git push fails in DevContainer with permission denied (publickey) error even though ssh public key is set correctly

[DerekHarter]

• VSCode Version: 1.68.1
• Local OS Version: first reported by a MacOS user with M1 architecture, but again I don't think it is MacOS specific?
• Remote OS Version: Ubuntu 22.04
• Remote Extension/Connection Type: Docker

Steps to Reproduce

1. Install VSCode, Docker and remote containers as instructed in this repository
2. Clone a git repository normally on local machine
3. Open folder in container

For this issue, development in the repository/assignment appears normal. Can access git functionality in the VSCode Source Control side bar. Can create a commit. But when you go to push the commit will get something like a public key permission denied error:

$ git push
git@github.com: Permission denied (publickey).
fatal: Could not read from remote repository.

Please make sure you have the correct access rights
and the repository exists.

Description

The ssh key appears to have been correctly created by the user/student. And the clone works because using the ssh key on the local host is working fine. But a push (or a clone) running inside of the DevContainer fails, as if the public/private ssh key is not available.

It is not clear why for some people the ssh key is shared or injected into the DevContainer, but in other installs it is not. I have yet to research how the local host ssh key is shared or injected into a Docker DevContainer. But in short, the local host ssh key has not been correctly copied or made available inside of the DevContainer, thus pushes or other git commands that contact the remote repository will fail.

Workarounds

1. The ssh key and git works fine on the local host. If you are cloning the repository normally, but then reopening in a DevContainer, the files and git repository are all shared/mounted between local host and container. So you can usually just simply open up a command terminal on the local host and perform a

   > git push

   Only commands that need to push or pull the remote origin (GitHub) will fail in the DevContainer, so can do the clone and push on the local host.

2. You can generate a new ssh key inside of the DevContainer

   $ ssh-keygen
   vscode ➜ /workspaces/assg00-tamuc-student-team (main ✗) $ ssh-keygen
   Generating public/private rsa key pair.
   Enter file in which to save the key (/home/vscode/.ssh/id_rsa):
   Enter passphrase (empty for no passphrase):
   Enter same passphrase again:
   Your identification has been saved in /home/vscode/.ssh/id_rsa
   Your public key has been saved in /home/vscode/.ssh/id_rsa.pub
   The key fingerprint is:
   SHA256:NHKJvUVTh6LciUhgzL/OG7auD9t7/ll3WfQhQeHKu90 vscode@5f61125fe22c
   The key's randomart image is:
   +---[RSA 3072]----+
   |   oo.    o.o=o  |
   |   .o .o o..o..  |
   |     ooo*+.o o ..|
   |      o++++ . ..o|
   |       .S  o    o|
   |      .     .   o|
   |    .oo    .. ...|
   |     =oo.  oo... |
   |    o+B=..o. . E |
   +----[SHA256]-----+
   vscode ➜ /workspaces/assg00-tamuc-student-team (main ✗) $ cat /home/vscode/.ssh/id_rsa.pub
   ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQCgllliaGfAMTlZ3gWFzZsoviebfn+95ESM9SfH8ToZsqidyQAapEUzKQ59f7ihZ5vCW8wxSF3rcobTYGFXttkhJBJE0z8UZKLatwSHErJPibECxRVqT5EuBOQjXfUKVHnMDCSZOMSEbBRWdPRv1PC3gXCHPGAsZtJH7rDitozuAiifN7T9fwDQzghzyfHweSiZ1xxNDOpVHF6h6606MJN2ONtulqqOFgbKEP6cSwD2OxkqUhARagIWxryZVmfR1FwSlS17KFsRrZyDMjDqUTx0QTXwAEJEu65nrHJ3JQELSzF5r4p4jrNr8YOJpTLCwW2/qB9y0VDThsvZdtofWpCdeMpLmbi5ZF61I/4176nOOsPRH7TDIGPVNZ5Ajv9dpB3hGyoTLU6c8uHfHaLDjw5dX+Dr8Kc+nFxqfs6sgGnqE7yKPLFHsZQbktRHtNU9MszRQDeVdkxYewztSgreHS6sSZMpxI+gh3PiKF92kX2NYeKIDd8thCNvMJz6rB30FI8= vscode@5f61125fe22c

   The key in the containers /home/vscode/.ssh/id_rsa.pub would then need to be added to the GitHub/Remote Repository ssh keys. This workaround would require you to generate a new ssh key for every assignment/DevContainer repository that is worked on.

3. I did not try this yet, but in theory you could copy the id_rsa private key file from the local host to /home/vscode/.ssh/id_rsa This would be a bit eaiser than 2 if it works, because would not have to constantly add new ssh keys to GitHub in this case.

References

• https://github.com/microsoft/vscode-remote-release/issues/4024
• https://github.com/microsoft/vscode-remote-release/issues/3551

[abristow3]

Experiencing same issue on MacOS with M1 architecture, VS Code version 1.71.0

[nahuel]

Try running ssh-add -l on a host terminal, if the output is The agent has no identities. then execute (also on host) ssh-add ~/.ssh/id_rsa (or the path to your private key). Now the same command should list the key is successfully added. Then execute ssh-add -l on the container terminal to see if the key was successfully shared. This sharing is done using the sockfile pointed by the SSH_AUTH_SOCK env variable inside the container. VSCode should set it automatically.

Also see https://apple.stackexchange.com/questions/48502/how-can-i-permanently-add-my-ssh-private-key-to-keychain-so-it-is-automatically