Linux ssh-agent/ssh-askpass problem

[derN3rd]

As already reported in #33814, #32097, #52137 the bug isn't fixed for me and the workarounds don't work either

VSCode Version: 1.26.1
OS Version: Ubuntu 16.04
Date: 2018-08-16T18:34:20.517Z
Electron: 2.0.5
Chrome: 61.0.3163.100
Node.js: 8.9.3
V8: 6.1.534.41
Architecture: x64
Shell: zsh

Steps to Reproduce:

1. Open a Git repo folder
2. Call a Git action like sync, push etc

Does this issue occur when all extensions are disabled?: Yes

I'm using ssh-agent to keep all my keys opened and enter the passwords after I boot (ssh-add ~/.ssh/id_rsa). I can use git from the terminal without any problems, but "use the terminal then" is not a valid workaround for me when a whole feature doesn't work. I've set some configs in my ~/.ssh/config file as well

Host *
  ServerAliveInterval 60
  AddKeysToAgent yes
  IdentityFile ~/.ssh/id_rsa
Host gitlab.com
  HostName gitlab.com
  User git
Host github.com
  HostName github.com
  User git

But it still get this error when using a feature that calls a remote git action:

> git pull --tags origin master
ssh_askpass: exec(/usr/bin/ssh-askpass): No such file or directory
Permission denied (publickey).
fatal: Could not read from remote repository.

Please make sure you have the correct access rights
and the repository exists

I already tried installing ssh-askpass with sudo apt-get install ssh-askpass-gnome ssh-askpass but he asks me every single time for a password, so the ssh-agent is ignored

[joaomoreno]

It's pretty strange that the configured ssh-askpass is being ignored. Do you see the ssh-askpass-gnome opening up when using the terminal?

And I assume that, in the terminal, you are never asked for your key password, since it is unlocked at login?

[derN3rd]

@joaomoreno No, I just installed it to try fix to error with vscode.

I have a script that adds all my keys with ssh-add after I login, then I enter my passwords. After that I'm never asked again until I reboot

[joaomoreno]

Interesting. Are you also not asked if you're using Code's integrated terminal?

Where do you set that script up? In .bashrc? Could I see it?

[derN3rd]

I'm using zsh instead of bash. The interegrated terminal uses zsh as well, so there should be no difference to the normal terminal.

The next configs are required to have all ssh-add(ed) keys in one single instance of a ssh-agent

In my .zshrc I have

SSH_ENV="$HOME/.ssh/environment"
source ~/.dotfiles/.sshAgent

and my .dotfiles/.sshAgent file

function start_agent {
    echo "Initialising new SSH agent..."
    /usr/bin/ssh-agent | sed 's/^echo/#echo/' > "${SSH_ENV}"
    echo succeeded
    chmod 600 "${SSH_ENV}"
    . "${SSH_ENV}" > /dev/null
    /usr/bin/ssh-add -t 432000 ;
}

if [ -f "${SSH_ENV}" ]; then
    . "${SSH_ENV}" > /dev/null
    ps -ef | grep ${SSH_AGENT_PID} | grep ssh-agent$ > /dev/null || {
        start_agent;
}
else
    start_agent;
fi

after running, my .ssh/environment file looks like this:

SSH_AUTH_SOCK=/tmp/ssh-0xpADF7zw61c/agent.1158; export SSH_AUTH_SOCK;
SSH_AGENT_PID=1160; export SSH_AGENT_PID;
#echo Agent pid 1160;

EDIT: I have this config in both .bashrc and .zshrc EDIT2: The configs I use are from http://www.cygwin.com/ml/cygwin/2001-06/msg00537.html

[joaomoreno]

Is it possible that your zshrc bails out earlier if it detects it is not an interactive session?

[derN3rd]

I don't think so. I even tried to set the integrated terminal to bash but it didn't change anything. Maybe vscode is using its own ssh_auth_sock?

[joaomoreno]

It isn't... It does use its own GIT_ASKPASS, but that's different.

I even tried to set the integrated terminal to bash but it didn't change anything.

What do you mean? I thought it always works when you use the integrated terminal.

Can you show me your full .zshrc file?

[derN3rd]

I meant it doesn't change anything with the integrated git in VSCode. Both terminal shells work without any problems.

I will add my .zshrc when I'm at work.

If you have time, I would be available for a remote debugging session today/tomorrow from 10AM - 7 PM CEST

[joaomoreno]

@derN3rd Sure, how about now? Give me an email address and I'll send you a meeting invite.

[derN3rd]

Sounds good. For debugging, my dotfiles: https://github.com/derN3rd/dotfiles

[joaomoreno]

Sent!

[joaomoreno]

In our screen sharing session we figured out what was happening:

@derN3rd uses i3 with rofi. He launches code from rofi, which finds executables in the PATH. Code sets up the CLI launcher executable in the PATH, so rofi picks that one up. This is problematic since we never expected the CLI launcher executable to be launched in a non-shell environment, i.e. window managers. So, the CLI launcher behaves as if it was in a shell environment and doesn't run our getUnixShellEnvironment. The result is a Code instance which never got the chance to execute (in this case) .zshrc. So, the SSH agent is improperly configured.

For a fix, we need to have a better way for whatever process we put in the PATH to detect whether it is already in an environment which was populated with the user's RC files (whether it is a descendant of a shell process).

[parthsharma1996]

Was this fixed then or is there a workaround? I have the same issue, using i3 with j4-dmenu-desktop

[ciakval]

I have observed the same issue on Manjaro (XFCE). When started from a launcher, it ignores keys added through ssh-add.

Fixed this by ticking "Start in terminal" in the launcher, although this spawns a useless terminal window, so it's not a good solution.

[robguinness]

I am also experiencing the same issue on Lubuntu 18.04.

[meghandownes]

Thank you for the topic. I was able to solve my problem (I did not load askpass first) and this posting straightened me out. Thank you! Ubuntu 19.10

[PranavBhattarai]

Is that a commad @joaomoreno that you meantioned? Because if it is then it doesn't exist on mine. (noob)

pranav@Exam:~$ ssh-askpass-gnome
ssh-askpass-gnome: command not found

In Ubuntu 19.10 I have same kindof issue.

[y0ast]

This problem still exists with vscode 1.44 and dmenu (on latest Manjaro).

Fixed this by ticking "Start in terminal" in the launcher, although this spawns a useless terminal window, so it's not a good solution.

Didn't work for me either.

Starting vscode from a terminal manually works fine however.

[farbodvand]

I am also facing the same problem with vscode 1.43.2 running on Archlinux XFCE with fish shell.

Log:

Looking for git in: git
Using git 2.26.0 from git
> git rev-parse --show-toplevel
> git rev-parse --git-dir
Open repository: /home/farbod/webLab
> git status -z -u
> git symbolic-ref --short HEAD
> git rev-parse master
> git rev-parse --symbolic-full-name master@{u}
> git rev-list --left-right master...refs/remotes/origin/master
> git for-each-ref --format %(refname) %(objectname) --sort -committerdate
> git remote --verbose
> git config --get commit.template
> git show :index.html
> git show :resources/css/styles.css
> git ls-files --stage -- /home/farbod/webLab/index.html
> git ls-files --stage -- /home/farbod/webLab/resources/css/styles.css
> git cat-file -s 9d7ec2eb82367ceba1387feb891b8cbcc6a8c727
> git cat-file -s 409bb7f364f04190690c6f67d135fedcc58a6bfb
> git check-ignore -v -z --stdin
> git push origin master:master
ssh_askpass: exec(/usr/lib/ssh/ssh-askpass): No such file or directory
git@github.com: Permission denied (publickey).
fatal: Could not read from remote repository.

Please make sure you have the correct access rights
and the repository exists.

[sebtiz13]

Hello i had same problems with Code - OSS on Manjaro

Version : 1.44.2 Validation : ff915844119ce9485abfe8aa9076ec76b5300ddd Date : 2020-04-23T19:32:05.786Z Électron : 7.1.14 Chrome : 78.0.3904.130 Node.js : 12.8.1 V8 : 7.8.279.23-electron.0 OS : Linux x64 5.4.40-1-MANJARO

I use Manjaro with KDE and he provide ksshaskpass i have simply create a symbolic link to his binary with and it's work sudo ln -s /usr/bin/ksshaskpass /usr/lib/ssh/ssh-askpass

I also tried openssh-askpass sudo ln -s /usr/bin/qt4-ssh-askpass /usr/lib/ssh/ssh-askpass

They are cool because may integrate better into the desktop environments.

In my tests only x11-ssh-askpass automatically create "/usr/lib/ssh/ssh-askpass"

Look the packages in your distribution i think you can find same packages

But i don't understand why VSCode could not use ssh-agent to not ask password at each push/pull maybe an other bug because i haven't this problems on windows

[robsco-git]

I took some hints from @joaomoreno's comment above: https://github.com/microsoft/vscode/issues/57488#issuecomment-417259290. In the context of KDE Plasma, I now run code with a global shortcut that runs konsole -e code. This runs the app in a terminal but the terminal flashes up and disappears. The app then has access to the ssh-agent as per a regular bash terminal session. I imagine there would be similar approaches for other DEs/WMs.

I also recommend using @sebtiz13's approach in https://github.com/microsoft/vscode/issues/57488#issuecomment-636184685 as one cannot copy and paste a password into the x11-ssh-askpass prompt.

[cellcoresystems]

The problem with Manjaro and i3wm still exists.

I just began to start code within a shell pointing to my work folder. Works fine like that.

[sethwololo]

Hello i had same problems with Code - OSS on Manjaro

Version : 1.44.2 Validation : ff91584 Date : 2020-04-23T19:32:05.786Z Électron : 7.1.14 Chrome : 78.0.3904.130 Node.js : 12.8.1 V8 : 7.8.279.23-electron.0 OS : Linux x64 5.4.40-1-MANJARO

I use Manjaro with KDE and he provide ksshaskpass i have simply create a symbolic link to his binary with and it's work sudo ln -s /usr/bin/ksshaskpass /usr/lib/ssh/ssh-askpass

I also tried openssh-askpass sudo ln -s /usr/bin/qt4-ssh-askpass /usr/lib/ssh/ssh-askpass

They are cool because may integrate better into the desktop environments.

In my tests only x11-ssh-askpass automatically create "/usr/lib/ssh/ssh-askpass"

Look the packages in your distribution i think you can find same packages

But i don't understand why VSCode could not use ssh-agent to not ask password at each push/pull maybe an other bug because i haven't this problems on windows

Thanks a lot. This solved the problem

[gauravgola96]

i m getting ` [19:26:32.898] Log Level: 2 [19:26:32.898] remote-ssh@0.65.7 [19:26:32.899] darwin arm64 [19:26:32.899] SSH Resolver called for "ssh-remote+dev", attempt 1 [19:26:32.899] "remote.SSH.useLocalServer": true [19:26:32.899] "remote.SSH.path": undefined [19:26:32.899] "remote.SSH.configFile": undefined [19:26:32.899] "remote.SSH.useFlock": true [19:26:32.899] "remote.SSH.lockfilesInTmp": false [19:26:32.899] "remote.SSH.localServerDownload": auto [19:26:32.899] "remote.SSH.remoteServerListenOnSocket": false [19:26:32.899] "remote.SSH.showLoginTerminal": true [19:26:32.899] "remote.SSH.defaultExtensions": [] [19:26:32.900] "remote.SSH.loglevel": 2 [19:26:32.900] SSH Resolver called for host: dev [19:26:32.900] Setting up SSH remote "dev" [19:26:32.901] Acquiring local install lock: /var/folders/7s/hfywjlmx2_jddvfmrmbww2s40000gn/T/vscode-remote-ssh-cn-dev-ai-experiments-db.us-central1-a.conversenow-dev-install.lock [19:26:32.914] Looking for existing server data file at /Users/gaurav/Library/Application Support/Code/User/globalStorage/ms-vscode-remote.remote-ssh/vscode-ssh-host-dev-3866c3553be8b268c8a7f8c0482c0c0177aa8bfa-0.65.7/data.json [19:26:32.914] Using commit id "3866c3553be8b268c8a7f8c0482c0c0177aa8bfa" and quality "stable" for server [19:26:32.915] Install and start server if needed [19:26:32.918] PATH: /Users/gaurav/google-cloud-sdk/bin:/Users/gaurav/miniforge3/condabin:/opt/homebrew/bin:/Library/Frameworks/Python.framework/Versions/3.8/bin:/Library/Frameworks/Python.framework/Versions/3.9/bin:/usr/local/bin:/usr/bin:/bin:/usr/sbin:/sbin:/usr/local/go/bin [19:26:32.918] Checking ssh with "ssh -V" [19:26:32.923] > OpenSSH_8.1p1, LibreSSL 2.7.3

[19:26:32.925] askpass server listening on /var/folders/7s/hfywjlmx2_jddvfmrmbww2s40000gn/T/vscode-ssh-askpass-36ae1727120b25a47fa961db09e6b3d4a263f5cf.sock [19:26:32.925] Spawning local server with {"serverId":1,"ipcHandlePath":"/var/folders/7s/hfywjlmx2_jddvfmrmbww2s40000gn/T/vscode-ssh-askpass-2f880d6c105d1bf376d5815921d14ce323d80964.sock","sshCommand":"ssh","sshArgs":["-v","-T","-D","57739","-o","ConnectTimeout=60","cn-dev-ai-experiments-db.us-central1-a.conversenow-dev"],"dataFilePath":"/Users/gaurav/Library/Application Support/Code/User/globalStorage/ms-vscode-remote.remote-ssh/vscode-ssh-host-cn-dev-ai-experiments-db.us-central1-a.conversenow-dev-3866c3553be8b268c8a7f8c0482c0c0177aa8bfa-0.65.7/data.json"} [19:26:32.925] Local server env: {"DISPLAY":"1","ELECTRON_RUN_AS_NODE":"1","SSH_ASKPASS":"/Users/gaurav/.vscode/extensions/ms-vscode-remote.remote-ssh-0.65.7/out/local-server/askpass.sh","VSCODE_SSH_ASKPASS_NODE":"/private/var/folders/7s/hfywjlmx2_jddvfmrmbww2s40000gn/T/AppTranslocation/8F48C16F-7B3D-44CC-BE62-23642FFC8EB0/d/Visual Studio Code.app/Contents/Frameworks/Code Helper (Renderer).app/Contents/MacOS/Code Helper (Renderer)","VSCODE_SSH_ASKPASS_MAIN":"/Users/gaurav/.vscode/extensions/ms-vscode-remote.remote-ssh-0.65.7/out/askpass-main.js","VSCODE_SSH_ASKPASS_HANDLE":"/var/folders/7s/hfywjlmx2_jddvfmrmbww2s40000gn/T/vscode-ssh-askpass-36ae1727120b25a47fa961db09e6b3d4a263f5cf.sock"} [19:26:32.926] Spawned 16150 [19:26:33.080] > local-server-1> Spawned ssh, pid=16157 [19:26:33.082] stderr> OpenSSH_8.1p1, LibreSSL 2.7.3 [19:26:34.940] stderr> debug1: Server host key: ecdsa-sha2-nistp256 SHA256:kgSsdVVN0cWnwUnkoXdsWYrYBEj670i36R/v1s9A5xw [19:26:38.688] stderr> gaurav@**.***.23.91: Permission denied (publickey). [19:26:38.689] > local-server-1> ssh child died, shutting down [19:26:38.692] Local server exit: 0 [19:26:38.692] Received install output: local-server-1> Spawned ssh, pid=16157 OpenSSH_8.1p1, LibreSSL 2.7.3 debug1: Server host key: ecdsa-sha2-nistp256 SHA256:kgSsdVVN0cWnwUnkoXdsWYrYBEj670i36R/v1s9A5xw gaurav@35.239.23.91: Permission denied (publickey). local-server-1> ssh child died, shutting down

[19:26:38.694] Resolver error: Error: Permission denied (publickey). at Function.Create (/Users/gaurav/.vscode/extensions/ms-vscode-remote.remote-ssh-0.65.7/out/extension.js:1:64659) at /Users/gaurav/.vscode/extensions/ms-vscode-remote.remote-ssh-0.65.7/out/extension.js:1:62853 at Object.t.handleInstallOutput (/Users/gaurav/.vscode/extensions/ms-vscode-remote.remote-ssh-0.65.7/out/extension.js:1:63238) at Object.e [as tryInstallWithLocalServer] (/Users/gaurav/.vscode/extensions/ms-vscode-remote.remote-ssh-0.65.7/out/extension.js:1:387573) at processTicksAndRejections (internal/process/task_queues.js:93:5) at async /Users/gaurav/.vscode/extensions/ms-vscode-remote.remote-ssh-0.65.7/out/extension.js:1:294473 at async Object.t.withShowDetailsEvent (/Users/gaurav/.vscode/extensions/ms-vscode-remote.remote-ssh-0.65.7/out/extension.js:1:406463) at async /Users/gaurav/.vscode/extensions/ms-vscode-remote.remote-ssh-0.65.7/out/extension.js:1:386112 at async E (/Users/gaurav/.vscode/extensions/ms-vscode-remote.remote-ssh-0.65.7/out/extension.js:1:382710) at async Object.t.resolveWithLocalServer (/Users/gaurav/.vscode/extensions/ms-vscode-remote.remote-ssh-0.65.7/out/extension.js:1:385728) at async Object.t.resolve (/Users/gaurav/.vscode/extensions/ms-vscode-remote.remote-ssh-0.65.7/out/extension.js:1:295870) at async /Users/gaurav/.vscode/extensions/ms-vscode-remote.remote-ssh-0.65.7/out/extension.js:127:110656 [19:26:38.697] ------

`

[TSmulkys]

Manjaro + Gnome fix

sudo ln -s /usr/lib/seahorse/ssh-askpass /usr/lib/ssh/ssh-askpass

[decaby7e]

This issue is still present on Arch Linux as of April 2022. I believe the core issue here is simply Code not sourcing the appropriate environment variables. Linking ssh-askpass like TSmulkys suggested works but is more of a workaround than a solution, as it requires the password for the key to be typed in when it has already been unlocked in an existing agent.

[esteban-diaz]

confirmed April 2022 Arch linux qtile WM

[Ashark]

Arch Linux with KDE. May 2022. VSCodium. Problem still persist.

[tmbeck]

I encountered this problem on a recent (Aug. 2022) install of Arch with KDE. I setup my ~/.config/systemd/user/ssh-agent.service, ~/.config/environment.d/ssh_askpass.conf and ~/.config/autostart/ssh-add.desktop as documented in the Arch Wiki for KWallet to work.

git and code work as expected when run in a Konsole window. Like others, I'll use konsole -e code as a workaround.

When I poked around the vscode processes environment variables, it appears SSH_AUTH_SOCK is not set, so perhaps this is an interaction between the ssh-agent service, KDE, and vscode.

[giuliano-macedo]

I'm on manjaro + i3wm and using gnome-keyring to manage my SSH keys, and I managed to stop vscode always ask password/use openssh askpass by putting the follwing line in my ~/.profile and rebooting (must be .profile as .bashrc is not executed by dmenu when opening another program):

export SSH_AUTH_SOCK=$XDG_RUNTIME_DIR/gcr/ssh

[knightpp]

Found a solution. I'm using ArchLinux KDE + KWallet/ksshaskpass.

My /etc/environment:

GIT_ASKPASS=ksshaskpass
SSH_ASKPASS=ksshaskpass
SSH_ASKPASS_REQUIRE=prefer

Disable VSCode's built-in askpass:

{
    "git.useIntegratedAskPass": false
}

It should work now :)

[jmevel]

Found a solution. I'm using ArchLinux KDE + KWallet/ksshaskpass.

My /etc/environment:

GIT_ASKPASS=ksshaskpass
SSH_ASKPASS=ksshaskpass
SSH_ASKPASS_REQUIRE=prefer

Disable VSCode's built-in askpass:

{
  "git.useIntegratedAskPass": false
}

It should work now :)

It's been hours I'm trying to completely get rid of gnome-ssh-askpass. I don't know why this was asking for my Github credentials for EVERY pull/push/fetch. It was so annoying that it wouldn't save my credentials properly. Moreover I'm actually using KDE not GNOME !!!

Setting these environment variables fixed the issue.

Thanks a lot 🙏