Murmele / Gittyup

Understand your Git history!
https://murmele.github.io/Gittyup
MIT License
1.51k stars 113 forks source link

Support security keys for authentication with repos. #503

Open Sector14 opened 1 year ago

Sector14 commented 1 year ago

When using the system git via CLI with a security key (Nitrokey) that's been added to the ssh agent via "ssh-add -K". I can fetch/push/pull from Github without issue. However, trying the same using Gittyup, the key will flash to confirm usage but then will show:

Unable to fetch from 'origin' - error authenticating: Invalid signature for supplied public key, or bad username/public key combination

That's using a "sk-ssh-ed25519" key. If I instead use an "ssh-ed25519" key via a Gnuk token (and gpg-agent), everything works fine.

I assume Gittyup is not using the system's git client in the background and its version of libgit2 or libssh2 doesn't support the newer ssh security keys (sk-ssh-*)?

Is there any way to have Gittyup use the system's git? If not, would upgrading the libs Gittyup uses be possible? I believe sk-ssh keys are supported since version "libssh2 1.9.0" according to this blog post: https://github.blog/2021-09-01-improving-git-protocol-security-github/

exactly-one-kas commented 1 year ago

Using the git binary would require a substantial rewrite, so that's out of the question Upgrading libssh2 shouldn't pose a problem