Git: Support git with private key password

[lw-schick]

• VSCode Version: 1.6.0
• Commit e52fb0b
• Date 2016-10-10T18:37:40.189Z
• Shell 1.3.7
• Renderer 52.0.2743.82
• Node 6.5.0
• OS Version: Windows 7 Pro

Steps to Reproduce:

1. Create a public-private key pair with password protection
2. add them to your github account
3. setup git to use the private key file
4. try to push something with git

Result:

git pull
Permission denied, please try again.
Permission denied, please try again.
Permission denied (publickey,password).
fatal: Could not read from remote repository.

Please make sure you have the correct access rights
and the repository exists.

[joaomoreno]

Does it work from the command line? How exactly do you setup git to use the private key file?

[lw-schick]

It works from the command line. Actually I setup git via tortoise git - so I guess all is properly done.

[lw-schick]

[joaomoreno]

How do you launch the command line? Which command line?

[lw-schick]

I use git bash (MINGW64) on windows.

[joaomoreno]

Right. So, we might have to add a git.sshkey setting too, like Tortoise.

[entr0cks]

With Windows 10, Git 2.10.1.

Had problems using git on vscode with my production server, so I created a test server.
At first, with a password protected user (no keys), same errors - no credential prompt pop ups or anything.
Using the terminal inside vscode or any random cmd I can push, pull and it works - asks for password. With vscode I can only prepare commits. Pull, push, sync all fail because they aren't asking for password.

In production I'm using a passphrase protected key with a different 5 digit port for ssh.
Also I have a few different ssh keys (including git) on one machine...

[lw-schick]

@joaomoreno Why did you moved it to the backlog?

[joaomoreno]

Just planning priorities. You can attempt a pull request though. 👍

[ItachiSan]

Waiting for it 😉

[garambola]

Any update on this? I'm having the same problem and it's pretty annoying 😞

[hashhar]

@joaomoreno I'm taking a stab at this. It affects me personally now as I recently moved to key based security.

People can track my progress here.

[joaomoreno]

@hashhar That's awesome! 🍻 Let me know if you hit some walls.

[hashhar]

@joaomoreno I was looking into the places that need change and found the following:

Current Scenario:

• If you have an ssh agent running with the key added to it, you can perform all operations except clone (because node.url.parse() doesn't work for ssh urls).
• If ssh-agent is not running all git commands that involve network activity (fetch, clone, push, pull) fail. The error is generated by git.exe.

Proposed Changes:

• Not needed, see next comment Add an overload to url.parse() (where?) to make sure ssh urls are also recognised.
• Add a config key, git.sshkey (location of private key (limited to openssh keys at the moment - because git supports those natively, will look into putty keys later)).
• Add a conditional where the git extension is initialised to start an SSH agent (if one is not running) and add the key. Will need to somehow (quickpick?) ask user to enter their passphrase. (Do we kill the agent when we close vscode?)

No other changes will be necessary (from what I've currently seen) because the communication with the git endpoint is handled by git.exe not by vscode.

[hashhar]

Okay, my bad about the url parsing. Seems like node accepts urls like git+ssh://git@github.com:hashhar/vscode or ssh://git@github.com:hashhar/vscode but the ssh part has to be explicitly mentioned.

What should I do about this, should vscode just magically prepend ssh before urls that match user@server.tld:username/repo format. Or fail silently? (This still needs ssh-agent running though).

[hashhar]

Ping @joaomoreno. If you can find the time, do comment on the above issues I have. I have currently hacked together a proof of concept by starting the ssh-agent against a private key. It works but some polish is still needed.

[joaomoreno]

@hashhar Sorry for the delay... I'm actually quite busy at the moment. Feel free to create the PR and move the discussion there, we'll try to get it in for March.

[richardvk]

I had to do this to get it to work (done in the remote server terminal):
git remote set-url origin https://git.xxxxxxxxxxxxxxxxxxxxxxxxx.git
ie, change from ssh to https.

[mavaddat]

Does adding the key to the ssh-agent not take care of this for ya'll?

Yes, if we add the key to the agent every time we load VS Code, then that works. If done only one-time, then SSH does not retain the SSH credentials after closing that VS Code session.

I had to do this to get it to work (done in the remote server terminal):

git remote set-url origin https://git.xxxxxxxxxxxxxxxxxxxxxxxxx.git

ie, change from ssh to https.

Right, this is the easiest work-around. It amounts to giving up on SSH compatibility, though.

[richardvk]

Yeah, I guess it is giving up on ssh :(

I needed to find something that works so i could be operational again.

Unfortunately none of the ssh-agent/ ssh-add solutions worked for me.

[koepalex]

Same for me, I don't want to change to HTTPS or to use SSH/PGP keys without password. So my workaround is using the integrated terminal in vscode to run the commands that require passwords (commit, push) and use the vscode GUI for the rest (stage, diff).

[richardvk]

I think you are right @koepalex, I mostly end up doing most of the git stuff in the integrated terminal too, so i think i'll change back to ssh and just continue without the vscode git tools.

[artshade]

Yeah, I guess it is giving up on ssh :(

I needed to find something that works so i could be operational again.

Unfortunately none of the ssh-agent/ ssh-add solutions worked for me.

Is it Linux, Windows, or? Have you tried the "PuTTY Link" or similar "proxyfied" option like the following: #13680 (comment) ?

[jkersey-amllp]

Does adding the key to the ssh-agent not take care of this for ya'll?

Yes, if we add the key to the agent every time we load VS Code, then that works. If done only one-time, then SSH does not retain the SSH credentials after closing that VS Code session.

I had to do this to get it to work (done in the remote server terminal):

git remote set-url origin https://git.xxxxxxxxxxxxxxxxxxxxxxxxx.git

ie, change from ssh to https.

Right, this is the easiest work-around. It amounts to giving up on SSH compatibility, though.

I'm not encountering this. It retains my passphrase across multiple vscode launches. On Windows, I open git bash and do ssh-agent and add my key, type my passphrase in, and then i can re-use that over and over and only had to type the passphrase once.

[richardvk]

My repo is on an Ubuntu VM running in Parallels on a Mac.

VSCode is running on the Mac, and I'm using a remote connection in VSCode to access everything including the terminal.

Its inside this terminal tab in VSCode, after connecting to the linux VM, that I add the ssh key to the ssh-agent.

If i run any git command in the terminal tab, then i am not prompted for a password (as expected).

If i use the source control stuff in VSCode, then i just get the error "Git: git@github.com: Permission denied (publickey)."

It looks like the VSCode environment is not seeing the ssh-agent that i set in the terminal tab.

Hope that makes sense. Let me know if anything there seems incorrect. :)

[jathek]

My repo is on an Ubuntu VM running in Parallels on a Mac.

VSCode is running on the Mac, and I'm using a remote connection in VSCode to access everything including the terminal.

Its inside this terminal tab in VSCode, after connecting to the linux VM, that I add the ssh key to the ssh-agent.

If i run any git command in the terminal tab, then i am not prompted for a password (as expected).

If i use the source control stuff in VSCode, then i just get the error "Git: git@github.com: Permission denied (publickey)."

It looks like the VSCode environment is not seeing the ssh-agent that i set in the terminal tab.

Hope that makes sense. Let me know if anything there seems incorrect. :)

Pretty much what happens to me on Windows with Git Bash. I add the key to the ssh-agent in bash in Windows Terminal and it works fine for any git commands there, but VSCode is ignorant of it and asks for the ssh-key password every time.

[albertosantini]

The trick is using SSH-Agent, builtin in Windows, even if I installed Git Bash in Windows.

1. SSH-Agent:

2. Environement variable GIT_SSH:

3. I added my keys, protected with a passphrase, using the usual ssh-add from a CMD prompt (don't use Git Bash shell).

Done.

[4c74356b41]

yo, 6 years later and yet here we are. this should be fixed without ssh-agent. i dont use ssh-agent and i'm happy to input my passphrase everytime (just like i do in the console)

[BitBuf]

I genuinely can't believe this hasn't been fixed yet. git.sshkey setting, we need it!

[artshade]

I genuinely can't believe this hasn't been fixed yet. git.sshkey setting, we need it!

My apologies, but have you considered submitting a pull request with a possible solution, yet?

[dominikseger]

Just Microsoft things ...

[eatcosmos]

easy method

onece input user and password, then input:

git config --global credencial.helper store

then ok!

[lszomoru]

I wanted to follow up on this issue and you provide you an update regarding some of the improvements that we have made recently when it comes to better support of SSH keys that use a passphrase.

Before using VS Code, please ensure that you are able to successfully use the SSH key that uses a passphrase from your terminal for various git operations (ex: clone, pull, push). You can use the following steps to test you SSH key, and to troubleshoot any potential problems.

The latest Insiders release of VS Code contains improvements to detect that the SSH key uses a passphrase and displays a quick input widget at the top of the window so that users can enter the passphrase for the SSH key. The passphrase has to be entered every time the SSH key is used for a git operation. You can also configure the authentication agent on your machine using these steps so that you do not have to enter the passphrase every time the SSH key is used.

Please download the latest Insiders release, try out these improvements and let me know if you run into any issues.

⚠️ Please note that we do not yet support SSH keys that use a passphrase and a hardware security key.

[lszomoru]

I have file a new issue to track the pending work to support SSH keys with a hardware key. I will go ahead and mark this issue as closed so that it gets covered in the current endgame in preparation for the upcoming Stable release. If you run into any issues please file a separate issue. Thank you!

[scruel]

@lszomoru Thanks for your work, just keep waiting for this feature until now!

[ZeWaka]

Thanks so much for this!