jmalloc / grit

Keep track of your local Git clones.
MIT License
22 stars 3 forks source link

Intermittent SSH auth issues #48

Closed ezzatron closed 7 years ago

ezzatron commented 7 years ago

Sometimes I get this:

$ grit clone slouchhat/ui
probing 2 source(s) for slouchhat/ui
ghe: trying git@github.example.org:slouchhat/ui.git
github: trying git@github.com:slouchhat/ui.git
ghe: ssh: handshake failed: ssh: unable to authenticate, attempted methods [none publickey], no supported methods remain
github: ssh: handshake failed: ssh: unable to authenticate, attempted methods [none publickey], no supported methods remain
could not find 'slouchhat/ui' at any of the configured sources

Grit has previously been working fine for me.

jmalloc commented 7 years ago

Same version of Grit all along?

ezzatron commented 7 years ago

Yes, I've only ever installed it once.

jmalloc commented 7 years ago

Relevant code probably in:

jmalloc commented 7 years ago

I wonder whether @koshatul might be able to provide some insight 🤞

Not sure if it's relevant, but so far only users to hit this problem are using zsh.

jmalloc commented 7 years ago

So after talking with kosh, what I think I know is that it's ssh-agent related, and probably something to specific to Go's implementation. @Koshatul, were you able to reproduce this under bash reliably?

jmalloc commented 7 years ago

grit.zip

@ezzatron, can you try the binary in this archive please? It's a debug build that prints out the public keys that are made available to it from the agent. Note that it will print them once for each of the Grit sources you have defined.

ezzatron commented 7 years ago

I think I've figured out how to reproduce. I have my SSH key added to the macOS Keychain. This can be accomplished by running:

$ ssh-add -K [path/to/private SSH key]

In my ~/.ssh/config file I have these settings:

Host *
    UseKeychain yes
    AddKeysToAgent yes

After a fresh reboot, ssh-add -l spits out:

The agent has no identities.

Running grit at this time will produce something like:

$ grit clone org/repo
probing 2 source(s) for org/repo
github: trying git@github.com:org/repo.git
ghe: trying git@github.example.org:org/repo.git
ghe: ssh: handshake failed: ssh: unable to authenticate, attempted methods [none publickey], no supported methods remain
github: ssh: handshake failed: ssh: unable to authenticate, attempted methods [none publickey], no supported methods remain
could not find 'org/repo' at any of the configured sources

If I then SSH to any server using the standard macOS ssh client:

ssh something

The ssh-add -l command now spits out:

4096 SHA256:<redacted> (RSA)

And grit now works fine:

$ grit clone org/repo
probing 2 source(s) for org/repo
github: trying git@github.com:org/repo.git
ghe: trying git@github.example.org:org/repo.git
ghe: found git@github.example.org:org/repo.git
...

So it seems that there is some hook in the macOS SSH system to lazily add keys from the keychain to the SSH agent before connecting, and the Go implementation of SSH obviously doesn't do this.

jmalloc commented 7 years ago

@ezzatron after our last discussion I think we agreed that this is best solved by something in zsh init scripts?, please close if true

ezzatron commented 7 years ago

To be clear, it has nothing to do with zsh. It's a macOS thing. But yes, adding ssh-add -A to a startup script will add keys from the keychain to the agent.

On Mon., 13 Nov. 2017, 9:00 am James Harris, notifications@github.com wrote:

@ezzatron https://github.com/ezzatron after our last discussion I think we agreed that this is best solved by something in zsh init scripts?, please close if true

— You are receiving this because you were mentioned.

Reply to this email directly, view it on GitHub https://github.com/jmalloc/grit/issues/48#issuecomment-343775828, or mute the thread https://github.com/notifications/unsubscribe-auth/AAGHOBCFYLI30x1yLrtEKz6yiLm3soy5ks5s13iWgaJpZM4QXNc8 .