TortoiseGit with openssh key not authenticating using ssh-agent - ssh

I'm setting up a git environment on Windows XP (msysGit 1.7.11, TortoiseGit 1.7.14) and trying to achieve following points :
ssh connection on a port different than default 22
ssh authentification handled by ssh-agent
So I create a ~/.ssh/config file :
Host gitbox
User gitolite
Hostname XX.XX.XX.XX
Port 154
PreferredAuthentications publickey
IdentityFile "/c/Documents and Settings/kraymer/.ssh/id_rsa"
When using the git bash CLI, everything works as intended.
I'm struggling with TortoiseGit.
I first installed TortoiseGit with Plink and using Pageant to load ssh private key. The automatic authentication (Pageant) worked but setup was a fail as TortoiseGit don't recognize git repos url formatted as gitolite#gitbox/repo.git.
I then decided to install TortoiseGit using openssh client, so the config file can be read by the ssh client, and to mimic the git CLI setup.
I picked the ssh.exe shipped with msys git as ssh client in TortoiseGit settings.
When doing a git pull, the remote url is now resolved but the passphrase password is asked while I expect ssh-agent automatic authentication to occur.
Is it possible to make TortoiseGit work with ssh-agent ?
Or make TortoiseGit (Plink) aware of .ssh/config ?
Edit #1
Following #VonC advice I configured my $HOME variable.
When I click Show environment variables in TortoiseGit I now have :
HOME=C:\Documents and Settings\kraymer
HOMEDRIVE=C:
HOMEPATH=\Documents and Settings\kraymer
But git pull still require I enter passphrase.

No tweaks needed.
Just make TortoiseGit point to the same ssh client used by git itself, see the screenshot:
This should be C:\Program Files\Git\usr\bin\ssh.exe in latest version of Git as mentioned by Aleksey Kontsevich in the comments.

I first installed TortoiseGit with Plink and using Pageant to load ssh private key. The automatic authentication (Pageant) worked but setup was a fail as TortoiseGit don't recognize git repos url formatted as gitolite#gitbox/repo.git.
I finally found a workaround which consist to create a PuTTY session with the same name that the ssh alias (ie gitbox in the question).
This way I can clone as git clone gitbox/monrepo in the CLI and the origin syntax is correctly handled by TortoiseGit.

Windows10 System
#TortoiseGit
In Network Section
From : C:\Program Files\TortoiseGit\bin\TortoiseGitPlink.exe
To : "C:\Users{user}\AppData\Local\Programs\Git\usr\bin\ssh.exe"

There seems to be a whole variety of options to solve this. As none of the above have worked for me, I tought I'd share what helped for me.
In Settings... -> Network -> SSH -> SSH client, set the client to C:\Program Files\TortoiseGit\bin\TortoiseGitPlink.exe. Using Pageant, you're then automatically authenticated as expected, otherwise you are prompted for your private key passphrase. Make sure the "Autoload Putty Key" option is checked in the push dialog.

Cygwin
Use approach described in the following article:
https://help.github.com/articles/working-with-ssh-key-passphrases
Password will be asked only once on the cygwin session startup.
!!! Before exiting cygwin session don't forget to kill ssh-agent process (use ps for find process PID and kill -9).
We are using separate approach for cygwin, because cygwin by some reason doesn't see processes started externally in windows environment.
2, 3) MsysGit, TortoiseGit
Useful link:
http://dogbiscuit.org/mdub/weblog/Tech/WindowsSshAgent
Install MsysGit.
Install TortoiseGit (check openssh instead of plink during installation).
!!! Check systems variables. If there is GIT_SSH variable present - remove it.
Go to TortoiseGit->Settings->General
Set Git exe Path to /bin
Set External dll path to /mingw/bin
Go to TortoiseGit->Settings->Network
Set SSH Client property to /bin/ssh.exe
Define system variable SSH_AUTH_SOCK=C:\temp.ssh-socket
Start cmd.exe and execute following commands(since we installed MsysGit all following commands are accessible in cmd - /bin is added to system PATH variable):
# following command is required to execute for avoiding Address already bind message when ssh-agen is not started yet but .ssh-socket exists after previous agent session
rm "%SSH_AUTH_SOCK%"
# Starting ssh-agent
ssh-agent -a "%SSH_AUTH_SOCK%"
# Adding our openssh key
ssh-add "%USERPROFILE%\.ssh\id_rsa"
# Type password for your key
That's it. From that moment you can execute git push, git pull from TortoiseGit and MsysGit without prompting passphrase.
When ssh-agent is no longer required you can kill it through windows task manager.

None of the above answers worked for me.
I created this batch file to solve the problem.
CALL "C:\Program Files\Git\cmd\start-ssh-agent.cmd"
SETX SSH_AUTH_SOCK "%SSH_AUTH_SOCK%"
SETX SSH_AGENT_PID "%SSH_AGENT_PID%"
Run this once, and enter your passphrase.
Then you can use tortoisegit with openssh without having to enter your passphrase for every operation.

Make sure to launch your TortoiseGit in an environment where HOME is defined, and reference the parent directory of .ssh.
This is important since, on Windows, HOME isn't defined by default.
See as an example: "Auth fails on Windows XP with git and tortoisegit".
(Other possible sources: "How to I tell Git for Windows where to find my private RSA key?")

Since the explanations here are a bit outdated, I decided to post my solution.
I am using Git Bash and TortoiseGit 2.8.0 in Windows 10, which are common nowadays.
I set ssh.exe as SSH client in Settings->Network as explained in previous posts.
I created a script with the following commands, as explained in a previous comment. You might also want to set a HOME environment variable, in case your system does not do it automatically. Assuming your home is in drive H:\ you can add the following lines:
SETX HOME /h
CALL "C:\Program Files\Git\cmd\start-ssh-agent.cmd"
SETX SSH_AUTH_SOCK "%SSH_AUTH_SOCK%"
SETX SSH_AGENT_PID "%SSH_AGENT_PID%"
I added the script using Win logo+R shell:startup to the startup folder. Alternatively, you can add the script to the registry to guarantee that it runs before other processes:
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run
Make sure to type exit to close the console and allow for the variable to be set for future processes.

If you use RSA keys in repositories, add at the end of the script as described above^
CALL "C:\Program Files\Git\cmd\start-ssh-agent.cmd"
...
"C:\Program Files\Git\usr\bin\ssh-add" ~/.ssh/myid.rsa
Works with Git 2.24.0, TortoiseGit 2.9.0, Windows 10 and no any Putty using.

Related

intellij repository clone failed: Authentication failed

versiont Control > GitHub > "Test Successufl"
IMG1
Git version : 2.18.0
SSH ececutable: Native
IMG2
BUT!!
git clone fail
IMG3
I don't know why this happens any help would be appreciated.
You are cloning via HTTP. SSH executable is not related.
Check if it works in the command line first. It could happen there is git credential.helper that somehow saved wrong credentials and git is trying to use them.
You could use SSH instead, but make sure SSH keys are registered on GitHub and, since you want to use native SSH client, the key is added to ssh-agent or does not have a passphrase, because IntelliJ is not a terminal and cannot handle interactive prompts for passphrases.
Everybody Thanks~
I resolved it in the following way.
Step 1. Create SSH Key (in Local PC)
My PC use Windows.
So, I use Git Bash.
Step 2. Register GitHub
Personal settings > SSH and GPG Keys
Nes SSH Key > XXX_rsa.pub (This contens is Created SSH Key File in Local PC)
Step 3. In intellij, Git Clone used "Use SSH" instead of "Use HTTPS".

Subversion export/checkout in Dockerfile without printing the password on screen

I want to write a Dockerfile which exports a directory from a remote Subversion repository into the build context so I can work with these files in subsequent commands. The repository is secured with user/password authentication.
That Dockerfile could look like this:
# base image
FROM ubuntu
# install subversion client
RUN apt-get -y update && apt-get install -y subversion
# export my repository
RUN svn export --username=myUserName --password=myPassword http://subversion.myserver.com/path/to/directory
# further commands, e.g. on container start run a file just downloaded from the repository
CMD ["/bin/bash", "path/to/file.sh"]
However, this has the drawback of printing my username and password on the screen or any logfile where the stdout is directed, as in Step 2 : RUN svn export --username=myUserName --password=myPassword http://subversion.myserver.com/path/to/directory. In my case, this is a Jenkins build log which is also accessible by other people who are not supposed to see the credentials.
What would be the easiest way to hide the echo of username and password in the output?
Until now, I have not found any way how to execute RUN commands in a Dockerfile silently when building the image. Could the password maybe be imported from somewhere else and attached to the command beforehand so it does not have to be printed anymore? Or are there any methods for password-less authentication in Subversion that would work in the Dockerfile context (in terms of setting them up without interaction)?
The Subversion Server is running remotely in my company and not on my local machine or the Docker host. To my knowledge, I have no access to it except for accessing my repository via username/password authentication, so copying any key files as root to some server folders might be difficult.
The Dockerfile RUN command is always executed and cached when the docker image is build so the variables that svn needs to authenticate must be provided at build time. You can move the svn export call when the docker run is executed in order to avoid this kind of problems. In order to do that you can create a bash script and declare it as a docker entrypoint and pass environment variables for username and password. Example
# base image
FROM ubuntu
ENV REPOSITORY_URL http://subversion.myserver.com/path/to/directory
# install subversion client
RUN apt-get -y update && apt-get install -y subversion
# make it executable before you add it here otherwise docker will coplain
ADD docker-entrypoint.sh /enrypoint.sh
ENTRYPOINT /entrypoint.sh
docker-entrypoint.sh
#!/bin/bash
# maybe here some validation that variables $REPO_USER $REPO_PASSOWRD exists.
svn export --username="$REMOTE_USER" --password="$REMOTE_PASSWORD" "$REPOSITORY_URL"
# continue execution
path/to/file.sh
Run your image:
docker run -e REPO_USER=jane -e REPO_PASSWORD=secret your/image
Or you can put the variables in a file:
.svn-credentials
REPO_USER=jane
REPO_PASSWORD=secret
Then run:
docker run --env-file .svn-credentials your/image
Remove the .svn-credentials file when your done.
Maybe using SVN with SSH is a solution for you? You could generate a public/private key pair. The private key could be added to the image whereas the public key gets added to the server.
For more details you could have a look at this stackoverflow question.
One solution is to ADD the entire SVN directory you previously checked out on your builder file-system (or added as a svn:externals if your Dockerfile is itself in a SVN repository like this: svn propset svn:externals 'external_svn_directory http://subversion.myserver.com/path/to/directory' ., then do a svn up).
Then in your Dockerfile you can simply have this:
ADD external_svn_directory /tmp/external_svn_directory
RUN svn export /tmp/external_svn_directory /path/where/to/export/to
RUN rm -rf /tmp/external_svn_directory
Subversion stores authentication details (if it not disabled in configuration) at client side and use stored username|password on request for the subsequent operations on the same URL.
Thus - you have to run (successful) svn export in Dockerfile with username|password only once and allow SVN to use cached credentials (remove auth. options from command-line) later

Properly set SSH home in GitPortable

I would very much like to take my Git install with me wherever I go, so I have installed GitPortable via PortableApps.
Unfortunately, the OpenSSH utilities available in git-bash insists on placing/searching for the .ssh folder in a nonsensical place (C/.ssh).
Now, I have seen others with the same problem, but the solution generally was to set HOME as a Windows environment variable. But this is not working for me.
From the usual Windows command prompt:
C:\Users\snb>echo %HOME%
C:\Users\snb
Showing that the environment variable is apparently set correctly.
From git-bash:
snb#SNB-WORKSTATION /c/Users/snb
$ echo $HOME
C:\Users\snb
Showing that git-bash agrees. However if I test out an SSH command, OpenSSH has the completely wrong idea of where to locate the .ssh folder:
snb#SNB-WORKSTATION /c/Users/snb
$ ssh -T git#bitbucket.org
Could not create directory 'C/.ssh'.
The authenticity of host 'bitbucket.org (131.103.20.167)' can't be established.
RSA key fingerprint is 97:8c:1b:f2:6f:14:6b:5c:3b:ec:aa:46:46:74:7c:40.
Are you sure you want to continue connecting (yes/no)?
I'm at a loss at what to do to make OpenSSH in the GitPortable installation understand where my home directory is. Do you have any ideas other than giving in and just installing Git for Windows?
EDIT:
The OpenSSH version is:
$ ssh -V
OpenSSH_6.6.1p1, OpenSSL 1.0.1i 6 Aug 2014
The command uses the correct .ssh folder location in a Windows command prompt when using git-cmd.bat:
C:\Users\snb>ssh -T git#bitbucket.org
The authenticity of host 'bitbucket.org (131.103.20.168)' can't be established.
RSA key fingerprint is 97:8c:1b:f2:6f:14:6b:5c:3b:ec:aa:46:46:74:7c:40.
Are you sure you want to continue connecting (yes/no)? yes
Warning: Permanently added 'bitbucket.org,131.103.20.168' (RSA) to the list of known hosts.
Enter passphrase for key '/c/Users/snb/.ssh/id_rsa':
But I truly hate cmd.exe, I need this to work for git-bash! :)
The SSH command git-bash uses is:
$ which ssh
/bin/ssh
The /bin folder is located inside the GitPortable installation, so this would be the OpenSSH version distributed with GitPortable.
This GitPortable is based on msysgit PortableGit-1.9.5-preview20141217 github commit
The proper path for HOME in a bash session should be set with:
export HOME=/c/Users/snb
That would make it compatible with ssh in a unix shell.
Using posix path seems safer considering Git is running on top of a posix run-time environment.

cannot spawn C:\ProgramFiles(x86)\Git\cmd\: No such file or directory.

I have a problem when I'm trying to clone with git on cygwin. My GIT_SSH is
"C:\ProgramFiles(x86)\Git\bin\".
When I try to clone, here is the result:
$ git clone ssh://*****/home/local/git/prestashop myDirectory
Cloning into 'myDirectory'...
error: cannot spawn C:\ProgramFiles(x86)\Git\cmd\: No such file or directory
fatal: unable to fork
I've seen many question related to that problem but I can't find answers to solve this problem. All ideas welcome ! Thanks !
Following Git with SSH on Windows, you see that GIT_SSH should reference the ssh executable, not just its path:
(old msysgit)
set GIT_SSH=C:\Program Files (x86)\Git\bin\ssh.exe
(new 2015 git for Windows)
set GIT_SSH=C:\Program Files\Git\usr\bin\ssh.exe
In my case, since I was using Git Extensions (3.3.1), I had adjust my SSH Client path.
Todo so, I went to Menu Tools > Settings > Git Extensions (category on left side) > SSH and adjusted my SSH Client path to C:\Program Files\git\usr\bin\SSH.EXE
Update 1
Facing this issue once again, after switching to Putty, because Pageant allows me to set my private once a day without exposing outside, where I've forgot set Putty as my ssh client, by going to Tools > Settings > Git Extensions (category on left side) > SSH > And setting Putty as my ssh client

Setting the default ssh key location

ssh will look for its keys by default in the ~/.ssh folder. I want to force it to always look in another location.
The workaround I'm using is to add the keys from the non-standard location to the agent:
ssh-agent
ssh-add /path/to/where/keys/really/are/id_rsa
(on Linux and MingW32 shell on Windows)
If you are only looking to point to a different location for you identity file, the you can modify your ~/.ssh/config file with the following entry:
IdentityFile ~/.foo/identity
man ssh_config to find other config options.
man ssh gives me this options would could be useful.
-i identity_file
Selects a file from which the identity (private key) for RSA or
DSA authentication is read. The default is ~/.ssh/identity for
protocol version 1, and ~/.ssh/id_rsa and ~/.ssh/id_dsa for pro-
tocol version 2. Identity files may also be specified on a per-
host basis in the configuration file. It is possible to have
multiple -i options (and multiple identities specified in config-
uration files).
So you could create an alias in your bash config with something like
alias ssh="ssh -i /path/to/private_key"
I haven't looked into a ssh configuration file, but like the -i option this too could be aliased
-F configfile
Specifies an alternative per-user configuration file. If a configuration file is given on the command line, the system-wide configuration file (/etc/ssh/ssh_config) will be ignored. The default for the per-user configuration file is ~/.ssh/config.
Update for Git Bash on Windows 10: on my system, git bash app will work over the ssh layer (brought by OpenSSH) look for an environment variable called HOME (To Windows key and type in "env" to edit env vars). If this variable points to a place that doesn't exist, git bash may never open.
Like on Linux, Git Bash app will look for its config file in %HOME%\.ssh.
e.g. If you set HOME to C:\Users\Yourname, than it will look for C:\Users\Yourname\.ssh
Finally, within config text file, git bash will look for IdentifyFile path.
On Windows, set the path using cygwin notation.
e.g. to /e/var/www/certs/keys/your_passwordless_key.key
Bonus: for free, PHPStorm will use that setup. Restart IDE if you've just changed settings.