I have run command ssh -p [port] -v git#[host] and I get:
debug1: Authentication succeeded (publickey).
Authenticated to stash ([[ip]]:[port]).
debug1: channel 0: new [client-session]
debug1: Entering interactive session.
debug1: pledge: filesystem full
debug1: ENABLE_VIRTUAL_TERMINAL_INPUT is supported. Reading the VTSequence from console
debug1: ENABLE_VIRTUAL_TERMINAL_PROCESSING is supported. Console supports the ansi parsing
shell request failed on channel 0
When I run git clone --recurse-submodules ssh://git#[host]:[port]/[repo].git I get:
git#[host]: Permission denied (publickey).
fatal: Could not read from remote repository.
I have added public key to my bitbucket server.
I tried to generate different keys several times I have no clue what to do.
git does not ask for password when updating submodules
If those submodules are accessible with the same user as the one identified with your SSH keys, Git should not ask for password anyway.
Even if they are using an HTTPS URL, the user credentials might already be cached locally by a credential helper (git config --global credential.helper to check its value).
Related
I'm using Git For Windows (not msys or GitHub) in my build server scripts. We have a self-hosted BitBucket repository with an SSH access key configured. I'm trying to do an initial clone in my build scripts via the command line and it is failing with an SSH error/
Here is my environment:
Windows Server 2012
Git For Windows 1.9.4
SSH key stored in %USERPROFILE%\.ssh
.ssh\config points to proper SSH key for my git server domain
my server is in my known_hosts file
SysInternals ProcMon shows that the ssh key is being checked during the clone operation
The same clone operation works using the Git Bash window that comes with Git for Windows. So this rules out an invalid key (I believe)
Here is the Loglevel DEBUG3 logging from SSH during the clone operation:
[exec] debug3: send packet: type 30
[exec] debug1: sending SSH2_MSG_KEX_ECDH_INIT
[exec] debug1: expecting SSH2_MSG_KEX_ECDH_REPLY
[exec] debug3: receive packet: type 31
[exec] debug1: Server host key: ssh-rsa SHA256:K7Y..
[exec] debug3: put_host_port: [x.x.x.x]:7999
[exec] debug3: put_host_port: [xxxmyserverxxx.local]:7999
[exec] debug1: checking without port identifier
[exec] debug1: read_passphrase: can't open /dev/tty: No such device or address
[exec] Host key verification failed.
[exec] fatal: Could not read from remote repository.
[exec]
[exec] Please make sure you have the correct access rights
[exec] and the repository exists.
I can't tell if the "can't open /dev/tty" issue is the real deal breaker. I don't even know what /dev/tty would equate to inside of a Windows command window.
What's more frustrating is this exact type of operation succeeds on another repo I use with the same SSH key pair. I can see no difference in the configuration
read_passphrase: can't open /dev/tty: No such device or address is your deal breaker here. Git needs to get the password of your ssh key but cannot since it has no access to the tty (stdin). Are you running your git command from the Git Bash or from some other terminal?
As a workaround, you can create a passwordless ssh key and use that one instead. To get that working, in your Git Bash home directory, set something similar to this example:
$ ssh-keygen -b 4096 -t rsa -N "" -f "${HOME}/.ssh/id_rsa_passwordless"
$ cat <<EOF >>.ssh/config
Host github.com
HostName github.com
IdentityFile ~/.ssh/id_rsa_passwordless
EOF
Of course, it is better that you use an SSH key with a password under Git Bash, but at least you have a workaround.
Git was working fine with pushing to Bitbucket, until recently where there haven't been much changes, except for a change in DNS server settings.
The error:
Permission denied (publickey).
fatal: Could not read from remote repository.
Please make sure you have the correct access rights
and the repository exists.
I used keygen to create a new key, add the key with Git Bash (key was added and accepted) and then manually add the key to Bitbucket SSH. However, it's still yielding the same error.
Not sure what went wrong, does anyone have the same experience and able to help?
Other bits of info or attempts to troubleshoot
git remote -v, one push, one pull item listed
ssh -T git#bitbucket.org - error: Permission denied (publickey).
ssh-add -l - error: Could not open a connection to your authentication agent.
ssh -vT git#github.com - error below
ssh -Tv git#bitbucket.org OpenSSH_6.6.1, OpenSSL 1.0.1i 6 Aug 2014
debug1: Connecting to bitbucket.org [131.103.20.167] port 22.
debug1: Connection established.
debug1: identity file /.ssh/id_rsa type -1
debug1: identity file /.ssh/id_rsa-cert type -1
debug1: identity file /.ssh/id_dsa type -1
debug1: identity file /.ssh/id_dsa-cert type -1
debug1: identity file /.ssh/id_ecdsa type -1
debug1: identity file /.ssh/id_ecdsa-cert type -1
debug1: identity file /.ssh/id_ed25519 type -1
debug1: identity file /.ssh/id_ed25519-cert type -1
debug1: Enabling compatibility mode for protocol 2.0
debug1: Local version string SSH-2.0-OpenSSH_6.6.1
debug1: Remote protocol version 2.0, remote software version OpenSSH_5.3
debug1: match: OpenSSH_5.3 pat OpenSSH_5* compat 0x0c000000
debug1: SSH2_MSG_KEXINIT sent
debug1: SSH2_MSG_KEXINIT received
debug1: kex: server->client aes128-ctr hmac-md5 none
debug1: kex: client->server aes128-ctr hmac-md5 none
debug1: SSH2_MSG_KEX_DH_GEX_REQUEST(1024<3072<8192) sent
debug1: expecting SSH2_MSG_KEX_DH_GEX_GROUP
debug1: SSH2_MSG_KEX_DH_GEX_INIT sent
debug1: expecting SSH2_MSG_KEX_DH_GEX_REPLY
debug1: Server host key: RSA 97:8c /* rest of numbers */
debug1: Host 'bitbucket.org' is known and matches the RSA host key.
debug1: Found key in /.ssh/known_hosts:1
debug1: ssh_rsa_verify: signature correct
debug1: SSH2_MSG_NEWKEYS sent
debug1: expecting SSH2_MSG_NEWKEYS
debug1: SSH2_MSG_NEWKEYS received
debug1: Roaming not allowed by server
debug1: SSH2_MSG_SERVICE_REQUEST sent
debug1: SSH2_MSG_SERVICE_ACCEPT received
debug1: Authentications that can continue: publickey
debug1: Next authentication method: publickey
debug1: Trying private key: /.ssh/id_rsa
debug1: Trying private key: /.ssh/id_dsa
debug1: Trying private key: /.ssh/id_ecdsa
debug1: Trying private key: /.ssh/id_ed25519
debug1: No more authentication methods to try.
Permission denied (publickey).
- ssh-agent -s, error:
SSH_AUTH_SOCK=/tmp/ssh-2KEE1p8SGXPg/agent.1900; export SSH_AUTH_SOCK;
SSH_AGENT_PID=2712; export SSH_AGENT_PID;
echo Agent pid 2712;
The message "Could not open a connection to your authentication" implies that no agent is running (or at least not reachable).
ssh-agent bash # start a new agent
ssh-add # add your key
ssh-add -L # verify that your key is the same as on the server
ssh git#bitbucket.org # should work now
git clone git#bitbucket.org:xyz # (or something like this) should work, too
You need to run ssh-agent command and then export the variables that are displayed when you run it. To do that you can do something like this :
eval `/usr/bin/ssh-agent`
The output of the ssh-agent command is a valid shell script which when executed (a.k.a evaled) will set the right env variables required for the communication between ssh-agent program and other programs that use it.
Just make sure you kill your existing ssh-agent process before you run this command.
After that use the usual ssh-add commands to list and add keys and then your ssh should work just fine.
I know this answer may not be the best of answers but I managed to get it working with the following steps. (Disclaimer: I still dont know what went wrong)
Kill all ssh-agent process by kill PIDnumber one by one within Git Bash. Somehow I had a list full of agent processes running. I saw this list of PID when I tried to uninstall Git from my system.
Uninstall Git from the computer
Remove all SSH keys from Bitbucket repo - (manually remove by browsing to BB website)
Reinstall Git and in Git bash, ssh -T git#bitbucket.org + entered passphrase so user is login and confirmed
Added existing rsa_pub keys (i just dragged rsa_pub file to sublime text, copied the key and pasted it back to bitbucket in the same repo)
pull then push from nodejs's command line utility
This worked for me:
after you generate a new SSH key (ssh-keygen -t rsa)
and add it to the bitbucket site (cat ~/.ssh/bitbucket.pub ...)
if you still not able to connect then do this:
eval ssh-agent -s
ssh-add bitbucket
try again now again
I've installed os x server (Mavericks) on my mac and would like to add bot. For some reasons my remote repo is located on other external server and I have access to it by username and password on specified port. I've added remote repo to os x server like this:
ssh://1.2.3.4:PORT/path/to/repo.git
...filled username and password.
Then I've added bot in Xcode but when I hit integrate it fails with logs:
Cloning into 'ssh_myusername_1_2_3_4_PORT_path_to_repo_git'...
OpenSSH_6.2p2, OSSLShim 0.9.8r 8 Dec 2011 debug1: Reading
configuration data /etc/ssh_config debug1: /etc/ssh_config line 20:
Applying options for * debug1: Connecting to 1.2.3.4 [1.2.3.4] port PORT.
debug1: Connection established.
Could not create directory '/var/teamsserver/.ssh'.
debug1: identity file /var/teamsserver/.ssh/id_rsa type -1
debug1: identity file /var/teamsserver/.ssh/id_rsa-cert type -1
debug1: identity file /var/teamsserver/.ssh/id_dsa type -1
debug1: identity file /var/teamsserver/.ssh/id_dsa-cert type -1
debug1: Enabling compatibility mode for protocol 2.0
debug1: Local version string SSH-2.0-OpenSSH_6.2
debug1: Remote protocol version 2.0, remote software version OpenSSH_6.0p1 Debian-3ubuntu1
debug1: match: OpenSSH_6.0p1 Debian-3ubuntu1 pat OpenSSH*
debug1: SSH2_MSG_KEXINIT sent
debug1: SSH2_MSG_KEXINIT received
debug1: kex: server->client aes128-ctr hmac-md5 none
debug1: kex: client->server aes128-ctr hmac-md5 none
debug1: SSH2_MSG_KEX_DH_GEX_REQUEST(1024<1024<8192) sent
debug1: expecting SSH2_MSG_KEX_DH_GEX_GROUP
debug1: SSH2_MSG_KEX_DH_GEX_INIT sent
debug1: expecting SSH2_MSG_KEX_DH_GEX_REPLY
debug1: Server host key: RSA b6:b8:0e:e4:25:63:6d:64:a3:d6:6d:7f:46:85:72:0d
debug1: checking without port identifier No RSA host key is known for [1.2.3.4]:PORT
and you have requested strict checking. Host key verification failed.
fatal: Could not read from remote repository.
Please make sure you have the correct access rights and the repository
exists.
SSH Known Hosts file path is located at
/Library/Server/Xcode/Config/ssh_known_hosts
SSH strict host checking
is enabled (you can disable this by editing the
SSHStrictHostKeyChecking key in
/Library/Server/Xcode/Config/xcsbuildd.plist
Untrusted HTTPS
certificates is disabled (you can enable this by editing the
TrustSelfSignedSSLCertificates key in
/Library/Server/Xcode/Config/xcsbuildd.plist
I assume that there is a problem with permissions but in my /var there are some directories with different permissions and of course there is no teams server folder...
So I don't know how to setup proper permissions (without changing permissions of other subdirectories of /var...). I can try manually make directory "teams server" but don't know with what permissions... ? Do you have any ideas?
EDIT: For test purpose I've created teamsserver directory with 777 but that doesn't solve my problem. Logs looks the same as previous butjust WITHOUT line:
Could not create directory '/var/teamsserver/.ssh'.
Any ideas?
Thanks
I experienced a similar issue with scheme action build scripts when attempting to run git commands against a github repo protected by ssh key pairs.
Bots run builds using a _teamsserver system account. As you've discovered, these accounts don't have home directories by default. To setup builds to access and modify their home directory, I had success with the following (your mileage may vary):
sudo mkdir /var/teamsserver
sudo chown -R _teamsserver:_teamsserver /var/teamsserver/
sudo chmod -R 770 /var/teamsserver/
HTH
Ok, I took some time but I've a solution... Two solutions actually. Ashamed to admit but read and understand logs is enough to solve the problem (again :P).
FIRST ANSWER:
My server host key was added to .ssh/known_hosts BEFORE installing os x server. Server does't use that path of known hosts. As log says server uses:
SSH Known Hosts file path is located at
/Library/Server/Xcode/Config/ssh_known_hosts
and that file was empty in my case. So to solve the problem it is enough to copy known_hosts to ssh_known_hosts:
sudo cp ~/.ssh/known_hosts /Library/Server/Xcode/Config/ssh_known_hosts
It's that simple.
SECOND ANSWER:
Acording to log again
SSH strict host checking is enabled (you can disable this by editing
the SSHStrictHostKeyChecking key in /Library/Server/Xcode/Config/xcsbuildd.plist
Change SSHStrictHostKeyChecking to false.
It's done again.
If you've tried the above and still are getting a permission denied error, you probably don't have the right permissions to that file/directory.
Who are you running as? $id
$ls -al the directory that the server is trying to read the id_rsa from (Probably similar to this path: Library/Server/Xcode/Data/BotRuns/BotRun-a28db5fc-1932-47a0-a528-f52c75e421e2.bundle/credentials/65885363-194e-454b-a3ce-56dcaaf5d3c9/id_rsa)
change ownership of that file ^^ ($sudo chown {#id} {#path})
I did 3 things to allow me to get past this, although I'm not sure which of them solved the problem:
Change all git repositories in my project to use the HTTPS rather than SSH (git) version of the url
Disabled SSHStrictHostKeyChecking as per the instructions from the source control log from the bot.
Enabled TrustSelfSignedSSLCertificates as per the same instructions from the log.
Also check out https://discussions.apple.com/thread/5586872 in case this is a problem for you.
I will back some of these items off and test when I have more time.
I have a simple rails test app and have been pushing commits to github w/o a problem. I went to setup w/ heroku, (created the app, loaded up ssh keys) and when I went back to push changes to github before pushing to heroku I got this error:
$ git push
ssh_exchange_identification: read: Connection reset by peer
fatal: The remote end hung up unexpectedly
When I run:
ssh -vT git#github.com
I get:
ssh-keygen -t rsa -C "myemail#example.com"OpenSSH_5.9p1, OpenSSL 0.9.8r 8 Feb 2011
debug1: Reading configuration data /etc/ssh_config
debug1: /etc/ssh_config line 20: Applying options for *
debug1: Connecting to github.com [207.97.227.239] port 22.
debug1: Connection established.
debug1: identity file /Users/username/.ssh/id_rsa type 1
debug1: identity file /Users/username/.ssh/id_rsa-cert type -1
debug1: identity file /Users/username/.ssh/id_dsa type -1
debug1: identity file /Users/username/.ssh/id_dsa-cert type -1
ssh_exchange_identification: read: Connection reset by peer
I have replaced my email and username here. I have been searching around on this one for a while and have yet to find somebody who has revolved it. I have reset my keys w/ github to no avail. Any ideas on this one?
This isn't a Heroku issue, Github are having issues.
https://status.github.com/
1) Run Git Bash (C:\Program Files (x86)\Git\bin\sh.exe --login)
$ ssh -v git#github.com
OpenSSH_4.6p1, OpenSSL 0.9.8e 23 Feb 2007
debug1: Reading configuration data /c/Users/Alexander Fedorov/.ssh/config
debug1: Applying options for github.com
debug1: Connecting to github.com [207.97.227.239] port 22.
debug1: Connection established.
...
Hi xpoft! You've successfully authenticated, but GitHub does not provide shell access.
...
Okay! ssh config reading well.
2) Run from cmd.exe
C:\Users\Alexander Fedorov>ssh.exe -v git#github.com
OpenSSH_4.6p1, OpenSSL 0.9.8e 23 Feb 2007
debug1: Connecting to github.com [207.97.227.239] port 22.
...
debug1: No more authentication methods to try.
Permission denied (publickey).
Nooo. ssh config file is missing...
How... how read config from ssh.exe?
What is probably missing is the user environment variable HOME.
If you launch your DOS session from the git-cmd.bat script packaged with msysgit, it should be defined, and you should see %HOME%\.ssh\id_rsa(.pub)
But from any other DOS windows, HOME isn't defined by default (HOMEPATH or USERPROFILE are).
See also "Fix msysGit Portable $HOME location" as an illustration (but you shouldn't need that workaround with recent versions of msysgit and its git-cmd.bat script)