Cannot get password prompt for my private ssh key used to access bitbucket when doing git pull and other remote ops
Running Intellij ultimate 2018.2 on windows 7 (64) with GIT bash ( mingw64 ) installed.
Git from the console ( also the one I switched to gitbash ) and git from eclipse ( including storing the private key pwd ) works fine but any operations requiering ssh ( the transport configured to bitbucket ) fails with the message "Git xxx failed could not read from remote repository"
The way its supposed to work is that I should be prompted for the password for my private key but there seems to be some problem reading the passphrase to the private key.
Find the debug log from ssh:
Key part is the line "debug1: read_passphrase: can't open /dev/tty: No such device or address" at the end of the debug log below
**
Running Intellij ultimate 2018.2 on windows 7 (64) with GIT bash ( mingw64 ) installed.
Git from the console ( also the one I switched to gitbash ) and git from eclipse ( including storing the private key pwd ) works fine but any operations requiering ssh ( the transport configured to bitbucket ) fails with the message "Git xxx failed could not read from remote repository"
The way its supposed to work is that I should be prompted for the password for my private key but there seems to be some problem reading the passphrase to the private key.
Find the debug log from ssh:
Key part is the line "debug1: read_passphrase: can't open /dev/tty: No such device or address" at the end of the debug log
20:13:45.168: [3ds] git -c core.quotepath=false -c log.showSignature=false pull --progress --no-stat -v --progress origin master
OpenSSH_7.3p1, OpenSSL 1.0.2k 26 Jan 2017
debug1: Reading configuration data /c/Users/*userid*/.ssh/config
debug1: /c/Users/*userid*/.ssh/config line 1: Applying options for *
debug1: Reading configuration data /etc/ssh/ssh_config
debug2: resolving "bitbucket.domain.foo.bar" port 8888
debug2: ssh_connect_direct: needpriv 0
debug1: Connecting to bitbucket:port.
debug1: Connection established.
debug1: identity file /c/Users/userid/.ssh/id_rsa type 1
debug1: key_load_public: No such file or directory
debug1: identity file /c/Users/userid/.ssh/id_rsa-cert type -1
debug1: key_load_public: No such file or directory
debug1: identity file /c/Users/userid/.ssh/id_dsa type -1
debug1: key_load_public: No such file or directory
debug1: identity file /c/Users/*userid*/.ssh/id_dsa-cert type -1
debug1: key_load_public: No such file or directory
debug1: identity file /c/Users/*userid*/.ssh/id_ecdsa type -1
debug1: key_load_public: No such file or directory
debug1: identity file /c/Users/*userid*/.ssh/id_ecdsa-cert type -1
debug1: key_load_public: No such file or directory
debug1: identity file /c/Users/*userid*/.ssh/id_ed25519 type -1
debug1: key_load_public: No such file or directory
debug1: identity file /c/Users/*userid*/.ssh/id_ed25519-cert type -1
debug1: Enabling compatibility mode for protocol 2.0
debug1: Local version string SSH-2.0-OpenSSH_7.3
debug1: Remote protocol version 2.0, remote software version SSHD-UNKNOWN
debug1: no match: SSHD-UNKNOWN
debug2: fd 3 setting O_NONBLOCK
debug1: Authenticating to bitbucket.domain.foo.bar:8888 as 'git'
debug3: put_host_port: [bitbucket.domain.foo.bar]:8888
debug3: hostkeys_foreach: reading file "/c/Users/*userid*/.ssh/known_hosts"
debug3: record_hostkey: found key type RSA in file /c/Users/*userid*/.ssh/known_hosts:4
debug3: load_hostkeys: loaded 1 keys from [bitbucket.domain.foo.bar]:8888
debug3: order_hostkeyalgs: prefer hostkeyalgs: ssh-rsa-cert-v01@openssh.com,rsa-sha2-512,rsa-sha2-256,ssh-rsa
debug3: send packet: type 20
debug1: SSH2_MSG_KEXINIT sent
debug3: receive packet: type 20
debug1: SSH2_MSG_KEXINIT received
debug2: local client KEXINIT proposal
debug2: KEX algorithms: curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c
debug2: host key algorithms: ssh-rsa-cert-v01@openssh.com,rsa-sha2-512,rsa-sha2-256,ssh-rsa,ecdsa-sha2-nistp256-cert-v01@openssh.com,ecdsa-sha2-nistp384-cert-v01@openssh.com,ecdsa-sha2-nistp521-cert-v01@openssh.com,ssh-ed25519-cert-v01@openssh.com,ecdsa-sha2-nistp256,ecdsa-sha2-nistp384,ecdsa-sha2-nistp521,ssh-ed25519
debug2: ciphers ctos: chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,aes128-cbc,aes192-cbc,aes256-cbc,3des-cbc
debug2: ciphers stoc: chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,aes128-cbc,aes192-cbc,aes256-cbc,3des-cbc
debug2: MACs ctos: umac-64-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha1-etm@openssh.com,umac-64@openssh.com,umac-128@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1
debug2: MACs stoc: umac-64-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha1-etm@openssh.com,umac-64@openssh.com,umac-128@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1
debug2: compression ctos: none,zlib@openssh.com,zlib
debug2: compression stoc: none,zlib@openssh.com,zlib
debug2: languages ctos:
debug2: languages stoc:
debug2: first_kex_follows 0
debug2: reserved 0
debug2: peer server KEXINIT proposal
debug2: KEX algorithms: ecdh-sha2-nistp521,ecdh-sha2-nistp384,ecdh-sha2-nistp256,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1
debug2: host key algorithms: ssh-rsa
debug2: ciphers ctos: aes128-ctr
debug2: ciphers stoc: aes128-ctr
debug2: MACs ctos: hmac-sha1,hmac-sha2-256,hmac-sha2-512
debug2: MACs stoc: hmac-sha1,hmac-sha2-256,hmac-sha2-512
debug2: compression ctos: none
debug2: compression stoc: none
debug2: languages ctos:
debug2: languages stoc:
debug2: first_kex_follows 0
debug2: reserved 0
debug1: kex: algorithm: ecdh-sha2-nistp256
debug1: kex: host key algorithm: ssh-rsa
debug1: kex: server->client cipher: aes128-ctr MAC: hmac-sha2-256 compression: none
debug1: kex: client->server cipher: aes128-ctr MAC: hmac-sha2-256 compression: none
debug3: send packet: type 30
debug1: sending SSH2_MSG_KEX_ECDH_INIT
debug1: expecting SSH2_MSG_KEX_ECDH_REPLY
debug3: receive packet: type 31
debug1: Server host key: ssh-rsa SHA256:9kWdEd+rlkoikA7nkufb1YtepsUbU4CWrLd00yaWQok
debug3: put_host_port: [192.168.x.x]:8888
debug3: put_host_port: [bitbucket.domain.foo.bar]:8888
debug3: hostkeys_foreach: reading file "/c/Users/*userid*/.ssh/known_hosts"
debug3: record_hostkey: found key type RSA in file /c/Users/*userid*/.ssh/known_hosts:4
debug3: load_hostkeys: loaded 1 keys from [bitbucket.domain.foo.bar]:8888
debug3: hostkeys_foreach: reading file "/c/Users/*userid*/.ssh/known_hosts"
debug3: record_hostkey: found key type RSA in file /c/Users/*userid*/.ssh/known_hosts:7
debug3: load_hostkeys: loaded 1 keys from [192.168.x.x]:8888
debug1: Host '[bitbucket.domain.foo.bar]:8888' is known and matches the RSA host key.
debug1: Found key in /c/Users/*userid*/.ssh/known_hosts:4
debug3: send packet: type 21
debug2: set_newkeys: mode 1
debug1: rekey after 4294967296 blocks
debug1: SSH2_MSG_NEWKEYS sent
debug1: expecting SSH2_MSG_NEWKEYS
debug3: receive packet: type 21
debug2: set_newkeys: mode 0
debug1: rekey after 4294967296 blocks
debug1: SSH2_MSG_NEWKEYS received
debug2: key: /c/Users/*userid*/.ssh/id_rsa (0x60006bdd0)
debug2: key: /c/Users/*userid*/.ssh/id_dsa (0x0)
debug2: key: /c/Users/*userid*/.ssh/id_ecdsa (0x0)
debug2: key: /c/Users/*userid*/.ssh/id_ed25519 (0x0)
debug3: send packet: type 5
debug3: receive packet: type 6
debug2: service_accept: ssh-userauth
debug1: SSH2_MSG_SERVICE_ACCEPT received
debug3: send packet: type 50
debug3: receive packet: type 51
debug1: Authentications that can continue: publickey
debug3: start over, passed a different list publickey
debug3: preferred publickey,keyboard-interactive,password
debug3: authmethod_lookup publickey
debug3: remaining preferred: keyboard-interactive,password
debug3: authmethod_is_enabled publickey
debug1: Next authentication method: publickey
debug1: Offering RSA public key: /c/Users/*userid*/.ssh/id_rsa
debug3: send_pubkey_test
debug3: send packet: type 50
debug2: we sent a publickey packet, wait for reply
debug3: receive packet: type 60
debug1: Server accepts key: pkalg ssh-rsa blen 277
debug2: input_userauth_pk_ok: fp SHA256:YyeMKtQ6HTBSRk5InFFBFxpaFwesRolm/kn45W7dno0
debug3: sign_and_send_pubkey: RSA SHA256:YyeMKtQ6HTBSRk5InFFBFxpaFwesRolm/kn45W7dno0
debug1: read_passphrase: can't open /dev/tty: No such device or address
debug2: no passphrase given, try next key
debug1: Trying private key: /c/Users/*userid*/.ssh/id_dsa
debug3: no such identity: /c/Users/*userid*/.ssh/id_dsa: No such file or directory
debug1: Trying private key: /c/Users/*userid*/.ssh/id_ecdsa
debug3: no such identity: /c/Users/*userid*/.ssh/id_ecdsa: No such file or directory
debug1: Trying private key: /c/Users/*userid*/.ssh/id_ed25519
debug3: no such identity: /c/Users/*userid*/.ssh/id_ed25519: No such file or directory
debug2: we did not send a packet, disable method
debug1: No more authentication methods to try.
Permission denied (publickey).
fatal: Could not read from remote repository.
Please make sure you have the correct access rights
and the repository exists.
Please sign in to leave a comment.
IDE is not a terminal, so there is indeed to tty avaialble when it calls git client. It is expected.
Either use Built-in SSH client (Settings | Version control | Git), or add the key to ssh-agent. See e.g. https://intellij-support.jetbrains.com/hc/en-us/community/posts/115000114504-Git-SHH-Private-Key-PAssPhrase
Hi have tried the built in ssh client ( same result). Have also added the key to the git bash agent ( /usr/bin/ssh-agent ) and pageant, and again same result.The fact that I do not get prompted for the password when using the built in client must be a bug right?
Will try to find some workaround but..
/D.
> The fact that I do not get prompted for the password when using the built in client must be a bug right?
Could be a configuration issue. The client needs to find the key first - so the key should be either in default place (<userprofile>/.ssh/config/id_rsa), or you need the .ssh/config file specifying where the key is. It is recommended to use full path to the key in the config (e.g. C:\Users\name\.ssh\my_key instead of ~\.ssh\my_key).
As for the Native SSH, git bash is not a windows shell. IDE has no access to its environment. To use Native SSH, make sure that calling git from Windows command prompt works and does not ask for any input. This can be achieved in several ways, using pagent is one of the,. It needs additional configuration tough. See the mentioned post as an example
If you look at the debug it finds my key in the default location.
debug1: Offering RSA public key: /c/Users/k031790/.ssh/id_rsa
Have the same problem with the built in ssh executable ( i.e. it does not promt me for a password and complains about the missing pseudo tty )
The Eclipse GIT ssh integration has been running fine on the same computer and I can use pageant with the windows git and the unix agent with the mingw64 git bash shell.
Now I got it working only by starting a command window and from there running the start-ssh-pageant.cmd and after that starting the IDE in the same window ( cannot use the shortcut ) so guess I have a work-around for now
> If you look at the debug it finds my key in the default location.
This is the log of native SSH, builtin one does not generate such. So probably Builtin SSH does not find the key, or there is something else. You could check the IDEA.log for more details.
> Now I got it working only by starting a command window and from there running the start-ssh-pageant.cmd and after that starting the IDE in the same window ( cannot use the shortcut ) so guess I have a work-around for now
Great you found the workaround, however, it should work the other way.
start-ssh-pageant.cmd just start the agent process, which is not tight to the command line window. Agent should setup SSH_AUTH_SOCK variable so other tools could use it to authenticate. Basically, if you start IDE via shortcut (no Toolbox) after starting the pagent, it should load the SSH_AUTH_SOCK.
If you use ToolboxApp, you need to restart it first after the pagent started, and then start IDE.