On a mac mini with Mavericks I am having problems authenticating when I try to git clone from a private git server. I have installed and configured git on Windows and Ubuntu a few times with this same server and haven't this sort of problem before. I'm at a loss as to what to try next.
Symptoms:
git clone https://username#git.example.com:8448/git/libs/project.git
Cloning into 'project' ...
Password for 'https://username#git.example.com:8448': [1] note
fatal: Authentication failed for 'https://username#git.example.com:8448/git/libs/project.git'
[1] I am not asked for this on other systems. I believe I have configured my git client to not ask for passwords. No password I provide is good at this prompt
I have this in my ~/.gitconfig:
[http]
sslKey = /Users/macuser/auth/username.key
sslCert = /Users/macuser/auth/username.pem
sslVerify = false
[user]
name = username
email = username#example.com
I received the following files when setting up my client certificates which I placed in a folder named ~/auth:
username.cer
username.p12
username.pem
ca.cer
I ran this command to generate the key file:
openssl rsa -in /Users/macuser/auth/username.pem -out /Users/macuser/auth/username.key
And then I ran git config commands such as:
git config --global http.sslKey /Users/macuser/auth/username.key
git config --global http.sslCert /Users/macuser/auth/username.pem
git config --global http.sslVerify false
After configuring git just like the steps above, on other systems when I do a 'git clone https' it just works. On OS X Mavericks with Xcode command line tools installed, git cannot authenticate.
What am I doing wrong?
Thanks in advance.
Edit:
I thought I'd add this piece of information. The server is using a self signed certificate, or one which comes from no authority. This is why I set http.sslVerify to false.
Here are the verbose clone commands. The setups on Linux and Mac are the same, save for auth folder locations. The Linux version succeeds while the Mac version fails.
http://cache.codebot.org/stackoverflow/linux-git-works.txt
http://cache.codebot.org/stackoverflow/mac-git-fails.txt
Answer:
sudo port install git-core
when you try to use git clone and if its prompt for password please provide the git personal access token here
that will resolve the issue.
The solution was to use the macports version of git rather than using the version included with Xcode command line tools.
sudo port install git-core
sslVerify false? Then you desactivate completely the certificate verification by curl.
You can have more details with:
GIT_CURL_VERBOSE=1 git clone https://...
Check if the other systems don't have a %HOME%/_netrc (Windows) or ~/.netrc (unix) with your credentials in it, which would explain why you don't have to enter a password there.
In your case, it is possible the CA and other root certificates used in Linux in /etc/ssl/certs/ca-certificates.crt aren't present on mac.
Try to add the content of that Linux file to the git cert file on the client side on your <path/to/git/bin/curl-ca-bundle.crt> file, a bit like in this solution.
The OP sysrpl reports though that it isn't necessary, since sysrpl had to do a:
sudo port install git-core
to update/reset the git installation on the Mac.
Related
I'm using Windows Git-bash to push to my repository using ssh (not https). I have followed the instructions in this page
https://help.github.com/articles/generating-a-new-ssh-key-and-adding-it-to-the-ssh-agent/
$ ssh-keygen -t rsa -b 4096 -C "barghouti_since88#hotmail.com"
$ ssh-add ~/.ssh/id_rsa
Then copied the key in ~/.ssh/id_rsa and copied it to my ssh keys in github account by following this setup
https://help.github.com/articles/adding-a-new-ssh-key-to-your-github-account/
But now when I try to push using
$git add file
$git commit -m "adding file"
$git push
I'm getting the following
FATAL ERROR: Couldn't agree a key exchange algorithm (available: curve25519-sha256,curve25519-sha256#libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521)
fatal: Could not read from remote repository.
Please make sure you have the correct access rights
and the repository exists.
There are a few possibilities you can examine:
did you "git clone" the repository with 'https' instead of 'git'? If
you want to git push with ssh, you need to clone with ssh as well.
is your Git for Windows version recent enough ? every once in a while, GitHub removes support for older, weaker, crypto, and your
software needs to match the server's algorithms, which in this case
it didn't, per the error message.
are you using the same ssh software as git ? Git for Windows comes with ssh included, but ssh can also have been installed separately,
on its own as OpenSSH, or included with putty, for instance. Compare
the output of 'where ssh-keygen' with the environment variable
GIT_SSH.
Hope this helps
I am having and old Macbook running Osx Lion 10.7.5 which is the highest upgrade that it supports.
On running git clone I get this error.
Veers-Macbook:~ Veer$ git clone https://github.com/heroku/python-getting-started.git
Cloning into 'python-getting-started'...
fatal: unable to access 'https://github.com/heroku/python-getting-started.git/': error:1407742E:SSL routines:SSL23_GET_SERVER_HELLO:tlsv1 alert protocol version
Based on other similar questions, my system details are as follows:
Veers-Macbook:~ Veer$ which git
/usr/local/git/bin/git
Veers-Macbook:~ Veer$ git --version
git version 2.3.5
Veers-Macbook:~ Veer$ git config http.sslVersion
tlsv1.2
I ran these two commands
git config --global --unset http.sslVersion
git config --global --add http.sslVersion tlsv1.2
To verify I ran the config file
Veers-Macbook:~ Veer$ git config --global --list
user.name=Gurupratap Matharu
user.email=gurupratap.matharu#gmail.com
credential.helper=osxkeychain
core.excludesfile=/Users/admin/.gitignore
mergetool.sublime.cmd=subl -w $MERGED
mergetool.sublime.trustexitcode=false
merge.tool=sublime
alias.gui=!sh -c '/usr/local/git/libexec/git-core/git-gui'
http.sslversion=tlsv1.2
Looks like the config file has the http tlsv1.2 but the error still persists.
could you guide how can I fix this. My only aim is to use github via the command line.
This is likely caused by old encryption on lion, which the internet has declared as deprecated ( for example, https://githubengineering.com/crypto-removal-notice/ )
For one solution, you can try tigerbrew https://github.com/mistydemeo/tigerbrew
For a different experimental solution, I have made my own very simple package here: http://try.gitea.io/donbright/lm which will bootstrap curl and git on a Lion machine if you have Xcode + Xcode command line tools already installed. However your complicated git config will maybe not work with it, you might have to wipe the config clean.
According to this link, I simply need to include the -S switch to sign my commit using my GPG key, but I don't see how I can use that in Android Studio.
How do I sign my commits in Android Studio?
EDIT: I appreciate that OSX solutions are coming along, but I'd really like to see an answer that works with Windows. I only use my Mac for documents and stuff.
As I mentioned in "Sign git commits with GPG", with Git 2.0:
If you want to GPG sign all your commits, you have to add the -S option all the time.
The commit.gpgsign config option allows to sign all commits automatically.
This doesn't fully work though, and is followed by issue 127802, with the following workarounds:
Created a helper script with that content:
/usr/bin/gpg –batch –no-tty "$#"
and set gpg.program to that script
Or:
Adding "no-tty" to "~/.gnupg/gpg.conf" solved the problem for me.
You might still get the error message:
Commit failed with error:
gpg: problem with the agent - disabling agent use
gpg: Sorry, no terminal at all requested - can't get input
error: gpg failed to sign the data
fatal: failed to write commit object
Again: bug in progress, also followed by issue 110261:
resolve it with this in addition to the previous solution (OS X):
1) brew install gnupg gnupg2 pinentry-mac
2) nano ~/.gnupg/gpg-agent.conf ->
pinentry-program /usr/local/bin/pinentry-mac
3) git config -–global gpg.program gpg2
After make some test I follow this steps and it works
Please remember to restart the Android Studio after follow this steps:
Are you tired off write the password for each commit???
Follow the link:
https://github.com/pstadler/keybase-gpg-github
after that edit the gpg.conf
nano ~/.gnupg/gpg.conf
add the following lines
use-agent
no-tty
default-key <your key id>
after made all the configuration and if you use MacOS. You should:
ln -s /usr/local/Cellar/libgcrypt/1.7.0_1 /usr/local/opt/libgcrypt
ln -s /usr/local/Cellar/libgpg-error/1.22 /usr/local/opt/libgpg-error
ln -s /usr/local/Cellar/libassuan/2.4.2 /usr/local/opt/libassuan
ln -s /usr/local/Cellar/pth/2.0.7 /usr/local/opt/pth
execute
source ~/.profile
make one commit using the option -S
git commit -am "my commit message" -S
you should get a password promp.
-- put your password
Thats it!!!
If you have git for Windows installed, and selected MingGW option during setup, this is what I used to get Android Studio working with signing commits.
Programs mentioned/used with links for those who don't have them yet.
Android Studio 2.2.2
Gpg4win 2.3.3 (https://www.gpg4win.org/download.html)
Using variant "Gpg4win with GnuPG component only"
Git for Windows 2.10.1
For those who wants to read the article I used to get gpg signing working in my Windows environment (The bottom half of the page starting with the git config lines are what we're more concerned with):
https://jamesmckay.net/2016/02/signing-git-commits-with-gpg-on-windows/
I'll briefly walk through the process for doing the gpg portion via command line - presuming that all three programs are installed already from here on in.
Check Git setting in Android Studio
If you haven't specified where git is in Android Studio, here's where you do it in Settings:
NOTE: This can be done either in File > Project Settings for one project or File > Other Settings > Default Settings...
Version Control > Git > Path to Git Executable
Since I was using the MinGW version, it's set to:
C:\Program Files\Git\mingw64\bin\git.exe
Export existing public and secret keys from MinGW version (git bash)
NOTE: Execute using MinGW prompt program
gpg --export > ~/gpg-public
gpg --export-secret-keys > ~/gpg-secret
NOTE: For those who don't know, ~/ is by default set to your user's home directory. (e.g. Windows 10: C:/Users/%USERNAME%)
Import exported keys into Gpg4win
NOTE: Execute using Windows Command Prompt.
gpg --import < "C:/Users/%USERNAME%/gpg-public"
gpg --import < "C:/Users/%USERNAME%/gpg-secret"
Replace the location with wherever your gpg-public and gpg-secret files are.
Make git use gpg from Gpg4win
As mentioned in the article. It's reposted here if you didn't open it.
NOTE: Execute using MinGW prompt program
git config --global gpg.program "C:/Program Files (x86)/GNU/GnuPG/gpg2.exe"
Replace the gpg.program value (keeping the gpg2.exe) above with wherever you specified the gpg4win installer to install it to.
(OPTIONAL) While you're at it, you can configure your git to auto sign your commits with a default key (git version >= 2.0 required)
git config --global user.name <name>
git config --global user.email <email>
git config --global user.signingkey <your-key-ID>
git config --global commit.gpgsign true
Replace the values in < > with your own. You can get the key ID by running gpg --list-keys and taking the ID from the line starting with pub and after the /.
Now you should be able to commit using Android Studio and see a prompt come up for the password entry.
I'm a Git instructor, so must have multiple GitHub accounts for demonstration purposes. I'm using Git on both Ubuntu, Windows and sometimes in OS X.
I have a problem in OS X where Git remembers the previous credentials. According to the screen shot, I want to push a testing repository to GitHub account of jeud, but Git remembers the credentials of account tutor4dev, so Git never prompts me for any authentication like I would get when using Ubuntu and Windows.
I have tried git config credential.https://github.com.jeud jeud, but it's still not working.
Please guide what to do, thanks.
Edited
In my case, I can reset the current username and password using /Applications/Utilities/Keychain Access
But if possible, I would like Git to prompt me for authentication every time when github.com requires for credential.
I have removed the credential helper using git config --global --unset credential.helper and setup core.askpass using git config --global core.askpass true, but Git still uses the username and password stored in the OS.
I have solved my problem by deleting existing credential on my machine using /Applications/Utilities/Keychain Access
Try using:
git config --global --edit
That should show you the contents of .gitconfig located at:
~/.gitconfig
I am trying to clone a repository at Github, but I am getting SSL Certificate problems.
$ git clone https://github.com/HonzaKral/django-threadedcomments.git
Initialized empty Git repository in /Users/Bryan/work/django-threadedcomments/.git/
error: SSL certificate problem, verify that the CA cert is OK. Details:
error:14090086:SSL routines:SSL3_GET_SERVER_CERTIFICATE:certificate verify failed while accessing https://github.com/HonzaKral/django-threadedcomments.git/info/refs
fatal: HTTP request failed
How do I install the appropriate certificates?
EDIT: I was able to avoid the issue entirely by using git:// versus https://
Open Keychain Access, select all the certificates in "System Roots" (except those crossed out, if any), right click and export all the items into a PEM file.
Then, use git config --system http.sslCAInfo /path/to/this/file.pem. If you don't want to set this globally with --system before cloning that particular repository, you can set this path in the GIT_SSL_CAINFO environment variable (e.g. GIT_SSL_CAINFO=/path/to/this/file.pem git clone ...). This will make Git (and libcurl) use that file as the trusted CA file. (You can check the details for this option in the git-config man-page.)