GitExtensions not using SSH key for authentication, fallsback to basic credential authentication without trying to use keys

[patroniton]

Current behaviour

Git Extensions does not add/use SSH keys

Expected behaviour

Git Extensions adds/uses SSH keys

Steps to reproduce

• Generate key using puttygen
• Save private key (tried saving on multiple local drives as well)
• Open manage remotes window
• Private key file field: browse to created key
• Save changes
• Try to push, Git Extensions doesn't use SSH key and instead tries to fallback on credentials

I've also manually added the key into the putty keystore and the behaviour does not change.

Did this work in previous version of GitExtensions

No. It's never worked and now I can't use credentials to authenticate with github.

Environment

• Git Extensions 3.5.3.12551
• Build 00604a5
• Git 2.28.0.windows.1 (recommended: 2.30.0 or later)
• Microsoft Windows NT 10.0.19042.0
• .NET Framework 4.8.4390.0
• DPI 96dpi (no scaling)

[Fentonator]

Having what I suspect may be the same problem. At least for my case, there is an additional piece of information: it works just fine if, and only if, I have a PuTTY session for "github.com" defined that specifies the relevant PPK. Notably, if I set the PuTTY session to any other PPK it fails authentication, fairly clearly indicating that it is simply ignoring the file configured in the remote management screen, in favor of using the PuTTY session key. This is quite unfortunate, as it makes it annoying to try to deal with multiple GitHub accounts (for example, personal and work-related) from a single machine.

[vbjay]

No putty sessions

• Git Extensions 3.5.4.12724
• Build 65f01f3
• Git 2.38.1.windows.1
• Microsoft Windows NT 10.0.19044.0
• .NET Framework 4.8.9093.0
• DPI 96dpi (no scaling)

Ge automatically spun up pagent which unlocked key and ssh session started with pagent providing the key.
You might want to upgrade git and ge to at least 3.5.4.

[Fentonator]

Git Extensions version is 3.5.4.12724, Git 2.37.3.windows.1, However, I'll try to check it without any github.org session in PuTTY at all and see if that changes the behavior.

[Fentonator]

Unfortunately, even without a PuTTY session for github.com defined, it appears to be unable to authenticate. Looking at the command logs for a "Test Connection" shows an invocation of plink.exe with the -T option and the expected remote target, but nothing that appears that it would specify what key should be used — in particular, not the -i option or a pointer to the private key file.

[vbjay]

Show us. I have proven it works. So I'll bet your config is messed up somewhere.

[zroMSc]

I think I have the same issue but only with the newest git extensions

''

GitUI.NBugReports.UserExternalOperationException: SSH key file could not be found
 ---> System.IO.FileNotFoundException: SSH key file could not be found
   --- End of inner exception stack trace ---
   at GitUI.Infrastructure.PuttyHelpers.ThrowIfFileNotFound(String filePath, String errorMessage, String heading)
   at GitUI.Infrastructure.PuttyHelpers.StartPageantIfConfigured(Func`1 sshKeyFileLoader)
   at GitUI.CommandsDialogs.FormPush.StartPageant(String remote)
   at GitUI.CommandsDialogs.FormPush.PushChanges(IWin32Window owner)
   at GitUI.CommandsDialogs.FormPush.PushClick(Object sender, EventArgs e)
   at System.Windows.Forms.Control.OnClick(EventArgs e)
   at System.Windows.Forms.Button.OnClick(EventArgs e)
   at System.Windows.Forms.Button.OnMouseUp(MouseEventArgs mevent)
   at System.Windows.Forms.Control.WmMouseUp(Message& m, MouseButtons button, Int32 clicks)
   at System.Windows.Forms.Control.WndProc(Message& m)
   at System.Windows.Forms.ButtonBase.WndProc(Message& m)
   at System.Windows.Forms.Control.ControlNativeWindow.WndProc(Message& m)
   at System.Windows.Forms.NativeWindow.Callback(IntPtr hWnd, WM msg, IntPtr wparam, IntPtr lparam)

Use putty as ssh client and have keyfile already loaded with pageant. Do not have the keyfile configured in the remote repository. Somehow the already loaded key won't be used and then throws an error because it can't load the not configured ssh key file. This was working in previous git extension versions (4.0 and below) for me.

• Git Extensions 4.0.1.15887
• Build f2567de
• Git 2.39.0.windows.1
• Microsoft Windows NT 10.0.19042.0
• .NET 6.0.12
• DPI 144dpi (150% scaling)

[vbjay]

You still have to set the key. It is how it knows which key. It's in the remote dialog. Just put the key file in.

[zroMSc]

Previously I did not have to set the key in the remote dialog - as long as the key was already loaded in pageant. I just verified going back to 4.0.0 that there this works just fine.
Also with 4.0.1 I don't have a problem when pulling without having the key configured in the remote dialog but loaded in pageant - I only have the error when pushing.

This is my preferred way as I have many repositories cloned and don't have to configure my key for each of them as I only load it once before working with them.

[zroMSc]

I think before it simply silently returned false when no key was provided but tried to continue and this worked when the key was already loaded:
4.0 vs 4.0.1

[vbjay]

Setting key in repo helps by letting you see which key later on and will autostart and ask for the password to unlock key if needed. Try it. Don't run pagent. Set remote key file. Do a fetch all. I don't see the issue of hitting browse and finding a file which you could copy the path to beforehand. GE will even handle running pagent for you.

[tomasfejfar]

I have the same problem. Weird thing is that pull from private repository works, but push results in the abovementioned exception 🤔 It's caused by 4.0.1 upgrade.

Setting the key works, but I think it's a needless hurdle, because it worked just fine without it.

[mnelken]

I just encountered this. Thank you for the solution.
I agree that this is a needless hurdle. I thought it was the point of the ssh key negotiation system to make this 'just work'.
I do see the benefit of having the option to specify the key and have pageant automatically run, but in my use case I always have pageant running for my other ssh tasks.

[njoAI]

While I also agree, this seems unnecessary, I also ask myself, why this is changed moving from 4.0.0 to 4.0.1. This requires user action to work around. Not something you'd expect from a patch-version.

[tomasfejfar]

Now that I've done it with approximately 10 repositories over the last few days (my company have like 200 repositories, that are needed from time to time), I came back to say it's more then just a needless hurdle 😔

Let me assure you it does not feel great criticising a work someone's doing for free and I'm not doing it lightly. But this really seems like a big step back in useability. Thanks for the work all the contributors are doing!

[AndreMikulec]

The problem of requiring the PPK file AND NOT reading Pagent
is that "PIV Cards" a.k.a "SmartCards" become worthless.
(Techically, this is because, private keys CAN NOT be extracted from "PIV Cards"/"SmartCards")

A SmartCard person is a PuTTY-CAC person. - https://risacher.org/putty-cac/
These people are very common.

vbjay said:

 I don't see the issue of hitting browse and finding a file which you could copy the path to beforehand. 

The problem of requiring a PPK file AND NOT reading Pagent
encourages people

1. to have to PPK files laying around lazily
   and
2. not continue to using his/her "eight(8) digit pin accessible" SmartCard.

One should be able to both use the

1. PPK file
   and
2. Pageant

(and do both conveniently).

I propose something like this (4.0.1 upgrade + new patch):

1. Git Extensions General Option (default is set to OFF [ ])

[ ] Try to read the Signatures of the Public Keys from Pageant 
    (sets this default to all repositories and all remotes) 

and with

2. 'per repository' 'per remote' option (default is set to OFF [ ])

[ ] If set, then Try to read the Signatures of the Public Keys from Pageant 
    (in this exact case, override the General Option)
    (if `not set`  then `ignored otherwise`.)

[gerhardol]

Please test/review the linked pr

[AndreMikulec]

@gerhardol,
Where is that linked pr?

[zroMSc]

#10545

Already thanking for the efforts!