really, and I've successfully used --ssh like you are trying to do, with some minor differences that I can't relate to the error.
I am also not sure ssh-add being run as part of building the container is what you really meant to do -- if you want it to talk to an agent, you need to have two environment variables being exported from the environment in which you run ssh-add, these define where to find the agent to talk to and are as follows:
SSH_AUTH_SOCK, specifying the path to a socket file that a program uses to communicate with the agent
SSH_AGENT_PID, specifying the PID of the agent
Again, without these two variables present in the set of exported environment variables, the agent is not discoverable and might as well not exist at all so ssh-add will fail.
Since your agent is probably running as part of the set of processes to which your podman build also belongs to, at the minimum the PID denoted by SSH_AGENT_PID should be valid in that namespace (meaning it's normally invalid in the set of processes that container building is isolated to, so defining the variable as part of building the container would be a mistake). Similar story with SSH_AUTH_SOCK -- the path to the socket file dumped by starting the agent program, would not normally refer to a file that exists in the mount namespace of the container being built.
Now, you can run both the agent and ssh-add as part of building a container, but ssh-add reads keys from ~/.ssh and if you had key files there as part of the container image being built you wouldn't need --ssh in the first place, would you?
The value of --ssh lies in allowing you to transfer your authority to talk to remote services defined through your keys on the host, to the otherwise very isolated container building procedure, through use of nothing else but an SSH agent designed for this very purpose. That removes the need to do things like copying key files into the container. They (keys) should also normally not be part of the built container, especially if they were only to be used during building. The agent, on the other hand, runs on the host, securely encapsulates the keys you add to it, and since the host is where you'd have your keys that's where you're supposed to run ssh-add at to add them to the agent.
I installed git instead of openssl to use Remote-SSH in VSCode.However,after I completed the config document and tried to connect to the remote host.I failed. The error info is showed in the below pic.error info
error info:
[11:27:12.631] remote-ssh#0.48.0
[11:27:12.632] win32 x64
[11:27:12.656] SSH Resolver called for "ssh-remote+23321", attempt 1
[11:27:12.659] SSH Resolver called for host: 23321
[11:27:12.659] Setting up SSH remote "23321"
[11:27:12.790] Using commit id "26076a4de974ead31f97692a0d32f90d735645c0" and quality "stable" for server
[11:27:12.798] Testing ssh with ssh -V
[11:27:13.099] ssh exited with code: 0
[11:27:13.100] Got stderr from ssh: OpenSSH_8.1p1, OpenSSL 1.1.1d 10 Sep 2019
[11:27:13.128] Running script with connection command: ssh -T -D 49485 23321 bash
[11:27:13.132] Install and start server if needed
[11:27:13.151] Terminal shell path: C:\Windows\System32\cmd.exe
[11:27:30.151] Resolver error: Connecting with SSH timed out
[11:27:30.178] ------
I had the same problem but the above solutions didn't work with my setup,
but the following setting did work:
"remote.SSH.useLocalServer": false
I got this solution from github reported issues and fix
In my case, the problem was caused by a too long authentication process on the server-side.
Solved it by extending the Connect Timeout from 15 to 30 seconds.
Instructions:
open your vscode Command Palette (via keyboard shortcut or from the
View menu).
search for the Remote-SSH: Settings.
scroll till you find the Connect Timeout.
change it to a longer duration than 15 secs.
key F1
Remote-SSH: Settings
Connect Timeout: from 15 seconds to 60 seconds solve my connection issue
You can try the following approaches:
ssh to your remote server. Then run the following commands to clean data folder and bin folder under .vscode-server folder on the server:
cd ~/.vscode-server
rm data/* -rf
rm bin/* -rf
If step 1 does not work, ssh to your remote server and delete the entire .vscode-server folder with the following command:
rm -rf ~/.vscode-server
Please note that this will also remove the extensions that you installed on the server.
Downgrade the version of the remote-SSH extension in vscode. Look up the extension in the vscode interface, right click on that, and you will find the option "Install Another Version ...". Install the previous version of the current one. If it does not work keep downgrading the version.
I had the same problem before, I solved this by deleting "terminal.integrated.inheritEnv": false inside ~/.config/Code/User/setting.json
I found the solution here in this thread from user oreilm49:
https://github.com/microsoft/vscode-remote-release/issues/1137
in vscode settings :
search conpty and uncheck it
I had same issue, my problem was solved after changing settings in the json file:
I removed "terminal.integrated.inheritEnv": false inside ~/.config/Code/User/setting.json
I added "remote.SSH.useLocalServer": true inside ~/.config/Code/User/setting.json
It worked for me after so many different trials
This might be a very foolish solution but it actually works for me, so I will write it down in case any other people get into the same problem.
I made modifications to the config file for SSH, then all the trials for connection ran into the error of 'Connecting SSH timed out'. I tried many possible solutions but none of them solved my problem.
Then I just closed the VScode and restarted it. Then everything works.
I had a case of this. I my client (local computer) is a Mac, and I was connecting to Linux host. I just went to the setting "Remote Platform" under Remote.SSH settings, and explicitly told it that I am connecting to a Linux remote. After this, it started to work.
I had this issue because of version missmatch of client and server. After updating both to the same version, it worked for me.
The issue with me was timeout at first. I tried increasing the timeout in settings but then later found the issue was with "tar".
The vscode-server.tar.gz (probably a little change in the file name) was not able to install due to tar not being present in my host.
So I installed tar in the host as "yum install tar"
And then tried reconnecting to the server and it worked
localrc file
ADMIN_PASSWORD=password2 MYSQL_PASSWORD=password2
RABBIT_PASSWORD=password2 SERVICE_PASSWORD=password2
SERVICE_TOKEN=token2
ENABLED_SERVICES=key,n-api,n-crt,n-obj,n-cpu,n-net,n-cond,cinder,c-sch,c-api,c-vol,n-sch,n-novnc,n-xvnc,n-cauth,horizon,mysql,rabbit,ldap
KEYSTONE_IDENTITY_BACKEND=ldap
KEYSTONE_CLEAR_LDAP=yes LDAP_PASSWORD=9632
I followed this website(http://www.ibm.com/developerworks/cloud/library/cl-ldap-keystone/)
I am assuming the above snippet is from a file written in shell script. Your example looks Ok.
I checked the link you provided and noted that the line you say failed is written in the IBM example as:
KEYSTONE_IDENTITY_BACKEND = ldap
Which is not legal sh (or bash) and would cause the error message you described.
KEYSTONE_IDENTITY_BACKEND = ldap
-bash: KEYSTONE_IDENTITY_BACKEND: command not found
I suspect you copied and pasted the bad example from the link into your localrc file, which caused the error you saw, but somehow when you wrote the SO question, you corrected the mistake by removing the spaces around the "=".
Edit: Investigation
;TLDR
Create a file in the root of the devstack repo, devstack/local.conf with the contents:
[[local|localrc]]
ADMIN_PASSWORD=password2
MYSQL_PASSWORD=password2
RABBIT_PASSWORD=password2
SERVICE_PASSWORD=password2
SERVICE_TOKEN=token2
ENABLED_SERVICES=key,n-api,n-crt,n-obj,n-cpu,n-net,n-cond,cinder,c-sch,c-api,c-vol,n-sch,n-novnc,n-xvnc,n-cauth,horizon,mysql,rabbit,ldap
KEYSTONE_IDENTITY_BACKEND=ldap
KEYSTONE_CLEAR_LDAP=yes
LDAP_PASSWORD=9632
Full Description
I installed devstack on Centos7 (using the Devstack Quick Start Guide):
git clone https://git.openstack.org/openstack-dev/devstack
cd devstack
./stack.sh
I entered passwords as prompted, but eventually it failed with the error:
Error: pg_config executable not found.
Please add the directory containing pg_config to the PATH
or specify the full executable path with the option:
python setup.py build_ext --pg-config /path/to/pg_config build ...
or with the pg_config option in 'setup.cfg'.
I traced the problem to a limited PATH in the sudoers entry, and because my postgreSQL install is in a non-standard location, I linked pg_config into /usr/local/bin and ran stack.sh again:
sudo ln -s /usr/pgsql-9.3/bin/pg_config /usr/local/bin/pg_config
./stack.sh
(You probably won't have to do this if Postgres is in a standard location).
Install took a long time -
This is your host IP address: 192.168.200.181
This is your host IPv6 address: ::1
Horizon is now available at http://192.168.200.181/dashboard
Keystone is serving at http://192.168.200.181/identity/
The default users are: admin and demo
The password: 12345678
2016-07-17 18:16:32.834 | WARNING:
2016-07-17 18:16:32.834 | Using lib/neutron-legacy is deprecated, and it will be removed in the future
2016-07-17 18:16:32.834 | stack.sh completed in 1447 seconds.
I killed the devstack session and did it all again with a clean git repo and with a localrc file.
./unstack.sh
cd ..
git clone https://git.openstack.org/openstack-dev/devstack
cd devstack
cat << __EOF > local.conf
[[local|localrc]]
ADMIN_PASSWORD=password2
MYSQL_PASSWORD=password2
RABBIT_PASSWORD=password2
SERVICE_PASSWORD=password2
SERVICE_TOKEN=token2
ENABLED_SERVICES=key,n-api,n-crt,n-obj,n-cpu,n-net,n-cond,cinder,c-sch,c-api,c-vol,n-sch,n-novnc,n-xvnc,n-cauth,horizon,mysql,rabbit,ldap
KEYSTONE_IDENTITY_BACKEND=ldap
KEYSTONE_CLEAR_LDAP=yes
LDAP_PASSWORD=9632
__EOF
./stack.sh
This time there were no password prompts, so the local config was definitely read.
I'm setting up a git environment on Windows XP (msysGit 1.7.11, TortoiseGit 1.7.14) and trying to achieve following points :
ssh connection on a port different than default 22
ssh authentification handled by ssh-agent
So I create a ~/.ssh/config file :
Host gitbox
User gitolite
Hostname XX.XX.XX.XX
Port 154
PreferredAuthentications publickey
IdentityFile "/c/Documents and Settings/kraymer/.ssh/id_rsa"
When using the git bash CLI, everything works as intended.
I'm struggling with TortoiseGit.
I first installed TortoiseGit with Plink and using Pageant to load ssh private key. The automatic authentication (Pageant) worked but setup was a fail as TortoiseGit don't recognize git repos url formatted as gitolite#gitbox/repo.git.
I then decided to install TortoiseGit using openssh client, so the config file can be read by the ssh client, and to mimic the git CLI setup.
I picked the ssh.exe shipped with msys git as ssh client in TortoiseGit settings.
When doing a git pull, the remote url is now resolved but the passphrase password is asked while I expect ssh-agent automatic authentication to occur.
Is it possible to make TortoiseGit work with ssh-agent ?
Or make TortoiseGit (Plink) aware of .ssh/config ?
Edit #1
Following #VonC advice I configured my $HOME variable.
When I click Show environment variables in TortoiseGit I now have :
HOME=C:\Documents and Settings\kraymer
HOMEDRIVE=C:
HOMEPATH=\Documents and Settings\kraymer
But git pull still require I enter passphrase.
No tweaks needed.
Just make TortoiseGit point to the same ssh client used by git itself, see the screenshot:
This should be C:\Program Files\Git\usr\bin\ssh.exe in latest version of Git as mentioned by Aleksey Kontsevich in the comments.
I first installed TortoiseGit with Plink and using Pageant to load ssh private key. The automatic authentication (Pageant) worked but setup was a fail as TortoiseGit don't recognize git repos url formatted as gitolite#gitbox/repo.git.
I finally found a workaround which consist to create a PuTTY session with the same name that the ssh alias (ie gitbox in the question).
This way I can clone as git clone gitbox/monrepo in the CLI and the origin syntax is correctly handled by TortoiseGit.
Windows10 System
#TortoiseGit
In Network Section
From : C:\Program Files\TortoiseGit\bin\TortoiseGitPlink.exe
To : "C:\Users{user}\AppData\Local\Programs\Git\usr\bin\ssh.exe"
There seems to be a whole variety of options to solve this. As none of the above have worked for me, I tought I'd share what helped for me.
In Settings... -> Network -> SSH -> SSH client, set the client to C:\Program Files\TortoiseGit\bin\TortoiseGitPlink.exe. Using Pageant, you're then automatically authenticated as expected, otherwise you are prompted for your private key passphrase. Make sure the "Autoload Putty Key" option is checked in the push dialog.
Cygwin
Use approach described in the following article:
https://help.github.com/articles/working-with-ssh-key-passphrases
Password will be asked only once on the cygwin session startup.
!!! Before exiting cygwin session don't forget to kill ssh-agent process (use ps for find process PID and kill -9).
We are using separate approach for cygwin, because cygwin by some reason doesn't see processes started externally in windows environment.
2, 3) MsysGit, TortoiseGit
Useful link:
http://dogbiscuit.org/mdub/weblog/Tech/WindowsSshAgent
Install MsysGit.
Install TortoiseGit (check openssh instead of plink during installation).
!!! Check systems variables. If there is GIT_SSH variable present - remove it.
Go to TortoiseGit->Settings->General
Set Git exe Path to /bin
Set External dll path to /mingw/bin
Go to TortoiseGit->Settings->Network
Set SSH Client property to /bin/ssh.exe
Define system variable SSH_AUTH_SOCK=C:\temp.ssh-socket
Start cmd.exe and execute following commands(since we installed MsysGit all following commands are accessible in cmd - /bin is added to system PATH variable):
# following command is required to execute for avoiding Address already bind message when ssh-agen is not started yet but .ssh-socket exists after previous agent session
rm "%SSH_AUTH_SOCK%"
# Starting ssh-agent
ssh-agent -a "%SSH_AUTH_SOCK%"
# Adding our openssh key
ssh-add "%USERPROFILE%\.ssh\id_rsa"
# Type password for your key
That's it. From that moment you can execute git push, git pull from TortoiseGit and MsysGit without prompting passphrase.
When ssh-agent is no longer required you can kill it through windows task manager.
None of the above answers worked for me.
I created this batch file to solve the problem.
CALL "C:\Program Files\Git\cmd\start-ssh-agent.cmd"
SETX SSH_AUTH_SOCK "%SSH_AUTH_SOCK%"
SETX SSH_AGENT_PID "%SSH_AGENT_PID%"
Run this once, and enter your passphrase.
Then you can use tortoisegit with openssh without having to enter your passphrase for every operation.
Make sure to launch your TortoiseGit in an environment where HOME is defined, and reference the parent directory of .ssh.
This is important since, on Windows, HOME isn't defined by default.
See as an example: "Auth fails on Windows XP with git and tortoisegit".
(Other possible sources: "How to I tell Git for Windows where to find my private RSA key?")
Since the explanations here are a bit outdated, I decided to post my solution.
I am using Git Bash and TortoiseGit 2.8.0 in Windows 10, which are common nowadays.
I set ssh.exe as SSH client in Settings->Network as explained in previous posts.
I created a script with the following commands, as explained in a previous comment. You might also want to set a HOME environment variable, in case your system does not do it automatically. Assuming your home is in drive H:\ you can add the following lines:
SETX HOME /h
CALL "C:\Program Files\Git\cmd\start-ssh-agent.cmd"
SETX SSH_AUTH_SOCK "%SSH_AUTH_SOCK%"
SETX SSH_AGENT_PID "%SSH_AGENT_PID%"
I added the script using Win logo+R shell:startup to the startup folder. Alternatively, you can add the script to the registry to guarantee that it runs before other processes:
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run
Make sure to type exit to close the console and allow for the variable to be set for future processes.
If you use RSA keys in repositories, add at the end of the script as described above^
CALL "C:\Program Files\Git\cmd\start-ssh-agent.cmd"
...
"C:\Program Files\Git\usr\bin\ssh-add" ~/.ssh/myid.rsa
Works with Git 2.24.0, TortoiseGit 2.9.0, Windows 10 and no any Putty using.
I am reading Michael Hartl's "Ruby On Rails 3 Tutorial" and have come to the point where I am pushing my first_app to Github. When I first tried this I got the error "Permission denied: (publickey). I thought the problem was I did not have a SSH keypair for Github. So in following their advice for generation a new keypair from the URL https://help.github.com/articles/generating-ssh-keys
I typed in
ssh-keygen -t rsa -C "your_email#youremail.com"
To which I received the error
"ssh-keygen is not recognized as an external or internal command, operable program, or batch file."
I am using Windows 7 OS. So I think my problem is that this command line entry is for Mac or Linux based command lines. Can someone please tell me the Windows 7 OS equivalent of this entry, so that I can create a new SSH keypair and continue on with the tutorial?
Flip the url to windows-specific:
https://help.github.com/articles/generating-ssh-keys#platform-windows
and note that they say to "Open the GIT bash", not the windows CMD.
ssh-keygen is part of Openssh package which you can install separately (Look for CopSSH for Windows, which is a Windows port of OpenSSH).
The first step is installing open-ssh, one way is indeed by installing Git for Windows. During the installation choose the third option of being able to use the "unix" tools from the command line.
I have a small wrapper utility that loads the agent to memory in github (#selfplug) and your identities, allowing an easy use from the command line.