can you give me a sample about clone a private repo using ssh key?

[Gluoo]

can you give me a sample about clone a private repo using ssh key? thanks

[orirawlings]

Hey @Gluoo,

The existing example provided at _examples/clone should work for repositories with an ssh url. Although on some systems you might need to ensure that you have an ssh-agent running with your private ssh keys added so that they can be used during authentication.

For example:

$ eval `ssh-agent`
Agent pid 4586
$ ssh-add 
Identity added: /home/orawlings/.ssh/id_rsa (/root/.ssh/id_rsa)
$ go run ${GOPATH}/src/gopkg.in/src-d/go-git.v4/_examples/clone/main.go git@github.com:orirawlings/go-git.git go-git                                                  
git clone git@github.com:orirawlings/go-git.git go-git --recursive
commit d3c7400c39f86a4c59340c7a9cda8497186e00fc
Author: Máximo Cuadros <mcuadros@gmail.com>
Date:   Mon Jul 17 00:50:24 2017 -0700

    Merge pull request #485 from mcuadros/fetch-tags

    remote: fetch, correct behavior on tags

[Gluoo]

@orirawlings , thanks for your quickly response.
but in _examples/clone, I saw no ssh auth code there,

r, err := git.PlainClone(directory, false, &git.CloneOptions{
	URL:               url,
	RecurseSubmodules: git.DefaultSubmoduleRecursionDepth,
})

you mean, I don't need add any ssh auth code in git.PlainClone function? Just eval ssh-agent and ssh-add, that is enough?

But even if I follow your guide, I still got errors: "error creating SSH agent: "SSH agent requested but SSH_AUTH_SOCK not-specified"

[orirawlings]

Hey @Gluoo,

That is correct. The library will dispatch to the correct type of transport implementation based on the form of the provided url. If url is an ssh url, it will use the ssh transport.

If you are seeing the error you posted, it is likely because of an issue with how you started the ssh-agent. The ssh-agent command will output some data that you need to evaluate with your shell.

Here is an example if I run without wrapping in eval :

$ ssh-agent
SSH_AUTH_SOCK=/var/folders/__/1bnpyd4d7t31wkxd9vmk2sz9985fpv/T//ssh-aj8ZhNCDm6Dr/agent.30875; export SSH_AUTH_SOCK;
SSH_AGENT_PID=30876; export SSH_AGENT_PID;
echo Agent pid 30876;

You can see that when I run this output through eval I will export the necessary SSH_AUTH_SOCK. Assuming you run the _example/clone in the same shell session that evaluated the ssh-agent output, the code should work.

[Gluoo]

@orirawlings , I tried your guide in a new linux machine, works well.

but my git clone/pull operations are in a rest service, when a user want to clone a repo, curl my API, my service will clone the repo using ssh key.

In my scenario, should I execute ssh-agent and ssh-add command before proceed my logic every time? Is there any other solution?
thanks

[orirawlings]

If you want to provide explicit credentials you can use the Auth field of CloneOptions. See the various methods for ssh AuthMethods at https://godoc.org/gopkg.in/src-d/go-git.v4/plumbing/transport/ssh#AuthMethod

[wstrange]

If it helps, I did something like this to create the auth object needed to clone an ssh repo:

s := fmt.Sprintf("%s/.ssh/id_rsa", os.Getenv("HOME"))
sshKey, err = ioutil.ReadFile(s)
signer, err := ssh.ParsePrivateKey([]byte(sshKey))
auth = &gitssh.PublicKeys{User: "git", Signer: signer}

[Gluoo]

@orirawlings @wstrange , no lucky in my environment.

@wstrange , I tried your code, still got error

ssh: handshake failed: ssh: unable to authenticate, attempted methods [none publickey], no supported methods remain
&{0xc420060540 map[] 0xc4200f1ea0}

[orirawlings]

That error message looks like it did use the key for authentication, but the authentication failed. Probably worth confirming that that git server the client is contacting has the correct ssh public key configured.

[Gluoo]

@orirawlings @wstrange , it works. Thanks, I will close this issue

[wspurgin]

I'm seeing ssh: handshake failed: EOF Error using the first method mentioned (just using the ssh-agent to get the auth method). Manually attempting to get the auth (like in the second method) I get ssh: handshake failed: connection reset by peer. I can't recreate any of that behavior with the actual git client.... It's been about 6 months since this issue, so I'm wondering if the first method is still valid (where go-git will actually check the ssh keyring).

If it matters, I'm on OS X not a Linux distro

[pashh]

I have almost the same question but I need authorisation by user password and through ssh protocol:
I saw in gopkg.in/src-d/go-git.v4/plumbing/transport/ssh/auth_method.go:
// Password implements AuthMethod by using the given password. type Password struct { User string Password string HostKeyCallbackHelper }
but I didn't understand how to use it.

for example in my case:

repo, err := git.PlainClone(dir, false, &git.CloneOptions{ URL: "ssh://USER_NAME@tmv1654.devlab.de.tmo:tvpp-doc", Auth: &gitssh.Password{username, password, HostKeyCallbackHelper}, })

[dahendel]

This worked for me with ssh

sshAuth, err := ssh.DefaultAuthBuilder("keymaster")
if err := r.Push(&git.PushOptions{Auth: sshAuth}); err != nil {
		log.Error().Err(err).Msg("Push err")
		os.Exit(1)
}

Http Auth

auth := &http.BasicAuth{Username: "user", Password: "pass",}
if err := r.Push(&git.PushOptions{Auth: auth}); err != nil {
		log.Error().Err(err).Msg("Push err")
		os.Exit(1)
}

[pashh]

I'm summarised all types auth for clone private repo examples here
#863
please point me out if I made something wrong

[supanadit]

This is how i work

url := "git@github.com:supanadit/gostay.git"
var publicKey *ssh.PublicKeys
sshPath := os.Getenv("HOME") + "/.ssh/id_rsa"
sshKey, _ := ioutil.ReadFile(sshPath)
publicKey, keyError := ssh.NewPublicKeys("git", []byte(sshKey), "")
if keyError != nil {
	fmt.Println(keyError)
}
_, err := git.PlainClone(url, false, &git.CloneOptions{
	URL:      urlGitConversion,
	Progress: os.Stdout,
	Auth:     publicKey,
})