Retrieving SSH keys - windows

On my Windows 8.1 dev machine I have replaced my broken HDD with a new one and installed Git. I now want to continue to commit changes to a project (which I've copied, with git folder, to my new HDD from a backup) using the same credentials I used before. But my SSH keys are now irretrievably lost on the old HDD. Is there a way to continue to contribute to the project as "me"?

If you are using SSH to authenticate against a remote repository, then you don't necessarily need your old key. You can generate a new key pair and add the public key to your remote repository. How that works in detail depends on what service you are using.
Your "git identity" is tied to your name and email address used in commits, not to your method of authentication.

Related

Getting "fatal: Authentication failed" -error when sending git commands in Windows 10

After updating domain password, accessing git-repo is no longer possible. VS Code and Source Tree as well as Visual Studio are returning the following error message on pull, push, fetch etc..
fatal: Authentication failed
Normally a credentials pop-up should appear however this is not happening. Also the common recommendation is not working:
git config --global credential.helper wincred
The password is stored in windows credential manager and needs to be updated. Open command prompt and enter the following command to view the list of stored passwords:
rundll32.exe keymgr.dll,KRShowKeyMgr
Scroll down in the list until you spot the git-related entries. Click it and edit the correct password.
Voilà!
I agree with Jesper, Other way to do is - On windows, if you can navigate to :
Control Panel\User Accounts\Credential Manager
Under Windows Credentials\Windows Vault page on Generic Credentials, you can update the password of existing GIT record or can also add new Generic Credentials.
Updated answer for Mac users :
In case if you're here with similar issue on Mac, you can do similar thing in keychain access - by deleting the existing GIT record, & then if you pass your credentials again in git bash or any other tool a new record gets created, things should work.
Try the following:
Click Start
Type: Credential Manager
See the Windows Credential Manager shortcut and double-click it to open the application.
Once the app is open, click on the "Windows Credentials" tab.
Locate the credentials that you want removed, they will start with "git:" and might begin with "ada:"
Click on the credential entry, it will open a detail view of the entry.
Click Remove and confirm removal when prompted.
I have experience a similar issue with Windows 10 and here's how I have solved it:
From Windows Search, type Credential Manager:
Open Credential Manager, and navigate to Windows Credential Tab:
You should see an entry for git credentials in Windows Credential Manager:
Here is the root cause, this git credentials is locally cached/saved to your local computer, and since we have changed our Active Directory password, it is currently out of synch.
Click Edit, and change this to your new/changed Active Directory password (this password has to match your new/changed Active Directory password) :
Note: This is for using git with https only, not for SSH: https://docs.github.com/en/free-pro-team#latest/github/using-git/which-remote-url-should-i-use
Save, it should work (does not require terminal or machine restart).
Lastly, if you do not have access to Credentials Manager (due to admin/security policy), you can force git to prompt for password by do a git pull from the specific repo by using username based repo url, e.g.
git pull https://{yourgitusername}#{gitrepo}.git
Note that, this is repo specific so you will have to do this each repo.
Good luck.
Nothing worked for me, even uninstall git and reinstall. What worked for me was to create a Personal Access Token from your github account and use that as the password. This page will detail the procedures: https://medium.com/#ginnyfahs/github-error-authentication-failed-from-command-line-3a545bfd0ca8
I faced the same issue and none of the above mentioned solutions did work. Finally I just removed git for windows and reinstalled the same without any credential managers. This solved the authentication issue with git.
Using Git for Windows (2.30.0), with the cross platform credential manager, with the remote set as a https GitHub address, to a public repository, doing git push by itself wasn't sufficient.
Instead I had to explicitly do git push origin main (replace main with master, or whatever your branch is) to have Git for Windows load a GitHub authentication page where I could authorize the application.
Creating a personal access token, as noted in another answer, was not necessary. Windows credentials were not present in Windows Credential Manager, but were added as Generic Windows Credentials via this method.
I had the same issue when Cloning the repository via Bash/VS Code with "fatal:Authentication failed". I used SSH Key authentication instead to connect my repository following the article: [https://learn.microsoft.com/en-us/azure/devops/repos/git/use-ssh-keys-to-authenticate?view=azure-devops&tabs=current-page][1]
I didn't get any errors after with any bash commands!
Above solution works only if your machine can SSH.
Try to manually remove setting
credential.helper=wincred from
C:\Users\<YOUR LOGIN>\.gitconfig file it it's there.
For me it helped after password change in LDAP.
Command to change setting didn't helped.
Honestly, what worked for me was installing the latest version of Git (2.36.1) to the day of this comment.
Happened the same: it stoped working after I changed the AD password. But it seems to be a bug in older releases.
This was a tip that Azure DevOps gave:
The only thing which worked for me was to remove the remote and add it back. I have tried deleting the credentials and even reinstalling the git the latest version. But the suggested way to access the remotes repos from Github and Microsoft DevOps is by using a shared key.
I was having the same problem and the best solution would be to insert whenever putting " git clone https://#praat.scm.azurewebsites.net:443/.git " [Insert after http:// your username and # ] and the cloning will work.

Host key verification failed Xcode with Mavericks Server

I'm trying to get a CI setup going and have got Mavericks server downloaded and linked with Xcode all on one machine.
Here's the set up:
Two git repos, hosted on OS X server, named CI and CISubmodule.
CISubmodule added as a submodule to CI
Every time I add bot I get a Host key verification failed error on integration. It's clear from the logs that the server is unable to clone CISubmodule due to an authentication error (I've tried SSH, HTTP, HTTPS) but I don't know why it's failing authentication.
I've set up the server so that logged in users can read and write.
I've tried everything mentioned here.
I'm guessing it's because the server is running as teamsserver and the repo is probably under my username, but I can't figure out how to give it permission to clone. Could it be that the SSH key requires a password? If so, how do I set it up so that it doesn't need a password any more?
Any guidance would be greatly appreciated.
Thanks,
Simon
I had the same case and I am not sure what happend exactly, I think the reason was I had more remote repository accesses and ssh keys pointing git-server side pointing to the same repository.
Deleting the remote repository accesses and cleaning up authorized_keys file helped.
I can confirm the CI server works with submodules, but make sure the .gitmodules file and xccheckout file point to the same repos
you may need to use passphrase-LESS keys for os x server to properly connect to 3rd party hosted git repos. it cannot connect with there is a passphrase needed.
ssh-keygen -p
it worked for us
One thing that helped me was to change my submodule URLs to use HTTPS instead of SSH.
When doing this, make sure that Xcode is actually using the new URLs. Even though I made the changes and pushed them, Xcode was caching the SSH URLs and using them. Remove all your SSH URLS from your server, then also remove them from your client under Preferences->Accounts. Then restart the server and restart Xcode, confirming that the new HTTPS URLs are being used when you create your bot.

Xcode5 bot cannot authenticate to git repo

I've set up a Mavericks box with OS X Server and Xcode 5.01. My source code is on a git repo that I have to access via https with a username and password.
In Xcode (on the same machine), I've cloned the project, built it and run it to check that all is fine. Then I've created a bot, selected the current server and scheme, and hit "integrate now". It fails after 5 seconds. I get:
Cloning into 'https_code_saers_com_myproject'...
fatal: could not read Username for 'https://code.saers.com': Device not configured
I checked that Xcode5 could pull new commits, so it has the username and password, yet by bot does not. Also, the "Device not configured" confuses me.
Any suggestion to how I can explicitly set the Username and Password?
Cheers
Nik
This may just be confusion in terminology, but the bot itself shouldn't be connecting to your repository. OSX Server does that. Before you can create a bot, you should've had to setup your repository in Server. When you do that, you get the opportunity to set username and password for accessing the repository.
It sounds like perhaps you have XCode configured to synch with your repository, but you must separately set up Server to access it as well. See the "XCode" tab in the Server app.
you may be running into the same problem we had- it was passphrase-protected keys. xcode + server + git cannot properly use passphrases on the keys.
thus, you must use a pashphrase-less key with os x server connecting to the git repo.
ssh-keygen -p
hope it helps.
edit: you might need to enable HTTP access to the git repo with this command:
git update-server-info # If planning to serve via HTTP

Git on Windows - How to authenticate with remote repo on Linux

Due to some serious problems with a Git repo on Windows over HTTP, we're moving our Git 'server' to Linux.
Assuming I have already the msysgit for Windows installed and Putty, how will I authenticate the SSH connection when I clone, pull and push?
In case of SSH:
on the server, you'll need to allow authentication with public and private keys, you can google how to do it, for example http://shapeshed.com/setting_up_git_for_multiple_developers/
on the client, just put your private key into .ssh folder in your windows home, for example C:\Users\Name\.ssh, much like on unixes.
You can still use HTTP, it will either (1) always ask for username and password or (2) you can also put username and password into the URL: https://username:password#git.mydomain.com/...
This page has everything covered about using PuTTy for Git public key authentication.
In short:
Generate keypair with puttygen
Put the public key in server
In your local computer, set GIT_SSH environment variable to point to plink.exe
Run putty pageant and load your private key there
I recommend working through this tutorial.
The caveat is that it talks about github, so the story of telling the server about your SSH key is different.
What's also different is how do you intend to manage your developers.
The "problem" is that SSH operates with real remote (server-side, I mean) users, which have to have regular Unix system accounts.
This is okay if you have just a handful of developers. You then just need to add all of them to a special group (say, devel) and make sure you initialize your server-side bare repos using git init --bare --shared=group and make them group-writable and belonging to that group devel (this might also be helped out by creating all the repos under a directory which has its "group sticky bit" set and belongs to that group devel).
To distribute the public part of a developer's key to the server in such a setup you have to literally copy and paste that key part (from the developer's id_rsa.pub file, it's ASCII) to the file /home/developer/.ssh/authorized_keys file. If that file does not exist, create it.
If the key was generated on a machine with OpenSSH client installed, you can transfer the key using the ssh-copy-id program, in one step.
This might become messy, so you might consider implementing a solution which virtualizes Git users (like github does). There are plenty to choose from:
gitolite — supposedly the most popular solution. No frills, is administered using a specialized admin Git repo holding the developers' public keys and a configuration file describing the repos and permissions on them. Plain Perl, installable as a package on most sensible distros.
gitlab — a turn-key all-in-one solution. Written in Ruby, so you might face maintenance nightmares.
gitblit — another all-in-one solution, written in pure Java (note that it does not call out to vanilla Git and uses a pure Java Git layer — JGit).

Can't understand ssh system in Heroku

I can't get the system of managing ssh keys.
I want to push application to Heroku, so I tried to push but get error.Here is my log
$ git push heroku master
! Your key with fingerprint bf:f6:ed:14:9d:cd:52:a2:a3:16:b2:e9:b4:f2:bf:ba is not authorized to access warm-samurai-6574.
fatal: The remote end hung up unexpectedly
User#PK /e/examples (master)
$ heroku keys:add
Found existing public key: C:/Users/User/.ssh/id_rsa.pub
Uploading SSH public key C:/Users/User/.ssh/id_rsa.pub
!This key is already in use by another account. Each account must have a unique key.
User#PK /e/examples (master)
$ heroku keys
=== 1 key for denys.medynskyi#gmail.com
ssh-rsa AAAAB3NzaC...etyxYh4Q== User#PK
Every account has own ssh key. So I can push from any computer, because ssh key is pushing to heroku ?
Every application on heroku should have own ssh key or not ?
Basically, your computer has an SSH key. However, the SSH key on it is associated with another Heroku account (different from the one you are using now). Your best bet would be to generate a brand new SSH key and add it to Heroku.
Just make a new SSH key on your machine and upload it to Heroku:
$ ssh-keygen
Make sure to save it as '/Users/User/.ssh/new_id_rsa.pub' when the prompt asks you.
$ heroku keys:add /Users/User/.ssh/new_id_rsa.pub
This should allow you to use Heroku.
As for your other questions: you can push to Heroku from any computer as long as you add the computer's SSH keys through heroku keys:add. And no, every application does not need to have it's own SSH key.
Your computer has an SSH key, but that SSH key is associated with another Heroku account. If you need to use both accounts for different applications on the same computer you should make a new SSH key on your machine and upload it to Heroku:
$ ssh-keygen
Make sure to save it as '/Users/User/.ssh/new_id_rsa.pub' when the prompt asks you.
$ heroku keys:add /Users/User/.ssh/new_id_rsa.pub
You then need to add another host to your ~/.ssh/config:
Host heroku-alt
HostName heroku.com
IdentityFile ~/.ssh/new_id_rsa
And then update the .git/config in your project to use the host alias:
[remote "heroku"]
url = git#heroku-alt:myapp.git
fetch = +refs/heads/*:refs/remotes/heroku/*
By choosing between heroku and heroku-alt in the remote of the .git/config files of specific projects you can manage which projects use which credentials.
Heroku requires an SSH key to be unique to an account. Two accounts cannot have the same ssh key.
You can do ONE of these to solve your issue:
Unlink the ssh key from the other heroku account. Chances are you are not using that account. This is path of least resistance.
Delete the existing keys. Generate a new ssh public/private key pair. Advantage is you will retain the default name for keys and thus it will be automatically found by any application you use.
Generate a new ssh public/private key pair and save it alongside your existing keys. The disadvantage is, these two keys will have a custom name. If you end up using these keys often, you will need to locally set configure ssh to use these instead of the default id_rsa. This does require some work and might get involved.
Which you choose really depends on you.
If you choose the third option, refer this answer https://superuser.com/a/272613/25665 for how to configure ssh locally to always use the new keys for heroku. In case you are wondering why bother with this, well, you will be interacting with heroku by pushing to a git repository. That requires you to be authenticated using ssh. By default it will use the older keys and you wont be able to push. Its just easier to instead tell ssh to use the alternate key when interacting with warm-samurai-6574.heroku.com
The following link has instructions on creating a new key. You will need to either accept the default names or give custom ones depending on which option you chose.
https://devcenter.heroku.com/articles/keys
Can you push from any computer?
Again, it depends. If the computer has your ssh keys and its configured to use your keys for the heroku domain, then yes. You can instead choose to not copy your keys there and simply add the ssh keys present there to your heroku account.
Does each app require a unique key?
No. You can have multiple apps under one heroku account. They all will share the keys you upload to your heroku account.
Let me see if I understand this correctly.
Most of the replies are agree on that the ssh keys we are using for git identifies the computer, because the suggestion they made is to regenerate the key on the other computer and upload it to Heroku.
From my point of view the SSH key should identify me as a developer of the app, and this is what creates the confusion. This means I have to bring my private and public keys with me and use it on any computer I use which can be accomplished with a pendrive or something similar.
So my suggestion is: copy your public and private keys with you, put them in the computer you want to use for pushing to Heroku and protect your private key with a password.

Resources