.ssh folder read from inaccessible location?

[tvandijck]

used the 64bit 2.5.3-8 installer...

Could not create directory '//irvfs007.some.internal.domain/user$/.ssh'.
The authenticity of host 'git.some.internal.domain (10.130.xx.xx)' can't be established.
ECDSA key fingerprint is <.....>.
Are you sure you want to continue connecting (yes/no)? yes
Failed to add the host to the list of known hosts (//irvfs007.some.internal.domain/user$/.ssh/known_hosts).
Permission denied (publickey).
fatal: Could not read from remote repository.

Can it just look in c:\users\myname.ssh, or at least falling back on that?
this is where msysGit was storing this information.

[dscho]

You win the prize for 100th issue opened for Git for Windows ;-)

Could not create directory '//irvfs007.some.internal.domain/user$/.ssh'.
[...]
Can it just look in c:\users\myname.ssh, or at least falling back on that?

Is your HOME variable set to the former directory (//irvfs.some.internal.domain/user$)? Or any other environment variable? (I agree it should use the same directory as msysGit-based Git for Windows.)

[tvandijck]

No, my HOME variable is actually pointing to the right folder:

tdijck@TVANDIJCK-W7 MINGW64 ~
$ echo $HOME
/c/Users/tdijck

tdijck@TVANDIJCK-W7 MINGW64 /c/dev/premake (contrib-libs)
$ git fetch --all
Fetching origin
Could not create directory '//irvfs007.some.internal.domain/user$/.ssh'.

[tvandijck]

Actually, I did find this:

HOME=/c/Users/tdijck
HOMEDRIVE=U:
HOMEPATH=''
HOMESHARE='\irvfs007.some.internal.domain\user$'
HOSTNAME=TVANDIJCK-W7
HOSTTYPE=x86_64

So it looks like HOMEDRIVE=U: which is a mapped drive on my machine, which maps to that network folder. but even in windows explorer I cannot access it..

[PhilipOakley]

Actually, I did find this:

HOME=/c/Users/tdijck
HOMEDRIVE=U:
HOMEPATH=''
HOMESHARE='\irvfs007.some.internal.domain\user$'
HOSTNAME=TVANDIJCK-W7
HOSTTYPE=x86_64

So it looks like HOMEDRIVE=U: which is a mapped drive on my machine, which maps to that network folder. but even in windows explorer I cannot access it..

Welcome to the world of corporate re-direction where nothing is as it seems.

The $ at the end of the path lists a hidden directory/share.

At my work it's the H: drive (Home drive) that is mapped all over the place and isn't what it seems (it's also mapped into the c:\users directory, etc. etc.).

Philip

[dscho]

@Alexpux due to your feedback, I reverted my change that would have avoided this issue: you said that putting the windows keyword into /etc/nsswitch.conf would be the appropriate thing to do. But now it seems that this is coming back to bite us in a really ugly way. Any ideas how to fix it short of putting my workaround back into the MSys2 runtime?

[tvandijck]

I can repro this with just the ssh tool as well btw:

tdijck@TVANDIJCK-W7 MINGW64 ~
$ ssh -vT -p 443 git@ssh.github.com
OpenSSH_6.7p1, OpenSSL 1.0.2a 19 Mar 2015
debug1: Reading configuration data /etc/ssh/ssh_config
debug1: Connecting to ssh.github.com [192.30.252.149] port 443.
debug1: Connection established.
Could not create directory '//irvfs007.some.internal.domain/user$/.ssh'.

if that helps anything...

[Maximus5]

I have similar issue but slightly different because I'm using git from cmd.exe (from Far Manager prompt actually).

• Have installed PortableGit-2.3.5.8-dev-preview-32-bit.7z.exe
• have set HOME=T:\VCProject\Home

But when I run git push it ignores HOME variable and is always trying to load ssh keys from real user profile folder. In previous version I've been using (1.9.x) settings HOME variable has proper effect.

[dscho]

A better link than the MSys2 ticket 111 is probably this one: https://cygwin.com/cygwin-ug-net/ntsec.html#ntsec-mapping-nsswitch-home

@Alexpux I would still be interested to know how you would fix the problem that I introduced based on your feedback. The patch I made, and which you shot down, would have prevented the bug discussed in this ticket.

[Alexpux]

Under Cygwin/MSYS2 you need unset HOME - it will break things

[dscho]

Under Cygwin/MSYS2 you need unset HOME - it will break things

Unfortunately, this is not helpful.

See my comment here to learn how I intend to do to fix this problem: git-for-windows/msys2-runtime#2 (comment)

[Maximus5]

Changing db_home works for me, thanks!

[tvandijck]

Same here, works for me too... it's just that I have to set it to "/c/Users/tvandijck" in a file that sits in the program folders.. so any other user that logs in and uses my machine will have issues again... not that I care right now, since that doesn't really happen anyway, but long-term this doesn't seem like a proper solution.

Anyway, thank you for all your help so far.

[dscho]

it's just that I have to set it to "/c/Users/tvandijck" in a file that sits in the program folders..

Exactly, so it is only a workaround, not a proper solution.

[dscho]

Please test the current installer (2.3.7.1). It should allow overriding the home directory via the $HOME environment variable again, as we are used to from Git for Windows 1.x.

[Animeye]

try changing db_home to env. I think the backend changes are working, but the new env method isnt being added to nsswitch.conf

[dscho]

try changing db_home to env. I think the backend changes are working, but the new env method isnt being added to nsswitch.conf

Whoops. Indeed. The most recent git-extra works well when installing the Git SDK afresh, but I already had a patched nsswitch.conf and that was not handled well. Will need to fix that.

[elieux]

I'm not sure if this is the correct place to mention it, but the reason that ssh ignores HOME is security (against malicious programs pointing HOME at directories with specially crafted ssh config/identity files), although it doesn't seem so important on the client side.

[dscho]

@elieux good point.

However:

• we need to have a way for the user to override a home directory we cannot handle (such as a disconnected network drive, or a hidden UNC path),
• it is already possible to override the home directory by editing the /etc/nsswitch.conf file (which should be even easier for an attacker than to inject the HOME environment variable into the global environment before the user clicks Git Bash),
• while /etc/nsswitch.conf is already an option for a malicious attacker to do what you want to prevent, it is not an option for fixing the issue at hand because it would only work in single user environments because the /etc/nsswitch.conf file is shared by users and cannot contain different db_home lines on a per-user basis.

[dscho]

@dscho, you mentioned that long term you want git to be just a package in mingw

Not quite. I want our mingw-w64-i686-git and our mingw-w64-x86_64-git package to be the official one for the MSys2 ecosystem. After getting our other changes accepted (quite possibly in a different form than they are right now).

I will always bundle the installer and portable Git, but you have to keep in mind that I do that from MSys2/MinGW packages already.

[dscho]

Good, thanks for testing!