Use custom ssh key cannot push/fetch/pull

[ghost]

Environment: GitPython (2.1.7), python 2.7.14, CentOS 6.9, git 2.15.0-rc1

I using this following code to clone:

ssh_key = os.path.join('.',Config.git.ssh_key)
ssh_key_command = 'ssh -i %s'%ssh_key
os.environ['GIT_SSH_COMMAND'] = 'ssh -i ./data/id_rsa'
repo = Repo.clone_from(Config.git.source,'wkdir')

It's work, but when I using:

r = Repo('wkdir')
with r.git.custom_environment(GIT_SSH_COMMAND='ssh -i ./data/id_rsa'):
	r.remotes.origin.fetch()

It say that:

Traceback (most recent call last):
  File "<stdin>", line 2, in <module>
  File "/usr/local/lib/python2.7/site-packages/git/remote.py", line 779, in fetch
    res = self._get_fetch_info_from_stderr(proc, progress)
  File "/usr/local/lib/python2.7/site-packages/git/remote.py", line 665, in _get_fetch_info_from_stderr
    proc.wait(stderr=stderr_text)
  File "/usr/local/lib/python2.7/site-packages/git/cmd.py", line 418, in wait
    raise GitCommandError(self.args, status, errstr)
git.exc.GitCommandError: Cmd('git') failed due to: exit code(128)
  cmdline: git fetch -v origin
  stderr: 'fatal: Could not read from remote repository.

Please make sure you have the correct access rights
and the repository exists.'

I make sure I have full permission with remote repository, I also trying:

#!/bin/sh
ID_RSA=$PWD/data/hksd
exec /usr/bin/ssh -o StrictHostKeyChecking=no -i $ID_RSA "$@"

and

with r.git.custom_environment(GIT_SSH='id_rsa.sh'):
	r.remotes.origin.fetch()

It's doesn't work, too.

[qneill]

Setting GIT_PYTHON_TRACE=full in the environment may shed some light on this. See

http://gitpython.readthedocs.io/en/stable/tutorial.html#git-command-debugging-and-customization

[ghost]

It's say that:

INFO:git.cmd:git fetch -v origin
DEBUG:git.cmd:Popen(['git', 'fetch', '-v', 'origin'], cwd=/root/test, universal_newlines=True, shell=None)
DEBUG:git.cmd:AutoInterrupt wait stderr: 'fatal: Could not read from remote repository.\n\nPlease make sure you have the correct access rights\nand the repository exists.'
Traceback (most recent call last):
  File "<stdin>", line 1, in <module>
  File "/usr/local/lib/python2.7/site-packages/git/remote.py", line 779, in fetch
    res = self._get_fetch_info_from_stderr(proc, progress)
  File "/usr/local/lib/python2.7/site-packages/git/remote.py", line 665, in _get_fetch_info_from_stderr
    proc.wait(stderr=stderr_text)
  File "/usr/local/lib/python2.7/site-packages/git/cmd.py", line 418, in wait
    raise GitCommandError(self.args, status, errstr)
git.exc.GitCommandError: Cmd('git') failed due to: exit code(128)
  cmdline: git fetch -v origin
  stderr: 'fatal: Could not read from remote repository.

Please make sure you have the correct access rights
and the repository exists.'

[Byron]

Are you sure the key in question does not have a passphrase?
I could imagine that anything run from within a TTY is somehow able to use a cached password and/or connect to the ssh-agent, which GitPython by default wouldn't do (unless maybe $SSH_AGENT_PID and $SSH_AUTH_SOCK are passed as well)

[ghost]

Yes, no passphrase

[Byron]

I think something that could shed light on the issue is if the script instead executes ssh -v -i <path to keyfile>. That way, you see exactly what ssh tries to do, and why it fails (if it does fail at all).

[ghost]

Sorry for the late reply, I think I found the problem.

r = Repo('test')
with r.git.custom_environment(GIT_SSH_COMMAND='ssh -v -i ./key'):
	r.remotes.origin.fetch()

Output:

DEBUG:git.cmd:Popen(['git', 'fetch', '-v', 'origin'], cwd=/root/test, universal_newlines=True, shell=None)
DEBUG:git.cmd:AutoInterrupt wait stderr: 'fatal: Could not read from remote repository.\n\nPlease make sure you have the correct access rights\nand the repository exists.'
Traceback (most recent call last):
  File "git.py", line 7, in <module>
    r.remotes.origin.fetch()
  File "/usr/local/lib/python2.7/site-packages/git/remote.py", line 779, in fetch
    res = self._get_fetch_info_from_stderr(proc, progress)
  File "/usr/local/lib/python2.7/site-packages/git/remote.py", line 665, in _get_fetch_info_from_stderr
    proc.wait(stderr=stderr_text)
  File "/usr/local/lib/python2.7/site-packages/git/cmd.py", line 418, in wait
    raise GitCommandError(self.args, status, errstr)
git.exc.GitCommandError: Cmd('git') failed due to: exit code(128)
  cmdline: git fetch -v origin
  stderr: 'fatal: Could not read from remote repository.

Please make sure you have the correct access rights

So, I think that: maybe is working directory error, but ssh wasn't show key file not found. I change key path from relative path to absolute path, and it's worked.

Fixed code

r = Repo('test')
with r.git.custom_environment(GIT_SSH_COMMAND='ssh -v -i /root/key'):
	r.remotes.origin.fetch()

Output:

$ python test.py
DEBUG:git.cmd:Popen(['git', 'fetch', '-v', 'origin'], cwd=/root/test, universal_newlines=True, shell=None)
$

So, maybe this bug cause by wrong working directory.

[Byron]

Thanks for the update!
It's probably a good idea to use absolute directories, yes. I will remember that for the future.
Since the solution was posted here, I am closing this issue.
Please feel free to post another comment or reopen the issue if there is something you think GitPython should do better.

[ghost]

But I don't think absolute path is a good idea. Sometimes key file may be in a project directory, sometimes maybe we will move directory to another path. Well, then it is time to change the absolute path. This is why I want to use relative paths.

[Byron]

I believe the current working directory of the git program invocations is the .git folder. Thus you can use these directories to construct the path to the key file, or use the correct relative path, such as ../ssh-keys/id-rsa.
Either way, it is something the application has to figure out, and I don't think GitPython can be of any help there.
However, if you believe the documentation could be improved, please feel free to submit a PR with the changes that would have helped you :).