7

The fundamental problem is that I am never seeing a prompt to enter in my SSH-Key password, SSH-Agent or no. As such, it's acting like I entered the wrong password and defaulting to pretending I have no keys.

This is happening on multiple computers. I set up my ssh keys awhile ago, and everything is great, but every so often I will do a git push (usually after restarting my computer) and I will get asked for my git origin server's password RATHER than my ssh key's password. Since my origin server does not HAVE a password, this leaves me unable to push changes.

Sometimes it resolves itself after restarting, sometimes not. Usually I do a lot of flailing guesses and one of them ends up fixing the problem, but I can't currently remember which ones work and which don't.

What is the CORRECT way to go about fixing this? What is the actual problem? Is my SSH Key locked? Is some windows process not starting correctly? Is a Path variable being eaten? I don't know a lot about windows (usually I develop on linux), so I'm extra at a loss here.

Edit: The first answer mentions ssh-agent. Some googling got me to here:

https://help.github.com/articles/working-with-ssh-key-passphrases/#platform-windows

Which explains how to set up ssh-agent to autostart and know about your keys in windows. (I didn't even know you could use bash profiles in windows).

This did not help.

My git bash now says "Identity added: /c/Users/{{ME}}/.ssh/id_rsa" It does NOT ask me for my key password, and I still cannot push to my origin server (it asks for a server password, still).

I can confirm that my ssh key does live in the place the agent is looking. I can also confirm that the key is added: ssh-add -l shows a single key, from the location my key is stored.

Edit: Setting GIT_SSH as an environment variable pointing at the executable for ssh does nothing either, but it was a long shot anyways.

Edit: ssh [email protected] outputs:

$ ssh -v [email protected] OpenSSH_6.6.1, OpenSSL 1.0.1i 6 Aug 2014 debug1: Reading configuration data /c/Users/eschjen/.ssh/config debug1: /c/Users/eschjen/.ssh/config line 1: Applying options for git.myhost .lan debug1: Connecting to git.myhost.lan [10.116.22.40] port 22. debug1: Connection established. debug1: identity file /c/Users/eschjen/.ssh/id_rsa type 1 debug1: identity file /c/Users/eschjen/.ssh/id_rsa-cert type -1 debug1: Enabling compatibility mode for protocol 2.0 debug1: Local version string SSH-2.0-OpenSSH_6.6.1 debug1: Remote protocol version 2.0, remote software version OpenSSH_5.3 debug1: match: OpenSSH_5.3 pat OpenSSH_5* compat 0x0c000000 debug1: SSH2_MSG_KEXINIT sent debug1: SSH2_MSG_KEXINIT received debug1: kex: server->client aes128-ctr hmac-md5 none debug1: kex: client->server aes128-ctr hmac-md5 none debug1: SSH2_MSG_KEX_DH_GEX_REQUEST(1024<3072<8192) sent debug1: expecting SSH2_MSG_KEX_DH_GEX_GROUP debug1: SSH2_MSG_KEX_DH_GEX_INIT sent debug1: expecting SSH2_MSG_KEX_DH_GEX_REPLY debug1: Server host key: RSA ae:81:77:0d:1c:8e:6a:aa:a8:69:36:1b:e4:ca:33:ee debug1: Host 'git.myhost.lan' is known and matches the RSA host key. debug1: Found key in /c/Users/eschjen/.ssh/known_hosts:1 debug1: ssh_rsa_verify: signature correct debug1: SSH2_MSG_NEWKEYS sent debug1: expecting SSH2_MSG_NEWKEYS debug1: SSH2_MSG_NEWKEYS received debug1: Roaming not allowed by server debug1: SSH2_MSG_SERVICE_REQUEST sent debug1: SSH2_MSG_SERVICE_ACCEPT received debug1: Authentications that can continue: publickey,gssapi-keyex,gssapi-with-mi c,password debug1: Next authentication method: publickey debug1: Offering RSA public key: /c/Users/eschjen/.ssh/id_rsa debug1: Authentications that can continue: publickey,gssapi-keyex,gssapi-with-mi c,password debug1: Next authentication method: password [email protected]'s password:

The output screen helped me take the tack that the ssh key was being used, but rejected by the server. I found that the ssh key my server knows about does not match the ssh key my machine has, somehow, despite everything working fine less than a month ago. I re-added the ssh key I have, and was able to push my changes.

Anybody have any idea how the ssh key would be re-generated (I'm fairly sure I didn't do it explicitly) during all of this?

Improve this question
5
  • 1
    Please provide the output of ssh with the -v flag set for the failed connection attempt. Commented Dec 31, 2015 at 12:38
  • Done. I can't make heads or tails of the log. It LOOKS like it offers up my RSA public key...and then just forgets about it and skips right to password authentication. No errors, no problems. If "roaming not allowed by server" is important, why do I have no issues in Linux, and no issues sometimes on my windows machine? ...Maybe it's because I'm on wifi? Commented Dec 31, 2015 at 13:15
  • Nope, wired IP address is no better than wifi IP address. Commented Dec 31, 2015 at 13:21
  • ... Well, one thing that output did for me is make me confirm that my key is actually in the server. Somehow it wasn't. I don't rememember regenerating my windows key, and I promise you I have spent quite some time using my windows machine successfully with git. And I see a key on my git server that I am fairly sure corresponded to my windows machine that is NOT my current key. Any clue what happened? Commented Dec 31, 2015 at 13:30
  • Thanks for the accept. I propose to move the follow up to a different question as it has completely different requirements. Commented Jan 2, 2016 at 16:20

3 Answers 3

Reset to default
4
+125

It's not enough to add the identity. There should be a file called config(no extension) in your C:\Users\{{username}}\.ssh directory.

You can define the key to use for a given host there like this:

Host myhost.name.com IdentityFile ~/.ssh/my_keyfile_name

The result of correct configuration is a input request for a password:

Enter passphrase for key '/c/Users/{{username}}/.ssh/my_keyfile_name':

Edit1: You can retrieve the verbose output of ssh by adding the -v parameter. Real world example (host name replaced):

λ ssh -v [email protected] OpenSSH_6.6.1, OpenSSL 1.0.1m 19 Mar 2015 debug1: Reading configuration data /c/Users/Igor/.ssh/config debug1: /c/Users/Igor/.ssh/config line 4: Applying options for myhost.at debug1: Connecting to myhost.at [192.168.2.1] port 22. debug1: Connection established. debug1: identity file /c/Users/Igor/.ssh/myhost-server type -1 debug1: identity file /c/Users/Igor/.ssh/myhost-server-cert type -1 debug1: Enabling compatibility mode for protocol 2.0 debug1: Local version string SSH-2.0-OpenSSH_6.6.1 debug1: Remote protocol version 2.0, remote software version OpenSSH_5.5p1 Debian-6+squeeze5 debug1: match: OpenSSH_5.5p1 Debian-6+squeeze5 pat OpenSSH_5* compat 0x0c000000 debug1: SSH2_MSG_KEXINIT sent debug1: SSH2_MSG_KEXINIT received debug1: kex: server->client aes128-ctr hmac-md5 none debug1: kex: client->server aes128-ctr hmac-md5 none debug1: SSH2_MSG_KEX_DH_GEX_REQUEST(1024<3072<8192) sent debug1: expecting SSH2_MSG_KEX_DH_GEX_GROUP debug1: SSH2_MSG_KEX_DH_GEX_INIT sent debug1: expecting SSH2_MSG_KEX_DH_GEX_REPLY debug1: Server host key: RSA 67:3f:96:7b:6a:68:55:89:a8:30:a9:ed:67:ef:40:a4 debug1: Host 'myhost.at' is known and matches the RSA host key. debug1: Found key in /c/Users/Igor/.ssh/known_hosts:3 debug1: ssh_rsa_verify: signature correct debug1: SSH2_MSG_NEWKEYS sent debug1: expecting SSH2_MSG_NEWKEYS debug1: SSH2_MSG_NEWKEYS received debug1: Roaming not allowed by server debug1: SSH2_MSG_SERVICE_REQUEST sent debug1: SSH2_MSG_SERVICE_ACCEPT received debug1: Authentications that can continue: publickey,password debug1: Next authentication method: publickey debug1: Offering RSA public key: /c/Users/Igor/.ssh/id_rsa debug1: Authentications that can continue: publickey,password debug1: Trying private key: /c/Users/Igor/.ssh/myhost-server debug1: key_parse_private2: missing begin marker debug1: key_parse_private_pem: PEM_read_PrivateKey failed debug1: read PEM private key done: type <unknown> Enter passphrase for key '/c/Users/Igor/.ssh/myhost-server':

I think this would help tremendously. Added comment to OP requesting this information.

Improve this answer
Sign up to request clarification or add additional context in comments.

2 Comments

Nothing is happening yet. I'm not entirely sure how specifying a host would help, though, since ssh-add is supposed to ask for my key's password and it doesn't have any host parameters. Git push is still not appearing to use my key, and is not asking for a password for it, just jumping ahead to asking for the server's password.
Which tools are you using to perform your connection? I use the linux tools bundled with git (git-scm.com) which includes the ssh binary. I do NOT need to set up any key-adding measure to my startup manually.
3

you need to tell your computer to add the key again after restarting the system. Most of the time this is done with the ssh-agent

Improve this answer

7 Comments

This does not appear to be my problem. I am not upset that I am asked to enter a password in every time I want to use my key. Rather, I am NOT being asked for a password, and instead git is jumping to asking for a server password. Using ssh-agent does not help with this.
Hmm but you still have to tell your system which key to use. Where do you do it then, when not with ssh-agent or manually adding the key
I'm not sure I parse your question. If I only have a single key, why do I have to specify which to use? If this must happen in any case, the answer is that I am not doing it (and thus it might be my problem). I will do more research. I will say using ssh-agent is not helping, if that is the way to specify which.
You said that sometimes when you restart it works, so something on your systems seems to open the key. Maybe github for Windows or putty or similar?
Ssh-agent is one way to add your key automatically. Even if you only have one key, your system still needs to know which it is etc.
|
2

I wasted several hours trying to solve the same problem - SSH would not ask for the passphrase for my keypair even with pageant NOT running.

SSH uses different key formats (SSH-1 and SSH-2), and more importantly, refuses to read RSA keys if they are in SSH-2 format. Generating the keypair with Puttygen and then converting it to SSH-1 format to save in .ssh\id_rsa solved the problem for me.

  1. Generate a keypair
  2. Save it with a meaningful name (like Basement-Computer.ppk)
  3. Export the file to OpenSSH format and save it with the name id_rsa (no extension)

puttygen

Git clone will now ask for the passphrase (or at least it did for me). Google's instructions for setting up a Git repo https://cloud.google.com/source-repositories/docs/authentication#ssh neglects to mention that crucial third step.

Improve this answer

Comments

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.