TortoiseGit with openssh key not authenticating using ssh-agent
Asked Answered
T

10

61

I'm setting up a git environment on Windows XP (msysGit 1.7.11, TortoiseGit 1.7.14) and trying to achieve following points :

  • ssh connection on a port different than default 22
  • ssh authentification handled by ssh-agent

So I create a ~/.ssh/config file :

Host gitbox
   User gitolite
   Hostname XX.XX.XX.XX
   Port 154
   PreferredAuthentications publickey
   IdentityFile "/c/Documents and Settings/kraymer/.ssh/id_rsa"

When using the git bash CLI, everything works as intended.

I'm struggling with TortoiseGit.
I first installed TortoiseGit with Plink and using Pageant to load ssh private key. The automatic authentication (Pageant) worked but setup was a fail as TortoiseGit don't recognize git repos url formatted as gitolite@gitbox/repo.git.

I then decided to install TortoiseGit using openssh client, so the config file can be read by the ssh client, and to mimic the git CLI setup.
I picked the ssh.exe shipped with msys git as ssh client in TortoiseGit settings.
When doing a git pull, the remote url is now resolved but the passphrase password is asked while I expect ssh-agent automatic authentication to occur.

https://static.mcmap.net/file/mcmap/ZG-AbGLDKwfkaC2kbmfeWmfPKmMva3/u/1026715/tortoisegit.png

Is it possible to make TortoiseGit work with ssh-agent ?
Or make TortoiseGit (Plink) aware of .ssh/config ?

Edit #1

Following @VonC advice I configured my $HOME variable.
When I click Show environment variables in TortoiseGit I now have :

 HOME=C:\Documents and Settings\kraymer  
 HOMEDRIVE=C: 
 HOMEPATH=\Documents and Settings\kraymer 

But git pull still require I enter passphrase.

Tycoon answered 22/11, 2012 at 15:45 Comment(1)
Git or Bash is not working with ssh-agent by default, because they using it's own ssh.exe. I would like to go with system ssh.exe (for win10 it located in C:\Windows\System32\OpenSSH\ssh.exe) You can put it in TortoiseGit: Settings>Network >SSH>SSH Client. Also i'm using a system ssh.exe with Git and Bash also, and set up GIT_SSH environment variable with the path above. Another approach, described further here in the answers, is to separately make git's built-in ssh.exe work with ssh-agent, but this needs to be done for Bush, for git, configure Putty for TortoiseGit... different ways.Wirework
A
148

No tweaks needed.

Just make TortoiseGit point to the same ssh client used by git itself, see the screenshot:

enter image description here

This should be C:\Program Files\Git\usr\bin\ssh.exe in latest version of Git as mentioned by Aleksey Kontsevich in the comments.

Archive answered 25/10, 2015 at 10:28 Comment(10)
In latest Git version it is - C:\Program Files\Git\usr\bin\ssh.exeMansized
After much trouble, found this one and this is the way todo it IMHO. Just setup the identity in git-bash and use it in TortoiseBasilius
this step can probably be avoided if you choose to use the git ssh client instead of their "recommended" client when you install tortoise git.Shuffleboard
Seems to be a bug in TortoiseGit (my version 2.5.0.0 64bit) where the OK button doesn't do anything if you change the SSH client. To work around I clicked the "Enable Proxy Server" as well. Then reopened the dialog to check the state is correct (it unchecked it again as I didn't enter any proxy settings)Longterm
Hi, this works for me but every time I try to communicate with remote it pops up a bunch of black windows (blank Windows terminals that disappears immediately). Am I the only one have this problem? Is there any way to make it more silent?Moisesmoishe
Hi @张实唯, I'm not sure how to help with these pop-ups. Could you grab a screenshot of the contents of these windows? It helps to know what command they are running.Archive
There's no C:\Program Files\Git\usr\bin\ssh.exe in my case, but found C:\Windows\System32\OpenSSH\ssh.exe which seems to workSibell
Hi @Sibell #TortoiseGit in Network Section C:\Program Files\TortoiseGit\bin\TortoiseGitPlink.exe To "C:\Users\{user}\AppData\Local\Programs\Git\usr\bin\ssh.exe"Thoroughfare
@Sibell you can refer #13516619Thoroughfare
To find correct path you may use where.exe ssh.exe [win10 power shell]Ruthannruthanne
T
6

Windows10 System
#TortoiseGit
In Network Section
From : C:\Program Files\TortoiseGit\bin\TortoiseGitPlink.exe
To : "C:\Users{user}\AppData\Local\Programs\Git\usr\bin\ssh.exe"

enter image description here

Thoroughfare answered 5/10, 2021 at 21:28 Comment(0)
M
5
  1. Cygwin

Use approach described in the following article: https://help.github.com/articles/working-with-ssh-key-passphrases

Password will be asked only once on the cygwin session startup. !!! Before exiting cygwin session don't forget to kill ssh-agent process (use ps for find process PID and kill -9).

We are using separate approach for cygwin, because cygwin by some reason doesn't see processes started externally in windows environment.

2, 3) MsysGit, TortoiseGit

Useful link: http://dogbiscuit.org/mdub/weblog/Tech/WindowsSshAgent

Install MsysGit. Install TortoiseGit (check openssh instead of plink during installation). !!! Check systems variables. If there is GIT_SSH variable present - remove it.

Go to TortoiseGit->Settings->General

Set Git exe Path to /bin Set External dll path to /mingw/bin

Go to TortoiseGit->Settings->Network Set SSH Client property to /bin/ssh.exe

Define system variable SSH_AUTH_SOCK=C:\temp.ssh-socket

Start cmd.exe and execute following commands(since we installed MsysGit all following commands are accessible in cmd - /bin is added to system PATH variable):

# following command is required to execute for avoiding Address already bind message when ssh-agen is not started yet but .ssh-socket exists after previous agent session
rm "%SSH_AUTH_SOCK%"

# Starting ssh-agent
ssh-agent -a "%SSH_AUTH_SOCK%"

# Adding our openssh key
ssh-add "%USERPROFILE%\.ssh\id_rsa"

# Type password for your key

That's it. From that moment you can execute git push, git pull from TortoiseGit and MsysGit without prompting passphrase.

When ssh-agent is no longer required you can kill it through windows task manager.

Monoatomic answered 16/2, 2013 at 17:48 Comment(0)
T
4

I first installed TortoiseGit with Plink and using Pageant to load ssh private key. The automatic authentication (Pageant) worked but setup was a fail as TortoiseGit don't recognize git repos url formatted as gitolite@gitbox/repo.git.

I finally found a workaround which consist to create a PuTTY session with the same name that the ssh alias (ie gitbox in the question).
This way I can clone as git clone gitbox/monrepo in the CLI and the origin syntax is correctly handled by TortoiseGit.

Tycoon answered 9/1, 2013 at 16:51 Comment(0)
T
4

There seems to be a whole variety of options to solve this. As none of the above have worked for me, I tought I'd share what helped for me.

Screenshot: Network settings / Git SSH Client

In Settings... -> Network -> SSH -> SSH client, set the client to C:\Program Files\TortoiseGit\bin\TortoiseGitPlink.exe. Using Pageant, you're then automatically authenticated as expected, otherwise you are prompted for your private key passphrase. Make sure the "Autoload Putty Key" option is checked in the push dialog.

Throb answered 19/11, 2016 at 1:39 Comment(1)
This also worked for me on Windows 10 with 64-bit Git for Windows, since I use Putty + Pageant combination for SSH access to my company's servers. Also, my environmental variable GIT_SSH is set to C:\Program Files\PuTTY\plink.exeGeese
C
3

None of the above answers worked for me.

I created this batch file to solve the problem.

CALL "C:\Program Files\Git\cmd\start-ssh-agent.cmd"
SETX SSH_AUTH_SOCK "%SSH_AUTH_SOCK%"
SETX SSH_AGENT_PID "%SSH_AGENT_PID%"

Run this once, and enter your passphrase.

Then you can use tortoisegit with openssh without having to enter your passphrase for every operation.

Conure answered 7/7, 2016 at 22:55 Comment(1)
I also couldn't make TortoiseGit to work with any of the solutions above. Only this worked for me. Thanks!Cowbind
F
2

Make sure to launch your TortoiseGit in an environment where HOME is defined, and reference the parent directory of .ssh.
This is important since, on Windows, HOME isn't defined by default.

See as an example: "Auth fails on Windows XP with git and tortoisegit".
(Other possible sources: "How to I tell Git for Windows where to find my private RSA key?")

Fidellia answered 23/11, 2012 at 7:35 Comment(4)
thought that was it but no, nothing changed (see Edit #1). Concerning serverfault.com/a/198614, just to be sure: mentioning the key for each remote is only needed if using Putty key, not openssh?Tycoon
@Tycoon did you try with the remote repo address: gitbox:repo.git ?Fidellia
With openssh client -my prefered choice- I tried both (using full ssh://... adress and gitbox alias), and both work, that's just that it keeps asking me to enter the passphrase manually.Tycoon
@Tycoon and your ssh-agent does run from an environment where %HOME% is defined as well?Fidellia
T
2

Since the explanations here are a bit outdated, I decided to post my solution.

I am using Git Bash and TortoiseGit 2.8.0 in Windows 10, which are common nowadays.

I set ssh.exe as SSH client in Settings->Network as explained in previous posts.

I created a script with the following commands, as explained in a previous comment. You might also want to set a HOME environment variable, in case your system does not do it automatically. Assuming your home is in drive H:\ you can add the following lines:

SETX HOME /h
CALL "C:\Program Files\Git\cmd\start-ssh-agent.cmd"
SETX SSH_AUTH_SOCK "%SSH_AUTH_SOCK%"
SETX SSH_AGENT_PID "%SSH_AGENT_PID%"

I added the script using Win logo+R shell:startup to the startup folder. Alternatively, you can add the script to the registry to guarantee that it runs before other processes:

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run

Make sure to type exit to close the console and allow for the variable to be set for future processes.

Tapestry answered 20/3, 2019 at 16:28 Comment(0)
V
1

If you use RSA keys in repositories, add at the end of the script as described above^

CALL "C:\Program Files\Git\cmd\start-ssh-agent.cmd"
...
"C:\Program Files\Git\usr\bin\ssh-add"  ~/.ssh/myid.rsa

Works with Git 2.24.0, TortoiseGit 2.9.0, Windows 10 and no any Putty using.

Voiceful answered 5/11, 2019 at 20:29 Comment(0)
N
0

This is how I was able to authenticate using my github ed25519 keypair with OpenSSH, tortoisegit, and windows 10.

  • no 'autoload putty key'
  • no pageant
  • no plink
  • no putty key in remote tab
  • no credential helpers
  • no credentials (set to None)

Rename keypair file to C:\Users\user\.ssh\id_ed25519

Open advanced security properties of C:\Users\user\.ssh\id_ed25519, Convert inherited permissions to explicit permissions, remove all but SYSTEM and current user, otherwise an error appears:

@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
@         WARNING: UNPROTECTED PRIVATE KEY FILE!          @
@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
Permissions for 'C:\\Users\\user/.ssh/id_ed25519' are too open.
It is required that your private key files are NOT accessible by others.
This private key will be ignored.
Load key "C:\\Users\\user/.ssh/id_ed25519": bad permissions

Verify access to github:

ssh -vT [email protected]

positive confirmation appears like this:

Hi myusername! You've successfully authenticated, but GitHub does not provide shell access.

Change the SSH client in the network tab to C:\Program Files\Git\usr\bin\ssh.exe

Change the remote origin URL:

before

https://github.com/myusername/ShellExtContextMenuHandler.git

after

[email protected]:myusername/ShellExtContextMenuHandler.git

The most unintuitive roadblock is the format of the remote origin URL. The HTTPS URL style invokes a credential challenge, no matter what the tortoise settings are, and the latter, SSH style URL causes tortoise to allow SSH.exe handle authentication. In Github when using the green code button, remember to switch it to SSH style before copying the URL.

Newport answered 6/9, 2023 at 17:42 Comment(0)

© 2022 - 2024 — McMap. All rights reserved.