Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Support FIDO security keys for commit signing signing and ssh auth #2661

Closed
krlvi opened this issue Feb 14, 2024 · 5 comments
Closed

Support FIDO security keys for commit signing signing and ssh auth #2661

krlvi opened this issue Feb 14, 2024 · 5 comments
Labels
auth* Issues with authentication and authorisation, usually with forges enhancement An improvement to an existing feature

Comments

@krlvi
Copy link
Member

krlvi commented Feb 14, 2024

No description provided.

@mtsgrd mtsgrd added the enhancement An improvement to an existing feature label Feb 14, 2024
@stgarf
Copy link

stgarf commented Apr 3, 2024

Would love to be able to use Gitbutler but patiently watching this issue because we require Yubikeys. Please let me know if I can participate in alpha/beta testing when you're ready!

@jokeyrhyme
Copy link

I can confirm that this combination works:

  • GitButler 0.10.28 (and perhaps older, this is just where I reproduced it) with "Project settings" -> "Git authentication" -> "Use a Git executable"
  • ssh-agent setup with the SSH_AUTH_SOCK environment variable set for all new processes in my login session
  • Yubikey security key setup via ssh-keygen -O resident -t ed25519-sk
  • corresponding public key enrolled in my GitHub settings

For any SSH request to GitHub, my security key flashes and nothing happens until I tap the security key

@alexandervaneck
Copy link

@jokeyrhyme How exactly did you setup ssh-agent?

Did you use https://github.com/drduh/YubiKey-Guide?tab=readme-ov-file#ssh-agent-forwarding ?

@jokeyrhyme
Copy link

jokeyrhyme commented Apr 16, 2024
edited

@alexandervaneck

my default shell is nushell, and I've got it configured to start ssh-agent if it isn't already running and load its environment variables into dbus/systemd/launchd so they'll take effect in future processes (the way my system launches them, anyway), and also runs ssh-add -K if there is a Yubico security key plugged in:

so, my workflow is to open a terminal, and my keys are PIN-protected so ssh-add -K prompts to input the PIN, and once my shell prompt appears, I can then run GitButler from my desktop GUI launcher (not running it directly via this terminal/shell session) and it'll have the correct SSH_AUTH_SOCK environment variable

it's worth learning how to inspect the environment variables actually available to running processes, if you do not already do so for debugging this kind of thing

@Byron Byron added the auth* Issues with authentication and authorisation, usually with forges label Apr 21, 2024
@Qix-
Copy link
Contributor

Qix- commented Apr 30, 2024

The system executable auth flow now allows for GIT_SSH and GIT_SSH_COMMAND to be specified, too. Along with the above I'm going to close this as that's probably the preferred method to set up different authentication methods on your respective development machines.

Let me know if something was missed here, or if for some reason something isn't working with regards to FIDO keys!

@Qix- Qix- closed this as completed Apr 30, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
auth* Issues with authentication and authorisation, usually with forges enhancement An improvement to an existing feature
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
7 participants
@Byron @jokeyrhyme @Qix- @mtsgrd @stgarf @krlvi @alexandervaneck