Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[BUG] Permission denied (publickey) when installing from private Git repository on Windows #2891

Closed
thexeos opened this issue Mar 17, 2021 · 14 comments
Closed

[BUG] Permission denied (publickey) when installing from private Git repository on Windows #2891

thexeos opened this issue Mar 17, 2021 · 14 comments
Labels
Bug thing that needs fixing platform:windows is Windows-specific Priority 1 high priority issue Release 7.x work is associated with a specific npm 7 release

Comments

@thexeos
Copy link

thexeos commented Mar 17, 2021

Current Behavior:

Running npm i git+ssh://git@domain.com:namespace/repo.git through PowerShell on Windows results in the following error:

npm ERR! command failed
npm ERR! command git ls-remote git@git.domain.com:namespace/repo.git
npm ERR! git@domain.com: Permission denied (publickey).
npm ERR! fatal: Could not read from remote repository.
npm ERR!
npm ERR! Please make sure you have the correct access rights
npm ERR! and the repository exists.

Running the failed git ls-remote git@git.domain.com:namespace/repo.git command in the same PowerShell window immediately, after correctly prompts for the password:

Enter passphrase for key '/c/Users/Name/.ssh/id_rsa':

Expected Behavior:

When SSH key used for accessing Git repo requires a password, npm should prompt for it within PowerShell.

Steps To Reproduce:

This can also be reproduced by adding an entry to package.json and then running npm i

Environment:

  • OS: Window 10
  • Node: 14.4.0
  • npm: 7.5.3
@thexeos thexeos added Bug thing that needs fixing Needs Triage needs review for next steps Release 7.x work is associated with a specific npm 7 release labels Mar 17, 2021
@mmiretsky
Copy link

I've also run into this problem. You need to start the SSH Agent using the start-ssh-agent.cmd script that comes with Git for Windows. This script will start the SSH Agent and add your SSH key to it (will prompt for password). Then you can run npm i and it will succeed.

@simonbrunel
Copy link

Experiencing the same issue with npm 7.10.0 on Windows with a GitLab private repository accessed via git+ssh. The SSH agent is started and the key added (as mentioned by @mmiretsky). Running npm install asks for a username + password as if it was git+https. I'm wondering if it actually tries to resolve the dependency via git+ssh at all, could it be related to #2610 somehow?

I tried to enforce a key in .ssh/ssh_config but no luck. Note that it works fine with npm 6 (exact same configuration).

@thexeos did you figure out how to workaround this issue?

@thexeos
Copy link
Author

thexeos commented Apr 24, 2021

@simonbrunel on the same system from the initial report - it it still broken. On another system, while configuring SSH access, I somehow made npm work. The steps I followed to get SSH access working are: PowerShell/Win32-OpenSSH#307 (comment) my GIT_SSH environment variable is set to C:\Windows\System32\OpenSSH\ssh.exe

Maybe this will also be relevant: https://docs.microsoft.com/en-us/azure/devops/repos/git/use-ssh-keys-to-authenticate

@darcyclarke darcyclarke added platform:windows is Windows-specific Priority 1 high priority issue and removed Needs Triage needs review for next steps labels May 14, 2021
@dbellavista
Copy link

Hi, same problem here on npm 8 on windows 10.
After debuggin a little bit, I found that the problem may be npmcli project.

On @npmcli/git/lib/opts.js there is the initialization of the gitEnv, which sets the

GIT_SSH_COMMAND: 'ssh -oStrictHostKeyChecking=accept-new'

This overrides the GIT_SSH command, which may have been set to C:\Windows\System32\OpenSSH\ssh.exe for instance.

I just commented the line to make it works..

@Cactusbone
Copy link

Cactusbone commented Nov 3, 2021
edited
Loading

Hi, same problem here on npm 8 on windows 10. After debuggin a little bit, I found that the problem may be npmcli project.

On @npmcli/git/lib/opts.js there is the initialization of the gitEnv, which sets the

GIT_SSH_COMMAND: 'ssh -oStrictHostKeyChecking=accept-new'

This overrides the GIT_SSH command, which may have been set to C:\Windows\System32\OpenSSH\ssh.exe for instance.

I just commented the line to make it works..

Thanks for that !
Adding an environment variable GIT_SSH_COMMAND with "%GIT_SSH%" solved my problem, it now properly uses plink (configured in %GIT_SSH%)

@jmlee2k
Copy link

jmlee2k commented Jan 14, 2022

I have the same issue with npm 8.3.1. I'm using the core.sshCommand git global config var (no system-level environment variables) for my setup:

git config --global core.sshCommand "c:/windows/system32/openssh/ssh.exe

As mentioned above, explicitly setting, GIT_SSH_COMMAND works. Is there an easy way for npmcli to respect any existing configuration?

For more context, the command that was failing was:

git --no-replace-objects ls-remote ssh://git@host:repo

(I assume npm uses this to get the appropriate tag)

@flensrocker
Copy link

When settings GIT_SSH_COMMAND, the quotes around the path are important. Otherwise it won't work.

@AndreKR
Copy link

AndreKR commented Apr 30, 2022

The setting of the GIT_SSH_COMMAND environment variable that causes the issue was added in 42965fd. The commit message doesn't make clear what that change was supposed to do, so maybe it can simply be reverted? @wraithgar You are the author of the commit, any idea?

@wraithgar
Copy link
Member

npm/git@8f2ce04

@AndreKR
Copy link

AndreKR commented May 1, 2022

Ah, I see.

On a side note, a hanging installation as described in npm/git#7 is certainly not good but I am not sure that simply accepting all new host keys is the wise thing to do. Perhaps aborting with an error would be better. But I'll assume you have evaluated this question and came to the conclusion that the risk is acceptable.

The solution in npm/git@8f2ce04 is not going to work and should definitely be reverted in its current state.

There are three (four if you include the simple fallback) SSH variants supported by Git and the solution in npm/git@8f2ce04 only works for one of them and only in some cases.

Unfortunately for plink and tortoiseplink the solution is not a simple command line switch because the authors of plink are of the opinion that the risk is not acceptable. If a host key is to be automatically accepted, one has to add it to the registry beforehand manually or by using a trick with pscp.

@mvorisek mvorisek mentioned this issue Apr 14, 2023
Closed
1 task
@DorianMazur
Copy link

This bug also exists on MacOS

@siemhesda
Copy link
Contributor

This bug also exists on MacOS

Could you please share more details on this?

@ebarzilay-godaddy ebarzilay-godaddy mentioned this issue Jun 13, 2024
Closed
@dennishenry dennishenry mentioned this issue Jun 21, 2024
Merged
@dennishenry
Copy link

Offered a PR to resolve this in npm/git#194

wraithgar pushed a commit to npm/git that referenced this issue Jul 9, 2024
@dennishenry
fix: smarter git ssh override (#194)
2135513 
npm will no longer manually set `GIT_ASKPASS` or `GIT_SSH_COMMAND` if it finds those values already defined in the user's git config.

## References

npm/cli#2891
#193
#129

---------

Co-authored-by: pacotedev <i+pacotedev@izs.me>
@dennishenry
Copy link

This issue is now resolved in npm version 10.8.2 which has my PR above in it: https://github.com/npm/cli/releases/tag/v10.8.2

@wraithgar I think this can be closed now

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
Bug thing that needs fixing platform:windows is Windows-specific Priority 1 high priority issue Release 7.x work is associated with a specific npm 7 release
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests