Develop Reference

connecting to Git via ssh on Windows fails

While my Linux machines can access the hosted repositories on the NAS using its hostname, my Windows machine fails to access it from command line / Visual Studio Code. During my debugging attempts I found a way so that at least TortoiseGit can access the repositories: I had to add an env var GIT_SSH_COMMAND=ssh -vvv (besides the already existing GIT_SSH=C:\Program Files\TortoiseGit\bin\TortoiseGitPlink.exe).
When I issue a git pull via cmd for a repository accessed in Git config via url = ssh://gituser#my-devices-hostname/volume1/git/reponame.git I get the following output:
OpenSSH_8.1p1, OpenSSL 1.1.1d 10 Sep 2019
debug1: Reading configuration data /etc/ssh/ssh_config
debug2: resolving "my-devices-hostname" port 22
debug2: ssh_connect_direct
debug1: Connecting to my-devices-hostname [192.168.0.50] port 22.
getaddrinfo: atch: Name or service not known
ssh: connect to host my-devices-hostname port 22: failure
fatal: Could not read from remote repository.
Please make sure you have the correct access rights
and the repository exists.
When I replace the hostname by a static IP I get the same error:
OpenSSH_8.1p1, OpenSSL 1.1.1d 10 Sep 2019
debug1: Reading configuration data /etc/ssh/ssh_config
debug2: resolve_canonicalize: hostname 192.168.0.50 is address
debug2: ssh_connect_direct
debug1: Connecting to 192.168.0.50 [192.168.0.50] port 22.
getaddrinfo: atch: Name or service not known
ssh: connect to host 192.168.0.50 port 22: failure
fatal: Could not read from remote repository.
Please make sure you have the correct access rights
and the repository exists.
When doing the same with TortoiseGit, everything works fine, I get:
OpenSSH_8.1p1, OpenSSL 1.1.1d 10 Sep 2019
debug1: Reading configuration data /etc/ssh/ssh_config
debug2: resolving "my-devices-hostname" port 22
debug2: ssh_connect_direct
debug1: Connecting to my-devices-hostname [192.168.0.50] port 22.
debug1: Connection established.
...
I've recently set up a new DSL router (Fritz!Box 7590), maybe this is somehow related. Since I guessed that the problem could be related to IPv6, I've disabled IPv6 on the Synology NAS, but no change.
Update:
fedrik asked me to perform a manual ssh. Here are the results:
ssh gituser#my-devices-hostname
fatal: Interactive git shell is not enabled.
hint: ~/git-shell-commands should exist and have read and execute access.
Connection to my-devices-hostname closed.
and surprisingly:
ssh gituser#196.168.0.50
ssh: connect to host 196.168.0.50 port 22: Connection timed out
I updated my Git- and Tortoise installation, now I get
ssh gituser#192.168.0.50
fatal: Interactive git shell is not enabled.
hint: ~/git-shell-commands should exist and have read and execute access.
Connection to 192.168.0.50 closed.
The hostname based ssh remained the same.
Inspired by the answer from VonC, I checked if there are multiple instances of ssh installed on my system. I found the following:
C:\Windows\System32\OpenSSH\ssh.exe
C:\Program Files\Git\usr\bin\ssh.exe
So I checked (after updating Tortoise and Git for Windows), which one is used. First, I left GIT_SSH_COMMAND=ssh -vvv:
git pull
OpenSSH_8.4p1, OpenSSL 1.1.1h 22 Sep 2020
debug1: Reading configuration data /etc/ssh/ssh_config
debug3: expanded UserKnownHostsFile '~/.ssh/known_hosts' -> '/c/Users/user/.ssh/known_hosts'
debug3: expanded UserKnownHostsFile '~/.ssh/known_hosts2' -> '/c/Users/user/.ssh/known_hosts2'
debug2: resolving "my-devices-hostname" port 22
debug2: ssh_connect_direct
debug1: Connecting to my-devices-hostname [192.168.0.50] port 22.
getaddrinfo: atch: Name or service not known
ssh: connect to host my-devices-hostname port 22: failure
fatal: Could not read from remote repository.
Please make sure you have the correct access rights
and the repository exists.
"C:\Program Files\Git\usr\bin\ssh.exe" -vvv gituser#192.168.0.50
OpenSSH_8.4p1, OpenSSL 1.1.1h 22 Sep 2020
debug1: Reading configuration data /etc/ssh/ssh_config
debug2: resolve_canonicalize: hostname 192.168.0.50 is address
debug3: expanded UserKnownHostsFile '~/.ssh/known_hosts' -> '/c/Users/bjoer/.ssh/known_hosts'
debug3: expanded UserKnownHostsFile '~/.ssh/known_hosts2' -> '/c/Users/bjoer/.ssh/known_hosts2'
debug2: ssh_connect_direct
debug1: Connecting to 192.168.0.50 [192.168.0.50] port 22.
debug1: Connection established.
After I changed the env var: GIT_SSH_COMMAND=C:/Windows/System32/OpenSSH/ssh.exe -vvv I got this:
git pull
OpenSSH_for_Windows_7.7p1, LibreSSL 2.6.5
debug3: Failed to open file:C:/Users/user/.ssh/config error:2
debug3: Failed to open file:C:/ProgramData/ssh/ssh_config error:2
debug2: resolving "my-devices-hostname" port 22
debug2: ssh_connect_direct: needpriv 0
debug1: Connecting to my-devices-hostname [192.168.0.50] port 22.
getaddrinfo: atch: Der angegebene Host ist unbekannt.
ssh: connect to host my-devices-hostname port 22: failure
fatal: Could not read from remote repository.
Please make sure you have the correct access rights
and the repository exists.
C:\Windows\System32\OpenSSH\ssh.exe -vvv gituser#192.168.0.50
OpenSSH_for_Windows_7.7p1, LibreSSL 2.6.5
debug3: Failed to open file:C:/Users/user/.ssh/config error:2
debug3: Failed to open file:C:/ProgramData/ssh/ssh_config error:2
debug2: resolve_canonicalize: hostname 192.168.0.50 is address
debug2: ssh_connect_direct: needpriv 0
debug1: Connecting to 192.168.0.50 [192.168.0.50] port 22.
debug1: Connection established.
When I unset GIT_SSH and GIT_SSH_COMMAND env vars, I get this:
git pull
getaddrinfo: atch: Name or service not known
ssh: connect to host my-devices-hostname port 22: failure
fatal: Could not read from remote repository.
Please make sure you have the correct access rights
and the repository exists.
So, I can connect via SSH to the Git server, but when issues from the Git executable itself, it fails.
When I launch up a WSL on the same machine, I can perform a git pull without problems.
Any suggestions on how to tackle this issue?

Although this issue appeared somewhat after I installed a new router, the root cause was a defective setup of the Git server on my Synology NAS. After setting up the Git server from scratch following these steps, everything worked fine again:
Setup user and folder
Install WebDAV package via Diskstation Package Manager
Configure WebDAV: Enable HTTP on port 5005 and HTTPS on port 5006
Control Panel -> File Services -> SMB -> Advanced Settings -> Set min and max SMB protocols to SMB1 and SMB3
Create user gituser via Diskstation interface (group users, no access to shared folders, with File Station and WebDAV privilages)
Add new shared folder called git (located at /volume1/git) with read/write access for gituser. This folder will hold all the repos.
Install Git Server package via Diskstation
Open Git Server and allow gituser permissions (one has to login as "admin" to see the available users)
Enable SSH access on Diskstation (Control Panel > Terminal & SNMP > Enable SSH Service)
Activate user home service (Control Panel > Users > Extended > Userbase > Activate user home service)
Configure SSH Access
create ~/.ssh folder for gituser on server
sudo su
mkdir /volume1/homes/gituser/.ssh
create a private/public key pair via PuTTYgen (SSH-2 RSA, 2048 bits)
copy the public key show at top of the window to a file named authorized_keys
copy that file from local computer to gituser account on server
scp authorized_keys username#nas:/volume1/homes/gituser/.ssh
change permissions while logged in as root
cd /volume1/homes/gituser/
sudo chown -R gituser:users .ssh
sudo chmod 700 .ssh
sudo chmod 644 .ssh/authorized_keys
sudo chmod 755 /volume1/homes/gituser
activate public key SSH access by setting the following properties in /etc/ssh/sshd_config
RSAAuthentication yes
PubkeyAuthentication yes
AuthorizedKeysFile %h/.ssh/authorized_keys
disable and then re-enabled the SSH service (Control Panel > Terminal & SNMP > Enable SSH Service)

I was getting this error as a result of setting git config --global ssh.variant plink. By setting git config --global ssh.variant ssh, this error went way. The problem seems to be that git was passing a -batch option, which plink was interpreting as a -b option (hence the strange error involving "atch".

I would try the same ssh call without GIT_SSH set
set GIT_SSH=
With a recent Windows 10, openSSH is either directly installed or provided with Git For Windows.
Make sure to use the latest version of Git, and add its usr/bin folder to your PATH.

why does gitea add ssh and still need a password to log in?

I installed gitea (similar to gitlab)
I added a valid public key in user settings -> SSH KEY
gitea port 3000
run:
ssh -p 22 -Tvv git#***.***.***.***
out:
debug1: Found key in C:\\Users\\client/.ssh/known_hosts:17
debug2: set_newkeys: mode 1
debug1: rekey after 134217728 blocks
debug1: SSH2_MSG_NEWKEYS sent
debug1: expecting SSH2_MSG_NEWKEYS
debug1: SSH2_MSG_NEWKEYS received
debug2: set_newkeys: mode 0
debug1: rekey after 134217728 blocks
debug1: pubkey_prepare: ssh_get_authentication_socket: No such file or directory
debug2: key: C:\\Users\\client/.ssh/id_rsa (000001FBAD96F620)
debug2: key: C:\\Users\\client/.ssh/id_dsa (0000000000000000)
debug2: key: C:\\Users\\client/.ssh/id_ecdsa (0000000000000000)
debug2: key: C:\\Users\\client/.ssh/id_ed25519 (0000000000000000)
debug2: key: C:\\Users\\client/.ssh/id_xmss (0000000000000000)
debug1: SSH2_MSG_EXT_INFO received
debug1: kex_input_ext_info: server-sig-algs=<rsa-sha2-256,rsa-sha2-512>
debug2: service_accept: ssh-userauth
debug1: SSH2_MSG_SERVICE_ACCEPT received
debug1: Authentications that can continue: publickey,gssapi-keyex,gssapi-with-mic,password
debug1: Next authentication method: publickey
debug1: Offering public key: RSA SHA256:W88rhRw****** C:\\Users\\client/.ssh/id_rsa
debug2: we sent a publickey packet, wait for reply
debug1: Authentications that can continue: publickey,gssapi-keyex,gssapi-with-mic,password
debug1: Trying private key: C:\\Users\\client/.ssh/id_dsa
debug1: Trying private key: C:\\Users\\client/.ssh/id_ecdsa
debug1: Trying private key: C:\\Users\\client/.ssh/id_ed25519
debug1: Trying private key: C:\\Users\\client/.ssh/id_xmss
debug2: we did not send a packet, disable method
debug1: Next authentication method: password
debug1: read_passphrase: can't open /dev/tty: No such file or directory
git#***.***.***.***'s password:
I really don't understand why?
Before that, gitlab was installed,ssh worked normally, but then gitlab was uninstalled andgitea was installed
may I know what is the reason?
in server, run: top
PID USER PR NI VIRT RES SHR S %CPU %MEM TIME+ COMMAND
1185 root 20 0 972600 158792 44828 S 0.0 7.7 0:06.96 gitea
Is there any difference between ssh git#***.***.***.*** and ssh root#***.***.***.***?

One reason this problem can come about is that the gitea instance is installed in a docker container on the host. When you shh to your host with the git user, you are intending to ssh into the gitea docker instance, but actually you are just sshing into the server where docker is running. SHH doesn't use domain names, so even if you have a reverse proxy which can see your request for the gitea website on the server, get the gitea website from the gitea docker container, and send it on to your computer, a reverse proxy can't do the same when you ssh in to the server.
The solution is to set up some form of SSH container passthrough. This is documented on the gitea docker installation documentation page (https://docs.gitea.io/en-us/install-with-docker/#ssh-container-passthrough). The gist of it is:
Make a user on the server, outside of the gitea container called 'git'.
Make a key pair that you put in the git user's ~/.ssh folder.
Set the gitea docker volumes to include this git user's ~/.ssh folder as one of the internal docker folders (i.e., share the server's git user's ~/.ssh folder containing the key pair with the gitea docker container's /data/git/.ssh folder
Set the docker user for the gitea container to the same user id as the server's git user
The public key needs to be added to the server's git user's ~/git/.ssh/authorized_keys file (e.g., sudo -u git cat /home/git/.ssh/id_rsa.pub | sudo -u git tee -a /home/git/.ssh/authorized_keys && sudo -u git chmod 600 /home/git/.ssh/authorized_keys)
Make a new command called gitea on the server that is a file containing the following: ssh -p 2222 -o StrictHostKeyChecking=no git#127.0.0.1 "SSH_ORIGINAL_COMMAND=\"$SSH_ORIGINAL_COMMAND\" $0 $#". This file should be in /usr/local/bin/gitea/ and must be executable (sudo chmod +x /usr/local/bin/gitea)
Take down your docker container and put it back up (from the folder where your gitea docker-compose.yml files is, docker-compose down, then docker-compose up -d)
Test by, at the command prompt on your regular computer: ssh -Tvv git#hostname.com. If it's working you should see a message "Hi there, ! You've successfully authenticated with the key named davidattheready#gmail.com, but Gitea does not provide shell access.
If this is unexpected, please log in with password and setup Gitea under another user." You can also type the command su git then gitea on the server and you should see no response if it's working, and no error.
Now, once you have gone into the gitea UI and added your key (NOT the same one as you used in steps 2-3 above, but a key on your regular computer) you should be able to run git commands from your non-server computer, pulling/pushing/etc with ssh.

One possible reason SSH would default to asking git password is because:
the SSH key is passphrase-protected
the key was not added to an SSH agent
You can test that by generating a simpler SSH key, for testing, without passphrase:
ssh-keygen -t rsa -m PEM -P ""

SSH Permission Denied; Trying to access host in intranet

I know there are several "SHH Permission Denied" questions out there but noting really worked for me.
I am trying to connect to my raspberry pi (Rasbian Butcher) from my PC (Windows 10; Version 1903) using ssh but I get following error:
OpenSSH_for_Windows_7.7p1, LibreSSL 2.6.5
debug3: Failed to open file:C:/Users/user_name/.ssh/config error:2
debug3: Failed to open file:C:/ProgramData/ssh/ssh_config error:2
debug2: resolving "smarthome" port 22
debug2: ssh_connect_direct: needpriv 0
debug1: Connecting to smarthome [192.168.178.24] port 22.
debug3: finish_connect - ERROR: async io completed with error: 10013, io:0000024AC4D4EAA0
debug1: connect to address 192.168.178.24 port 22: Permission denied
ssh: connect to host host_name port 22: Permission denied
I already tried reseting my firewall to default, to deactivate it, to reinstall ssh server and client on windows.
Does any of you has another idea?
I should add:
-ssh is enabled
-I can access the same raspberry pi with a linux machine on the same network so it must be somehow a win10 probelm

SSH with multiple virtual machins

I'm currently on amazon's aws, what I'm trying to do is to create two virtual machines, the first is the master VM named "master" and the second is the slave VM named "node1".
I would like to run a program on the VM master for tasks to be distributed on the slave machine. If everything works fine, i would like to create several slaves and create a parallelism system.
On amazon aws, to connect to virtual machines we must use a xxx.pem file generated by the aws to identify myself by ssh -i "xxx.pem" xxx#xxx
But in my case I created a "master" user in the master VM and then generated a blank password by doing ssh-keygen -t rsa. I copied and pasted on a "authorized_keys" file on the /home/node1/.ssh/ of the slave VM that i created myself.
Now when I try to do an ssh node1#xxx.xxx.xxx.xxx he asks me for a password... i dont understand why ?
After trying everything i can't connect with ssh name#private_ip , he asked me an password each time.
What should i do ?
Thanks in advance !

Server side log :
debug2: load_server_config: filename /etc/ssh/sshd_config
/etc/ssh/sshd_config: Permission denied
[ec2-user#ip-172-31-35-17 ~]$ sudo su
[root#ip-172-31-35-17 ec2-user]# /usr/sbin/sshd -D -p 8022 -ddd
debug2: load_server_config: filename /etc/ssh/sshd_config
debug2: load_server_config: done config len = 728
debug2: parse_server_config: config /etc/ssh/sshd_config len 728
debug3: /etc/ssh/sshd_config:22 setting HostKey /etc/ssh/ssh_host_rsa_key
debug3: /etc/ssh/sshd_config:24 setting HostKey /etc/ssh/ssh_host_ecdsa_key
debug3: /etc/ssh/sshd_config:25 setting HostKey /etc/ssh/ssh_host_ed25519_key
debug3: /etc/ssh/sshd_config:32 setting SyslogFacility AUTHPRIV
debug3: /etc/ssh/sshd_config:40 setting PermitRootLogin forced-commands-only
debug3: /etc/ssh/sshd_config:49 setting AuthorizedKeysFile .ssh/authorized_keys
debug3: /etc/ssh/sshd_config:65 setting PasswordAuthentication no
debug3: /etc/ssh/sshd_config:70 setting ChallengeResponseAuthentication no
debug3: /etc/ssh/sshd_config:97 setting UsePAM yes
debug3: /etc/ssh/sshd_config:102 setting X11Forwarding yes
debug3: /etc/ssh/sshd_config:107 setting PrintLastLog yes
debug3: /etc/ssh/sshd_config:110 setting UsePrivilegeSeparation sandbox
debug3: /etc/ssh/sshd_config:127 setting AcceptEnv LANG LC_CTYPE LC_NUMERIC LC_TIME LC_COLLATE LC_MONETARY LC_MESSAGES
debug3: /etc/ssh/sshd_config:128 setting AcceptEnv LC_PAPER LC_NAME LC_ADDRESS LC_TELEPHONE LC_MEASUREMENT
debug3: /etc/ssh/sshd_config:129 setting AcceptEnv LC_IDENTIFICATION LC_ALL LANGUAGE
debug3: /etc/ssh/sshd_config:130 setting AcceptEnv XMODIFIERS
debug3: /etc/ssh/sshd_config:133 setting Subsystem sftp /usr/libexec/openssh/sftp-server
debug1: sshd version OpenSSH_7.4, OpenSSL 1.0.2k-fips 26 Jan 2017
debug1: private host key #0: ssh-rsa SHA256:sHblS+34MhcBEtE/kCxfAoJ1fcZJyu4tYZKdcDEeQ4E
debug1: private host key #1: ecdsa-sha2-nistp256 SHA256:BLgYMx1fFNlmkUpwqdp61g98k+ojM2TV2L1KYPmYdao
debug1: private host key #2: ssh-ed25519 SHA256:/SXACNF7WrrjPDcCsxFYX6Km9jfyAtA0pisg6VFxxIM
debug1: rexec_argv[0]='/usr/sbin/sshd'
debug1: rexec_argv[1]='-D'
debug1: rexec_argv[2]='-p'
debug1: rexec_argv[3]='8022'
debug1: rexec_argv[4]='-ddd'
debug3: oom_adjust_setup
debug1: Set /proc/self/oom_score_adj from 0 to -1000
debug2: fd 3 setting O_NONBLOCK
debug1: Bind to port 8022 on 0.0.0.0.
Server listening on 0.0.0.0 port 8022.
debug2: fd 4 setting O_NONBLOCK
debug3: sock_set_v6only: set socket 4 IPV6_V6ONLY
debug1: Bind to port 8022 on ::.
Server listening on :: port 8022.

Connection reset by peer error using cygwin on windows to connect minix via ssh

i'm using minix on my virtualbox, I was able to connect to minix using putty yesterday, but today everything seems to fail. After this failing I tried to uninstall all the openssh and its etc/ssh directory and reinstall, tried other network adapters, tried using cygwin, and using pscp. But I simply can't connect to minix anymore. Any help would be appreciated.
I'm now using this command on cygwin:
$ ssh -p 3022 -v -v -v root#localhost
and the output is:
OpenSSH_6.3, OpenSSL 1.0.1e 11 Feb 2013
debug2: ssh_connect: needpriv 0
debug1: Connecting to localhost [::1] port 3022.
debug1: connect to address ::1 port 3022: Connection refused
debug1: Connecting to localhost [127.0.0.1] port 3022.
debug1: Connection established.
debug1: identity file /home/Cem/.ssh/id_rsa type -1
debug1: identity file /home/Cem/.ssh/id_rsa-cert type -1
debug1: identity file /home/Cem/.ssh/id_dsa type -1
debug1: identity file /home/Cem/.ssh/id_dsa-cert type -1
debug1: identity file /home/Cem/.ssh/id_ecdsa type -1
debug1: identity file /home/Cem/.ssh/id_ecdsa-cert type -1
debug1: Enabling compatibility mode for protocol 2.0
debug1: Local version string SSH-2.0-OpenSSH_6.3
ssh_exchange_identification: read: Connection reset by peer

You have to allow connections within your own subnet in the Cygwin /etc/hosts.allow. Add a line like this to your /etc/hosts.allow on the Cygwin machine:
ALL : 192.168.123.0/24 : allow
and in your case, you'll need to add the localhost like so:
ALL : localhost 127.0.0.1/32 [::1]/128 [::ffff:127.0.0.1]/128 : allow
The last line should have come with a stock Cygwin installation so it would be strange if you had to add it.
It matters where you enter it. You will have some DENY entries and you should put it above those, but it should work if you put it with all of the other ALLOW statements.