I'm trying to pass from Putty/Pagent/plink to Windows OpenSSH native client.
I already managed to do this in TortoiseGit, but with the main problem with VSCode seem to be I can't set which ssh agent to use.
I enabled the OpenSSH agent service on Windows to start automatically and added my open ssh key with ssh-add.
Every time i try to push from VSCode all i got is an error message with
Git: FATAL ERROR: Disconnected: No supported authentication methods available (server sent: public key)
When trying to push from terminal I got also
Please make sure you have the correct access rights and the repository exists.
As already said, with TortoiseGit I have no problem at all, and the only differences are that in TortoiseGit I set the ssh-agent.
you might need to confirm your System environment variable GIT_SSH points to the ssh within Git: C:\Program Files\Git\usr\bin\ssh.exe
You may need to update your Windows OpenSSH. If you run ssh -V from a PowerShell window and see OpenSSH_for_Windows_7.7p1, this is probably the case. The instructions for upgrading are available in the Install Win32 OpenSSH Wiki.
General
VS Code uses the Windows version of OpenSSH.
The config file that you change in VS Code is located in /Users/<username>/.ssh/config
The default location/name of a key is at /Users/<username>/.ssh/id_rsa.
Example
Local: Windows 10 machine with VS Code and the very awesome Remote - SSH extension installed
Remote: Ubuntu, where I use git for development and need my private key available
Since the remote is shared, I want to use SSH agent forwarding and keep my private key(s) on my local machine
Config file:
Host mybox
HostName actual.ip.or.name.of.mybox.com
User myusername
IdentityFile ~/.ssh/id_rsa
ForwardAgent yes
PowerShell Commands (Run as Administrator)
Start-Service ssh-agent
ssh-add C:\Users\<username>\.ssh\id_rsa # private key to add
ssh-add -L # list keys added
Set-Service ssh-agent -StartupType Automatic # optional
Related
Problem:
I am trying to use OpenSSH Agent in Windows 10 Pro. It is loading the keys but not forwarding to the host.
Goal:
I am attempting to get ssh-agent to work in Windows so I don't have to keep entering my passphrase for my private key (with the ultimate goal of getting this to work with VS Code Remote-SSH Extension as well as on the command line).
What I've Tried:
I am using Windows 10 Pro 21H2 build 19044.1865. I have OpenSSH installed. In Powershell (admin mode), I use ssh-add to add my private key and confirm by doing ssh-add -L which shows the key is loaded (X'd out in example):
ssh-add -L
ssh-ed25519 XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX (redacted)
I then attempt ssh -A username#serverip and it prompts me for my passphrase. The expected behavior is that it would not prompt me for my passphrase, it would simply obtain the key from the ssh-agent service. I have tried both rsa and ed25519 keys formatted as OpenSSH keys with the same result.
If I enter my passphrase I immediately connect. I have tried all the suggestions I could find online including:
killing all ssh-agent processes shown in task manager and restarting
starting and restarting the OpenSSH Authentication Agent
fixing the permissions on my keys so only I as owner have access
It appears that the ssh-agent has loaded the key but is simply not passing it on to my server for some reason. Using the -v (verbose) option shows no attempt to use ssh-agent forwarding. I have used putty/pageant successfully and have even tried wsl-ssh-pageant which seems to work, loading my key from pageant (the Pageant keys viewable as loaded after doing ssh-add -L) but they are ignored when I attempt a connection (again nothing in the verbose output shows attempt to use the ssh-agent). The OpenSSH agent is clearly running in Windows services.
Any suggestions or help ? Thank you.
I do some development work for a friend, who runs his own Linux git server. Everything worked until he decided to harden his server. He decided 1024-bit keys weren't good enough, so I sent him a new 4096-bit public key.
Now I can no longer access the repository from Windows.
The repository url is ssh://git#1.2.3.4:2000/home/git/code.git (IP address changed to protect the innocent). Note that ssh runs on port 2000.
Trying to clone the repo from TortoiseGit gives "Server refused our key" in the git window, and "No supported authentication methods available (server sent: publickey, gssapi-keyex,gssapi-with-mic)" in an error dialog.
Trying from Git for Windows bash gives "fatal: Could not read from remote repository. Please make sure you have the correct access rights and the repository exists."
However, I can happily clone the same repo from a Linux VM running on the same machine, using the same key pair.
I have updated both Git for Windows and TortoiseGit with the latest version today.
[Later] I can actually log into the server from Putty and from Git bash:
$ ssh-agent bash
MINGW64 /e/folder
$ ssh-add rsa4096
Identity added: rsa4096 (rsa4096)
MINGW64 /e/folder
$ ssh -p 2000 git#1.2.3.4
Last login: Fri Jan 8 17:11:32 2021 from my.local.machine
(Ip addresses and machine names changed)
I can also login using "C:\Program Files\TortoiseGit\bin\TortoiseGitPlink.exe" -P 2000 (the GIT_SSH variable is set to C:\Program Files\TortoiseGit\bin\TortoiseGitPlink.exe)
Not sure what to try now - help!
I keep most of my personal projects on BitBucket by Atlassian. As a natural choice, I use SourceTree app (their product) as git GUI client on Windows, and I'm happy with it. For projects where ssh git is available, I prefer ssh over https. SourceTree plays very well with projects hosted on BitBucket. Although it offers both of ssh agents: OpenSSH or PuTTY, its default selection is PuTTY/Plink (perhaps because PuTTY is more Windows-familiar).
Recently my establishment requested to host some projects on its own server. At first look it's a git server using GitLab opensource. I can use SourceTree with project hosted here using https just fine, however when it comes to ssh, the only choice of SSH agent is OpenSSH. The only key pair it would use (unless specified in config) is ~/.ssh/id_rsa.pub and ~/.ssh/id_rsa (located in %USERPROFILE%\.ssh\
I've tried to:
Load ~/.ssh/id_rsa into PuTTY Key Generator
Convert it to PuTTY format (.ppk) file
Load the .ppk into Pageant (PuTTY authentication agent).
Despite the key being loaded and kept in the memory by Pageant, the connection with the server failed all the time, e.g. git: fatal: Could not read from remote repository. The only way to make it work is to start ssh-agent and ssh-add (go with OpenSSH).
Since I have Pageant running usually in the background, I find it more convenient to use (e.g. the keyphrase to open the private key is long/complex, and I don't remember it, and it can be copy-pasted from KeePass, while in the case of OpenSSH, cmd console does not allow me to paste it, too bad).
Is there anyway to make the ssh authentication to GitLab done via PuTTY instead of OpenSSH?
Did you connect to the SSH server using PuTTY before using plink? If not a reason could be that plink is refusing to connect to the server, because the ssh hostkey isn't verified yet. Another reason could be that the SSH server requires ciphers which are not supported by PuTTY. You can only find out if you connect with PuTTY with the same version as plink.
Use TortoiseGitPlink (from TortoiseGit) to circumvent this issue, as it will popup a messagebox asking whether to accept the hostkey or not.
I found a lot of threads about how to setup git over ssh with msysgit and putty/plink, but rubymine seems to use its own git and ssh implementation (see error message below).
Currently I have putty, msysgit, TortoiseGit and rubymine installed. My repository has two remotes:
[remote "origin"]
url = ssh://mygituser#255.255.255.255:1234/path/to/repo.git
[remote "origin_putty"]
url = putty-alias:path/to/repo.git
puttykeyfile = path/to/my/putty/keyfile.ppk
In putty the connection "putty-alias" is defined with the same user, host and port used in origin and also sets the ssh key again (might not be necessary). Using TortoiseGit to push to origin_putty works fine since it loads the putty ssh key and prompts for my passphrase. However, when I'm trying to use origin from rubymine it prompts for the password of mygituser since there is no keyfile defined.
I already tried the following solutions
Setting GIT_SSH to plink, running pageant and loading the key there (no change)
using the puttykeyfile line in the definition of origin (no change)
using origin_putty from rubymine (does not resolve putty-alias)
The reason I think rubymine uses its own ssh implementation is the error message I get on an unsuccessful authentication:
SSH: authentication methods: [publickey, keyboard-interactive, password] last successful method:
java.io.IOException: Authentication failed:
at org.jetbrains.git4idea.ssh.SSHMain.authenticate(SSHMain.java:280)
at org.jetbrains.git4idea.ssh.SSHMain.start(SSHMain.java:155)
at org.jetbrains.git4idea.ssh.SSHMain.main(SSHMain.java:135)
fatal: The remote end hung up unexpectedly
You're right: by default RubyMine uses trilead-ssh2 Java library, and is not aware about Putty settings.
You may switch to using the native SSH in the Settings | Version Control | Git | SSH Executable | Native
But note, that it doesn't work well with passphrases, so if your private key is passphrase protected, you have to use pageant or similar software.
So on my friends local Windows machine we are trying to setup GIT.
Basically, we've been following this guide which has been great. The problem we are facing is as follows:
All works until we get to Using Gitosis
When we use the command
git clone
git#INSERT_IP_HERE:gitosis-admin.git
We keep getting
Initialized empty Git repository in
/home/Thomas/gitosis-admin/.git
Connection closed by IP_HERE fatal:
The remote end hung up unexpectedly
When we try simply
ssh git#IP_HERE
We get "Connection closed by IP_HERE"
If we login as
runas /user:git C:/cygwin/cygwin.bat
And run > ssh git#IP_HERE
We at least get asked for a password then
Last Login: Connection to IP_HERE
closed.
Would anyone be able to help ?
The error does indeed indicate that authentication is failing.
Firstly, open gitosis.conf on the server and check that you are a member of the group containing gitosis-admin repository. It should show something like.
[gitosis]
[group gitosis-admin]
writable = gitosis-admin
members = user1 user2
The member name must match with a public key in /keydir before access can be made.
Secondly, you do not say how you are connecting from the Windows machines. If you are using Git under Cygwin, make sure you are correctly loading the private key. If you are using MsysGit with Putty, be sure to load the private key before connecting as well.
There is a small gotcha if PuttyGen is used to generate key pairs, and that is the default format is different from OpenSSH which you are probably using. Copy and paste from the top window, or alternatively edit the multiline public key file to read like this.
ssh-rsa AAAABB...KEYBODY...ONLkQ== user1
Lastly, make sure port 22 is open in any firewalls if that is indeed the port you are using.
A more comprehensive description of how to set up a Git server with Gitosis on Windows, can be found at here
I recommend the use of MsysGit from windows, as it gives better integration into the Windows environment. TortoiseGit and GitExtensions both use MsysGit as the backend, and provide nice Gui's and explorer shell extensions. GitExtensions full installer will provide the windows user with everything they need.
Did you get past runnig the gitosis-init < /tmp/id_rsa.pub command?
That error indicates to me that the public key isn't set up properly. The command above initializes gitosis with the first key.