Can't get SSH auth working for private Github repos (using ssh-agent on Windows)

After months of nagging from Github I’m finally switching to SSH authentication. It’s working now for command line git operations (after I set the GIT_SSH environment variable to point to ssh.exe), but I can’t get it working for Pkg commands in Julia.

In other words, this works (i.e. completes without requesting passwords or SSH key locations):

> git clone git@github.com:niclasmattsson/MyPrivateRepo.git

But this one asks for the private key location, fails and pops up a window asking for my password:

(@v1.6) pkg> dev git@github.com:niclasmattsson/MyPrivateRepo.git
     Cloning git-repo `git@github.com:niclasmattsson/MyPrivateRepo.git`
Private key location for 'git@github.com' [C:\Users\niclas\.ssh\id_rsa]:

According to this post, asking for the private key location doesn’t really mean that’s the problem, it’s just a generic SSH auth failure. I’ve also tried setting SSH_KEY_PATH and SSH_PUB_KEY_PATH as suggested there - that avoids the request for the private key location but still pops up the password prompt.

I’m on Windows 10, ssh-agent is running and works fine for git and remote-SSH inside VS Code to my work computer. My SSH key header is -----BEGIN RSA PRIVATE KEY----- which supposedly is the correct type for libgit2/libssh2.

1 Like

I don’t know what role ssh-agent plays in this as I’ve never used it, but plain ssh keys have been working fine for the windows users at work for some time now.

It’s still miserable to debug the problems though, so you may want to try your luck by being an early adopter of

It is now possible to use an external git executable instead of the default libgit2 library for the downloads that happen via the Git protocol by setting the environment variable JULIA_PKG_USE_CLI_GIT=true.

from the Julia 1.7 NEWS.md. Julia 1.7 is presumably getting close to a beta release but for now you can try it out with a nightly build.

1 Like

That is curious: I access github repos with the https protocol and I don’t remember any nagging to change it.

Interesting. Right now, I have some repositories configured with HTTPS and other with SSH. Every time I use one with HTTPS protocol I get an e-mail from GitHub reminding me HTTPS support will be dropped.

Oh, damn. A tidal wave of work is heading my way, seems like…

Thank you Gunnar. I can’t find it right now, but when googling how to fix this problem yesterday I remember seeing a comment by Stefan from last year that he was working on having Pkg fallback to git if libgit2 fails. Or something to that effect - maybe I misunderstood and it was this environment variable option he was referring to. Anyway, great to see that functionality ready to roll out! Hearing about someone working on something one day and then the next day having it ready to test, it’s kind of like hopping into a time machine. :slight_smile:

I think I’ll just live with having to enter a password for ]deving a private repo with SSH until v1.7 comes out. I’ve also made some progress with HTTPS though, I’ll post that below.

I can’t find any mention of this on github!?

This is the nag message I’ve been getting:

Hi @niclasmattsson,

You recently used a password to access the repository at niclasmattsson/PrivateRepo with git using git/2.0 (libgit2 1.1.0).

Basic authentication using a password to Git is deprecated and will soon no longer work. Visit https://github.blog/2020-12-15-token-authentication-requirements-for-git-operations/ for more information around suggested workarounds and removal dates.

Thanks,
The GitHub Team

After updating Personal Access Tokens I temporarily lost the ability to authenticate via HTTPS, so I switched to SSH and posted here for help in getting those final details working. But it turns out that my HTTPS problems were apparently caused by an outdated version of Git for Windows. The latest version contained a new credential manager that authenticated via the browser, and now I can finally use HTTPS repos again without repeated password requests. Hopefully Github will stop nagging too, but that remains to be seen… :slight_smile:

1 Like

I think I give you incorrect/imprecise information. GitHub is phasing out using manual authentication for git repository management (Passwords begone: GitHub will ban them next year for authenticating Git operations • The Register). So I am not sure HTTPS support is being dropped, what I am sure it is being dropped is the SSH without keys (i.e., that you need to input user and password). Sorry for the noise.

Oh yeah, I switched to 2FA a while ago.

I had the same problem with adding a remote repository on a private server using id_ecdsa keys. I was about to give up when I found @GunnarFarneback’s useful answer. I wish this post had more visibility…

JULIA_PKG_USE_CLI_GIT is not documented in the manual version v1.7 but is in v.1.8.

The only thing I can complain about it is that the encoding does not seem to be correct:

(@v1.8) pkg> dev --local DfRMTools
     Cloning git-repo `ssh://git@git.remote-server:7999/~michele.zaffalon/dfrmtools.jl.git`
←[?25h←[2K←[32m←[1m   Resolving←[22m←[39m package versions...

Gunnar’s suggestion didn’t fix my issue last summer since I was on v1.6.x, but now with v1.7.3 out and v1.8 coming soon I’ll mark his post as the solution to help improve visibility.

1 Like