Authentication Error on new setup

[bobdel]

Hi,

I'm a new GitFinder user, and I'm encountering this dialog: "Failed to authenticate SSH session: Unable to extract public key from private key file: Unable to open private key file."

I had fixed it once, in hindsight probably by luck, since the fix didn't stick. GitHub is working fine in Xcode via SSH.

I would welcome suggestions on how to troubleshoot this problem. Thank you.

[milke]

That error actually comes from underlying libssh2 library and looking into its code, it happens if

• your private key is in PEM (OpenSSL) format and (again, underlying) OpenSSL library can't create a BIO structure out of the file in which the private key is kept,
• or if the key is in OpenSSH format and the file can't be opened for reading.

When you tried to do a remote operation with GitFinder for the first time, you were offered to select a file, where the private key for authentication to that server (GitHub I assume) is kept, right? What is the format of that key? And what are its POSIX (rwxrwxrwx) permissions?

[bobdel]

Yes, using Github. macOS Big Sur. Xcode is configured with an SSH key and works as expected, and GitFinder can browse the contents of my repos online under Preferences/Hosting/Repositories, but it cannot clone a repo.

Is there a way to have GitFinder to request private key a second time?

The $XDG_CONFIG_HOME: path in GitFinder's Git Configuration preferences points to a non-existent directory, namely ~/.config. I'm not sure if that is a factor or not.

I have two key pairs in my ssh folder, the one named rsa which is ssh-rsa and the one ssh-ed25519.

Not super-experienced with SSH, and so I may not be answering your questions correctly. I appreciate the help, even if its not strictly GitFinder related.

[milke]

The $XDG_CONFIG_HOME: path in GitFinder's Git Configuration preferences points to a non-existent directory, namely ~/.config. I'm not sure if that is a factor or not.

It's not related at all. It's not the subject here, but if you need explanation of what $XDG_CONFIG_HOME is and why it "points to a non-existent directory", I can explain.

I have two key pairs in my ssh folder, the one named rsa which is ssh-rsa and the one ssh-ed25519.

Right, and you've probably created them using ssh-agent. They both are OpenSSH type keys, only created using different algorithm. And a copy of the public counterpart of one of them (with .pub extension), or perhaps both, you set in your GitHub settings, to use for SSH authentication with GitHub server. GitFinder should work with both these keys just fine, so something weird happened and let's see how to fix that…

Is there a way to have GitFinder to request private key a second time?

Actually there is and it needs to be done to fix this issue. But before you do that, please firstly upgrade your current copy to a new beta version 1.7.3b2 (build 111). Among other things, it fixes potential authentication issue when using different SSH keys for different users on the same host server. It's not very likely that you've hit that exact issue, but better to be safe and get that out of the way. You can download the new beta here, but you can also upgrade your current copy automatically, just select Beta release channel, like below:

After updating to this beta:

1. Quit GitFinder 2. Execute this in the terminal: defaults delete ag.zigz.GitFinder GFPrivateKeysURLs;defaults read ag.zigz.GitFinder 3. Launch GitFinder

Now, try to do some remote server operation on your repository, for example fetch a remote. GitFinder should offer you an open file selector, in which you should choose a private key file for SSH key you want to use for authentication. If you choose something that doesn't appear like a private SSH key file, GitFinder should tell you the file is in invalid format. If you choose a valid private SSH key file, but the one which cannot be used to authenticate current connection, GitFinder will inform you that SSH key cannot be used for that repository on that server (GitHub) and will ask you to choose another private SSH key file. GitFinder will keep asking you for a file until you got it right (you select a correct one) or you cancel the operation.

Upon choosing the correct file, GitFinder should execute requested remote server operation. All further remote operation will use selected SSH key, it's remembered across relaunches and you don't have to select it again. Of course, if you later try to authenticate with some different server, or even different user on the same server, which requires another SSH key, GitFinder will ask you to select that private SSH key file, the same way it did the first time.

I hope this explanation is clear and you'll make GitFinder work after following the above. Please let me know how it went.

[bobdel]

Thank you very much for the detailed, very helpful, and ultimately successful response.

I installed the latest beta and reset its default with the terminal command offered. To clarify, I have two OpenSSH generated private/public pairs in my home folder. Each one is installed on Github. (rsa and ed25519)

Next, as a troubleshooting measure, I noted that Xcode 13 beta is using the rsa key. I created a new project and pushed it to Github using Xcode. I made a source change and a commit.

Next I switched to GitFinder. I tried to push the latest commit to GitHub, and was asked for the key. I tried the rsa private key, and was given the error "invalid key format." I tried again, and it did not work. On the third attempt to push, I tried the ed25519 key, and everything worked as expected. I was surprised somewhat that I was not asked for a passphrase. Perhaps because a configuration already added to my keychain.

The more I use GitFinder, the more I like it. It is a fantastic Mac app.

On a side topic: I stumbled on some unwanted behavior, which is easy to avoid now that I know about it. But I did have me wondering until I could recreate it. If I go to a Finder window with a repo in it, and select Browser... from the window's toolbar, the browser opens and the main menu bar switches to GitFinder, but the menus do not respond to mouse clicks. If I click on any visible Finder window and then click on the open Browser window again, the main menu responds normally.

Thank you again for the response on fixing the SSH keys. I learned quite a bit about GitFinder and SSH in this process, and your detailed response was a big help.

Added later: I'm not sure if I generated the rsa key with OpenSSH or not. I did generate the ed25519 key in the terminal, probably with keygen, and its header says OPENSSH. I think the rsa key was generated by Xcode in some opaque to me fashion. It is encrypted and works fine inside Xcode. I presume its a valid key despite GitFinder flagging it as invalid. FYI, the first few lines of the private 2048 bit rsa key are as follows:

-----BEGIN RSA PRIVATE KEY----- Proc-Type: 4,ENCRYPTED DEK-Info: DES-EDE3-CBC,FD76F9E6A299440F

[bobdel]

RE the menu freeze: if I change the preference for the Show Dock icon from When Having Windows to Always, the freeze disappears. Switch the preference back, the freeze is back.

[milke]

FYI, the first few lines of the private 2048 bit rsa key are as follows: -----BEGIN RSA PRIVATE KEY-----

That means the key isn't an OpenSSH compatible key, but rather in a PEM format. GitFinder (or better said, the underlying libssh2 library) should be able to work with them, but for some reason it chokes on your. Since I can't have it to investigate due to privacy matters, I'll try to create some on my own and investigate further.

On the third attempt to push, I tried the ed25519 key, and everything worked as expected. I was surprised somewhat that I was not asked for a passphrase. Perhaps because a configuration already added to my keychain.

I'm glad that it worked at the end. I guess you saw that you can also use GitFinder to crate OpenSSH key-pairs and then add a public counterpart to your remote hosting account.

RE the menu freeze: if I change the preference for the Show Dock icon from When Having Windows to Always, the freeze disappears. Switch the preference back, the freeze is back.

This is fixed in the latest beta version 1.7.3b3 (build 112), which I've just uploaded to server. Please try this beta and confirm it's fixed. And not only for the repository browser window, it should work for every window shown by GitFinder. I tested them all (I think 🙂) myself, but it'd be nice if someone else can confirm it as well. You can upgrade to the latest beta in exactly the same way like explained in one of my previous posts in this thread (the direct download link is also the same).

[bobdel]

I guess you saw that

I'm so glad you mentioned GitFinder's SSH key generator because I did miss it. But that's more likely me assuming that the Add Key button was limited to pre-existing keys rather than GitFinder's design. Once you mentioned it and I went looking, it was extremely obvious.

The beta opened all the GitFinder windows I tried and the menu worked perfectly. Thanks!

I discovered GitFinder via the ad on DaringFireball. I used Tower for a few years before they went to subscription, mostly because it helped me learn the parts of Git I needed to use. More and more I was able to rely on Xcode. I don't use Git often enough to recall terminal commands. GitFinder is the perfect solution.

[milke]

But that's more likely me assuming that the Add Key button was limited to pre-existing keys rather than GitFinder's design.

You can add keys you already have, but you can also create new ones with GitFinder.

The beta opened all the GitFinder windows I tried and the menu worked perfectly. Thanks!

I'll keep it in a beta for a few days more, just in case you or someone else encounter any problem with that. If all goes fine, I'll release it officially after that.

I discovered GitFinder via the ad on DaringFireball.

I tried to make GitFinder a little bit more visible. We'll see how it goes.

I used Tower for a few years before they went to subscription, mostly because it helped me learn the parts of Git I needed to use. More and more I was able to rely on Xcode. I don't use Git often enough to recall terminal commands. GitFinder is the perfect solution.

Tower is a good git client. GitFinder still lacks some features Tower has, but I'm catching up and it's been on the market for much longer. Besides, GitFinder was created with different design and usability goals in mind. But their website does contain many useful git tutorials. I'd like to create something similar, with emphasis how to use them with GitFinder, but I just don't have time for that at the moment.

Anyway, I'm glad GitFinder fits your needs perfectly.

[milke]

These fixes are now available in the stable release version 1.7.3 (build 113). So, I'm closing this. Feel free to reopen if similar problems appear in the future.