[Solved] Git + SHH + Private Key PAssPhrase

Answered

Hello,

My New Web Server need authentication with rsa 2048 key.

I therefore generated a key, I placed the ir_rsa and id_rsa pub files in my home folder ~/.ssh (windows 10)

But When i use the cvs comment (for pull or puch) I get an error :

The Error Log is (with buil-in ssh executable) :
15:14:14.657: [MyProject] git -c core.quotepath=false fetch origin --progress --prune
java.io.IOException: There was a problem while connecting to mywebhost.fr:22
at com.trilead.ssh2.Connection.connect(Connection.java:791)
at com.trilead.ssh2.Connection.connect(Connection.java:577)
at org.jetbrains.git4idea.ssh.SSHMain.start(SSHMain.java:171)
at org.jetbrains.git4idea.ssh.SSHMain.main(SSHMain.java:137)
Caused by: java.io.IOException: Key exchange was not finished, connection is closed.
at com.trilead.ssh2.transport.KexManager.getOrWaitForConnectionInfo(KexManager.java:92)
at com.trilead.ssh2.transport.TransportManager.getConnectionInfo(TransportManager.java:230)
at com.trilead.ssh2.Connection.connect(Connection.java:743)
... 3 more
Caused by: java.io.IOException: Cannot negotiate, proposals do not match.
at com.trilead.ssh2.transport.KexManager.handleMessage(KexManager.java:413)
at com.trilead.ssh2.transport.TransportManager.receiveLoop(TransportManager.java:754)
at com.trilead.ssh2.transport.TransportManager$1.run(TransportManager.java:469)
at java.lang.Thread.run(Thread.java:745)
fatal: Could not read from remote repository.
Please make sure you have the correct access rights
and the repository exists.

 

The Error Log is (settings>Version Control>git >SSH Executable to "native") :

15:13:50.031: [MyProject] git -c core.quotepath=false fetch origin --progress --prune
Permission denied (publickey).
fatal: Could not read from remote repository.
Please make sure you have the correct access rights
and the repository exists.

 

If i use the Git command un terminal the pull or push command works good :

 

What should I do to use PHPStorm's CVS buttons?

  • I tried to set settings>Version Control>git >SSH Executable to "native" : Same problem
  • I tried to Install putty utiliy, run "Pageant" services and import my private key : Same problem

 

My Git version is : 2.10.2.windows.1 (downloaded from https://git-scm.com/download/win)

My OS is Windows 10

 

Thanks for your help :)

 

 

 

4
24 comments

IntelliJ built-in SSH executable does not support strong security keys at the moment: https://youtrack.jetbrains.com/issue/IDEA-140196

Also, your keys are protected by a passphrase, that is why Native SSH does not work. IDE is not a terminal so cannot handle the prompt for a passphrase issued by the git

As a workaround, you could load the key to a ssh-agent, so executing git pull from the command prompt does not prompt you for a passphrase, and use Native SSH.

1
Avatar
Fabien Lierville

Thanks for your reply I understand the problem better

I have configured the SSH executable in "Native" :

And I Have launch the Pagent with my id_rsa.ppk

 

But the problem is still there (when I use the CVS button) :

 

On the other hand, since the php storm terminal, if I run the GIT command it works (but it requires a passphrase) :

Likewise if I execute the command Git Pull from the git Bash it also asks me the passphrase

So I added the ssh key to the ssh-agent provided by Git Bash :

But this is the same problem with CVS Button in PhpStorm :

Similarly if I type the command "git pull" in the terminal PhpStorm the latter also asks me the password passphrase

 

Similarly, the Windows command prompt, Git Pull also asks for the passphrase password :

I think the problem is there. The Git Pull command (from the PhpStorm terminal or from the Windows command prompt) would never ask me for the password

 

So I found the solution. In the "C:\ Program Files\Git\ cmd" folder you will find the file "start-ssh-pageant.cmd"

Before launching it is necessary to create an environment variable:
Name: SSH_AUTH_SOCK
Value: C: \ Users \ username \ .ssh \ .ssh-pageant-username

 

 

And now Git no longer asks me for the password passphrase in the PhpStorm terminal, so the CVS button works

Thank you again for your help

 

2

Me help this:

1. Save key permanently

ssh-add -K  

2. Configure the SSH executable in "Native"

https://intellij-support.jetbrains.com/hc/user_images/0U1soQH33wre6Fs7piKLaQ.png

4

Hi,

With PyCharm on my MacBook, I got things going in just a few minutes.

However, this took several days to get properly configured on my Windows box as I learned more about putty/pageant.

I got round this problem a slightly different way based on a comment in this thread: https://stackoverflow.com/a/28844923

"When you install git-scm you can then specify it to use tortoise/plink rather than OpenSSH."

So, to set this up I had to:

  1. Configure putty with pageant loading my key and prompting for my password.
  2. Install git-scm (32-bit) - I initially used the defaults not having yet found the above suggestion.
  3. Install and configure TortoiseGit - TortoiseGit uses the key from pageant.
  4. Re-install git-scm, this time using Tortoise/plink as suggested above.
  5. PyCharm Git SSH executable set to "Native" and (maybe not needed) not saving passwords in "Appearance & Behavior > System Settings > Passwords": IT WORKS!

 

3

@Richard Thank you!

Your solution is the one that worked for me. I just needed to reinstall Git and check "plink" instead of "ssh" and then it just worked! I already had TortoiseGit installed.

I have multiple keys (for different accounts) and everything simply worked! Magic! :) I don't know what plink does and what's the difference, but now it works.

 

It seems like I don't even need my ~/.ssh folder anymore with all the public keys... I already had the public keys there and a config file (because I have multiple keys, not like before - only one "id_rsa" file - before needing multiple keys). But now it seems it's working even if I delete all the public keys from ~/.ssh. All I need to do is have pageant with the private keys loaded.

1

I can't find a working solution to the problem above, already spent 2 days struggling.

SSH-connection to github worked fine for me for the last 2 months on MacOS X High Sierra. I don't know what has happened a few days ago, either MacOS update or Brew update, but any git operation fails with the log similar to the 1st post's from within IntelliJ, PyCharm or Webstorm. Console ssh connection or https via IDE works fine.

 

 

0

@Gyunter

It stopped working because of the https://github.com/blog/2507-weak-cryptographic-standards-removed

But it only happens when Builtin SSH is used? because of the https://youtrack.jetbrains.com/issue/IDEA-140196, the bug is already fixed, but the fix is only available in 2018.1 EAP yet.

So switching to native should work, of course in case git push/pull works from the terminal.

One more thing to note is that with Native, if your keys are protected with a passphrase you need to load them into ssh-agent first

1

@Dmitriy

Thank you for a prompt reply.

Yes, it only happens with built-in ssh. I'll switch to HTTPS for now and wait for the stable release.

Just in case someone with the same problem visits this thread:

A workaround to stay with IDE Git managment tool, go to:

VCS > Git > Remotes...

Change 'remote url' to https instead of ssh (git@...)

2

@Dmitriy

I am on Windows 10, using Windows git. The 'Native' ssh workaround was not working for me because my ssh key is protected with a passphrase. Although my git bash setup loads ssh-agent and prompts me to enter the passphrase when I open git bash, that instance of ssh-agent was evidently not available to phpstorm's 'Native' ssh mode.

I do not use Putty and did not want to load it and re-do my ssh keys just to use pageant.

I have found that the script at https://github.com/ericblade/ssh-agent-cmd/blob/master/sshagent.cmd does set up the ssh-agent that comes with windows git so that the passphrase is entered when phpstorm uses the 'Native' ssh mode.For those looking for a solution, this made the workaround work if I rebooted, ran the script and then opened phpstorm with Version Control > Git SSH executable set to 'Native'.

But I'll sure be glad when there is a stable release of phpstorm incorporating the fix.

 

 

0

GitBash is not a native Windows shell, and IDE does not have access to its environment, so cannot use agent configured in GitBash. So the ssh-agent should be started in a way to provide access in Windows command prompt.

GitForWIndows includes a script to start pagent (putty implementation that provides ssh-agent) - ..\Git\cmd\start-ssh-pageant.cmd.

Indeed, IDE restart is required after starting the agent in cmd.exe, because without restarting there is no SSH_AUTH_SOCK in the IDE environment - see e.g. https://youtrack.jetbrains.com/issue/IDEA-177894#focus=streamItem-27-2392859-0-0

 

0

Thank you Fabien!

For reasons I still don't understand, after 2 years of working just fine with passphrase protected keys, one day I woke up and PHP Storm didn't like them any more.  After a day of frustration I ran across this thread, and start-ssh-pageant was the answer.

But just to save anyone else hitting a little potential gotcha ... it seems you have to run it in a Windows cmd window, not in Git bash shell.

   -- hugh

0

windows 10

1) configured the SSH executable in "Native"  (phpStorm)

2) copy id_rsa to the folder C:\Users\username\.ssh 

3) start-ssh-agent.cmd  (start cmd)

https://docs.microsoft.com/en-us/vsts/repos/git/use-ssh-keys-to-authenticate?view=vsts

try to do push/pull on phpStrorm...

have а fun!

 

after reboot, to add the key, follow step 3)

1

Starting from 2018.3, IntelliJ is able to handle prompts issued by Native SSH, so it should show you a prompt if your key is passphrase-protected, with an option to save the password, when no ssh-agent is set up.

0

I'm on IntelliJ 2018.3.5 and I am not getting prompted for my passphrase. Is there something I have to setup first?

0

Correction, it does work if I use git installed in Windows, but not from the version in WSL. I was trying to avoid installing git on Windows and use the built-in git from Ubuntu WSL. Developing on Windows is such a pain.

@Dmitriy, any chance the WSL plugin will be enhanced to include git? The node integration works great and having git supported would be a amazing.

0

> but not from the version in WSL

WSL git is not supported and, the only way you could probably use it is some wrapper, and there are no wrappers known for me that provide full integration. Handling authentication is one of the major issues preventing usage of WSL git in IntelliJ.

> any chance the WSL plugin will be enhanced to include git

This plugin is about different tooling. There are no plans to fully support WSL git at the moment. Follow https://youtrack.jetbrains.com/issue/IDEA-172253

0

Thank you for the response @Dmitriy. I appreciate you taking the time to explain. This is one of the reasons I love JetBrains. Not only do they make great products, but the support is excellent.

0

Hi,

I'm facing the same issue: suddenly I can't fetch my repo "Permission denied (publickey)"

I tried the above solutions but it's still not working. Could you provide an updated protocol to make Pycharm work with Github authentification please?

Tks

0

Hello Romain Barillot

Please feel free to submit a support ticket, we will be happy to assist you:
https://www.jetbrains.com/support/

0

@Dmitriy Smirnov

Thanks from me, too!
That explanation helped to solve my issue -
i ran into after I updated git and tortoisegit on windows.

0

Has anyone figured out to do this with IntelliJ 2021.1.1? I keep getting a sign_and_send_pubkey: signing failed. I'm usuing Ubuntu 16.4 if that matters.

0

No similar reports on our tracker. Please either contact our team directly via Help | Contact Support, or submit this to our tracker at https://youtrack.jetbrains.com/newIssue 

0

Only basically add your private key under $HOME/.ssh/ and set the config file in $HOME/.ssh/config. Then change your remote url from https://... to ssh string like ssh://user@host:1234/srv/git/example. 

It worked for me (for Phpstorm on windows 11)

1

Please sign in to leave a comment.