Develop Reference

Git not using SSH Key to authenticate to Azure DevOps

I recently switched to a new install of Fedora 33 Silverblue running a toolbox. This also happened outside of the toolbox as well. I generated an SSH key using the following command
ssh-keygen -t rsa -b 4096 -C filbot#fenix
Then I uploaded it to Azure DevOps under my account. However, I cannot clone anything from Azure DevOps with the following ~/.ssh/config:
⬢[filbot#toolbox ~]$ cat ~/.ssh/config
# SSH Configuration File
Host ssh.dev.azure.com
HostName ssh.dev.azure.com
User git
IdentityFile /var/home/filbot/.ssh/id_rsa
IdentitiesOnly yes
Host vs-ssh.visualstudio.com
HostName vs-ssh.visualstudio.com
User git
IdentityFile /var/home/filbot/.ssh/id_rsa
IdentitiesOnly yes
Then I ran these git clone commands with the following result:
⬢[filbot#toolbox ~]$ git clone git#ssh.dev.azure.com:v3/$ORG/$PROJ/Developer.dudleyp.cs_pipeline_tasks
Cloning into 'Developer.dudleyp.cs_pipeline_tasks'...
git#ssh.dev.azure.com's password:
⬢[filbot#toolbox ~]$ GIT_SSH_COMMAND=ssh git clone git#ssh.dev.azure.com:v3/$ORG/$PROJ/Developer.dudleyp.cs_pipeline_tasks
Cloning into 'Developer.dudleyp.cs_pipeline_tasks'...
git#ssh.dev.azure.com's password:
⬢[filbot#toolbox ~]$ ssh -T git#ssh.dev.azure.com
Warning: Permanently added the RSA host key for IP address '20.37.158.9' to the list of known hosts.
git#ssh.dev.azure.com's password:
⬢[filbot#toolbox ~]$ ssh -i ~/.ssh/id_rsa -T git#ssh.dev.azure.com
git#ssh.dev.azure.com's password:
It seems that Git is not respecting or even using the ssh config in my home directory like it did before or in other older installs of Fedora or Pop!_OS. I don't understand why it's doing this now, and how to get the information to figure this out more.

I had the exact same issue and found a solution here:
Fedora 33 git pull or clone no longer working and/or ssh key no longer recognized
Basically, in your ~/.ssh/config file, under each Host section, add PubkeyAcceptedKeyTypes ssh-rsa.
Host ssh.dev.azure.com
HostName ssh.dev.azure.com
User git
IdentityFile /var/home/filbot/.ssh/id_rsa
IdentitiesOnly yes
PubkeyAcceptedKeyTypes ssh-rsa

Run ssh in debug mode, with -v. It will output the whole process running in the background. In the output, it will mention what method of authentication it's using and why.

It seems to be a Fedora 33 thing. I used a Fedora 32 Toolbox and Git worked as expected.
➜ ~ toolbox create --release f32
Image required to create toolbox container.
Download registry.fedoraproject.org/f32/fedora-toolbox:32 (500MB)? [y/N]: y
Created container: fedora-toolbox-32
Enter with: toolbox enter --release 32
➜ ~ toolbox enter --release 32
⬢[filbot#toolbox ~]$ git clone -v git#ssh.dev.azure.com:v3/$ORG/$PROJ/Developer.dudleyp.cs_pipeline_tasks
Cloning into 'Developer.dudleyp.cs_pipeline_tasks'...
remote: Azure Repos
remote: Found 45 objects to send. (88 ms)
Receiving objects: 100% (45/45), 77.83 KiB | 25.94 MiB/s, done.
Resolving deltas: 100% (14/14), done.

Could not resolve host: github.com ONLY in windows bash

I have installed ubuntu 18.04(WSL) in my win 10 64 bit, 1903.
For the command git clone https://github.com/facebookresearch/fastText.git,
it works well in git bash(git for windows) and ubuntu 18.04 shell but not in bash (C:\Windows\System32\bash.exe), the error message is
$ git clone https://github.com/facebookresearch/fastText.git
Cloning into 'fastText'...
fatal: unable to access 'https://github.com/facebookresearch/fastText.git/': Could not resolve host: github.com
I have only two .gitconfig file in my pc, one for git bash and another for ubuntu 18.04 shell. I think ubuntu 18.04 shell may equal to bash in some degree but the bash must have problems.

It could be that your /etc/resolv.conf file is corrupt - it happened to me!
Symptoms are:
Inside WSL /etc/resolv.conf is not plain text but some binary garbage. It should be plain text.
You cannot e.g. ping google.com or ping stackoverflow.com from inside WSL.
You can ping those domains OK from powershell in the windows host. Windows git also works OK.
Aside: Interestingly ping github.com fails for me today on all my machines but that doesn't stop me from visiting github in my browser or using git - strange.
The solution is to sudo rm /etc/resolv.conf and restart WSL - windows will recreate that file for you and you should be able to ping away and use git once more from within WSL.
To restart WSL - open a Powershell terminal in Administrator mode and run the following commands. (taken from #germa-vinsmoke 's answer)
wsl --shutdown
Get-Service LxssManager | Restart-Service

Edit your wsl.conf
sudo nano /etc/wsl.conf
[network]
generateResolvConf = false
Save this file and exit. Then edit /etc/resolv.conf.
sudo nano /etc/resolv.conf
Add/Edit this line
nameserver 1.1.1.1
Then close your WSL console. Open Powershell with admin and shutdown the wsl.
wsl --shutdown
At last, restart the wsl service
Get-Service LxssManager | Restart-Service
More info - WSL2 - No internet connectivity. DNS Issues(Temporary failure in name resolution)
Edit 1 By P.hunter:
When your are behind an VPN, you need to set your nameserver to same what the VPN provides.
For that -
Go to Network Status (On Windows) and click on change adapter settings.
Find the adapter of your VPN, right click on it and open properties.
Find IpV4 option from the dropdown, and open it.
Find the DNS mentioned and use the same in Step 3.

None of the above answers worked for me. But this answer from this Github thread did. Reposting for ease:
It seems launching the VSCode daemon messes things up
Make this your /etc/wsl.conf file
[network]
generateResolvConf = false
Shutdown wsl
wsl --shutdown
Start wsl and create the file: /etc/resolv.conf containing
nameserver 8.8.8.8
P.S. if this answer doesn't help, others on the Github thread might!

I can assume that you have problems with proxying.
Try it:
git config --global --unset http.proxy
git config --global --unset https.proxy
Similar problem: #20370294 and #5377703

I did the following step to resolve the issue:
Check the connection to the internet.
ping stackoverflow.com
Edit /etc/resolv.conf, in my case the reason is due to the nameserver 172.22.16.1
sudo vim /etc/resolv.conf
add the nameserver to point to google server
nameserver 8.8.8.8
nameserver 8.8.4.4
and add a comment to the original nameserver by adding #
Repeat step 1 to cross-check the connection again.
Hope this helps!

ssh remote access on bash Windows 10

I'd like to connect remotely to the Ubuntu bash on my Windows 10.
I've got an answer on port 22 but when it asks for username and password, it says access denied...
I've already created a user "root" and i've done a "sudo passwd root"
Windows firewall is deactivated (service stopped).
Thanks !

Stop ssh server and ssh broker services on Windows to avoid SSH port conflict
Makes below changes in /etc/ssh/sshd_config:
UsePrivilegeSeparation no
PasswordAuthentication yes
Then restart ssh server by sudo service ssh restart. If you see could not load host key error then create host key as below and restart ssh service:
sudo ssh-keygen -f /etc/ssh/ssh_host_rsa_key -b 4096 -t rsa

First, You need to Stop/Disable Windows 10 SSH Server Broker Services or Change OpenSSH Port.
After that, modify the /etc/ssh/sshd_config:
UsePrivilegeSeparation no
PubkeyAuthentication no
PasswordAuthentication yes

I started having issues after installing VirtualBox with my Bash on Ubuntu on Windows SSH connection. I stopped the VM, uninstalled, and still couldn't authenticate. The user 'Nobody' is correct, the best solution would either to disable the SSH Broker for Windows 10, or just change the port for SSH on the Linux subsystem, which I did, and works perfectly.

You must also in most cases add a inbound firewall rule to allow traffic on port 22.. the default setup only allows for inbound traffic using the windows implementation of ssh, therefore not allowing any traffic for the openssh-server. Just follow the instructions above and then add a rule for port 22 inbound in Windows Firewall and you should be set.

Since windows implementation doesn't provide chroot you need to modify the /etc/ssh/sshd_config
UsePrivilegeSeparation no
Also you will need to create a user using useradd command or so.

use ssh private key from host in vagrant guest

I want to clone a bunch of private git repositories while provisioning a vagrant box. According to this article this should be possible using config.ssh.forward_agent = true. However, when trying to connect to github via something like ssh -T git#github.com -o StrictHostKeyChecking=no it fails with the following error:
Warning: Permanently added 'github.com,192.30.252.130' (RSA) to the list of known hosts.
Permission denied (publickey).
I cut my configuration down to the simplest possible configuration. You can find it here: https://gist.github.com/TomTasche/31f7c45fcffc2997d43a
When I do "vagrant ssh" and try the same again, a similar error occurs:
Cloning into 'private-repositories'...
Warning: Permanently added the RSA host key for IP address '192.30.252.130' to the list of known hosts.
Permission denied (publickey).
fatal: The remote end hung up unexpectedly
Edit: the configuration linked above does work on a host running Ubuntu, but does neither work on a Mac host, nor on a Windows host. My goal is to have a configuration that works on all these three hosts.

Please check whether your host system has ssh-agent forwarding enabled. You can do so for example by adding this block to your ~/.ssh/config file:
Host *
ForwardAgent yes
If this is enabled vagrant ssh (and also vagrant provision) should be able to forward your key to the guest machine.
You also might want to check using ssh-add -l whether your ssh-agent does know about your SSH-key. If it is in the list and you have agent-forwarding activated you should have a success. Otherwise you can add the key to your ssh-agent by running ssh-add <path to your key file>.

It sounds like you may be hitting this particular bug:
https://github.com/mitchellh/vagrant/issues/1735
(Despite it being "closed" it's actually not fixed)
On Windows, SSH Forwarding in Vagrant does not work properly by default (because of a bug in net-ssh).
However, there is a workaround or simple hack. You can auto-copy your local SSH key to the Vagrant VM via a simple provisioning script in your VagrantFile. Here's an example:
https://github.com/mitchellh/vagrant/issues/1735#issuecomment-25640783

Tom,
What you're doing is fairly generic in nature and I don't think is Vagrant specific.
Try some of the following to track down the issue:
edit your /etc/ssh/sshd_config
Set LogLevel debug
Restart the sshd service sudo service sshd restart or /etc/init.d/sshd restart
tail -f /var/log/authlog -- note, the file may be something else like /var/log/authd.log or /var/log/secure or something.
Watch what happens when you connect. It should give you some indication of why it's failing.
Again sorry, I'm not that familiar with Vagrant but I'm wondering if the provisioning script is running as another user, in which case the agent forwarding may not work as expected?

Setup passphraseless ssh to localhost on OS X

I'm trying to get Hadoop's Pseudo-Distributed Operation example (http://hadoop.apache.org/common/docs/stable/single_node_setup.html) to work on OS X Lion, but am having trouble getting the ssh to work without a passphrase.
The instructions say the following:
Setup passphraseless ssh
Now check that you can ssh to the localhost without a passphrase: $
ssh localhost
I'm getting connection refused:
archos:hadoop-0.20.203.0 travis$ ssh localhost
ssh: connect to host localhost port 22: Connection refused
If you cannot ssh to localhost without a passphrase, execute the
following commands:
$ ssh-keygen -t dsa -P '' -f ~/.ssh/id_dsa
$ cat ~/.ssh/id_dsa.pub >> ~/.ssh/authorized_keys
After this step I am still getting connection refused. Any ideas???

Sounds like you don't have SSH enabled. Should be in the network settings control panel somewhere.

You go to "System Preferences > Sharing > Remote Access" and there's a list of authorized users. Change it to "All Users".
That's solves this problem.

Check the permissions on your .ssh directory. Some ssh implementations require that the directory be chmod 700. Otherwise, they just ignore it.
Also, check the output of
ssh -v localhost
to see how the ssh client is trying to connect. The output is very detailed, and will help you decide if it's an authentication problem.

I had the same issue.
Please check if the ssh server is running or not.
If yes, open the /etc/init.d/ssh_config and /etc/init.d/sshd_config files. The issue is that the server is running on a different port and the client is pointing to different port.
Before this please ensure that openssh-server and client are installed.

I had the same problem and i solved it the following manner :
SSH is activated.
ssh -v localhost (as stated by Herko)
In the ouput, i identified that the authentication method by DSA is not supported.
debug1: Skipping ssh-dss key /Users/john/.ssh/id_dsa - not in PubkeyAcceptedKeyTypes
I simply re-generate an ECDSA keys and remove the DSA key pairs.
After the keys generation, the procedure given on Hadoop documentation holds.
Therefore, it is important to check, if the authentication method is supported by the Openssh configuration.