cli
cli copied to clipboard
npm
[BUG] Permission denied (publickey) when installing from private Git repository on Windows
Current Behavior:
Running npm i git+ssh://[email protected]:namespace/repo.git through PowerShell on Windows results in the following error:
npm ERR! command failed npm ERR! command git ls-remote [email protected]:namespace/repo.git npm ERR! [email protected]: Permission denied (publickey). npm ERR! fatal: Could not read from remote repository. npm ERR! npm ERR! Please make sure you have the correct access rights npm ERR! and the repository exists.
Running the failed git ls-remote [email protected]:namespace/repo.git command in the same PowerShell window immediately, after correctly prompts for the password:
Enter passphrase for key '/c/Users/Name/.ssh/id_rsa':
Expected Behavior:
When SSH key used for accessing Git repo requires a password, npm should prompt for it within PowerShell.
Steps To Reproduce:
This can also be reproduced by adding an entry to package.json and then running npm i
Environment:
- OS: Window 10
- Node: 14.4.0
- npm: 7.5.3
I've also run into this problem. You need to start the SSH Agent using the start-ssh-agent.cmd script that comes with Git for Windows. This script will start the SSH Agent and add your SSH key to it (will prompt for password). Then you can run npm i and it will succeed.
Experiencing the same issue with npm 7.10.0 on Windows with a GitLab private repository accessed via git+ssh. The SSH agent is started and the key added (as mentioned by @mmiretsky). Running npm install asks for a username + password as if it was git+https. I'm wondering if it actually tries to resolve the dependency via git+ssh at all, could it be related to #2610 somehow?
I tried to enforce a key in .ssh/ssh_config but no luck. Note that it works fine with npm 6 (exact same configuration).
@thexeos did you figure out how to workaround this issue?
@simonbrunel on the same system from the initial report - it it still broken. On another system, while configuring SSH access, I somehow made npm work. The steps I followed to get SSH access working are: https://github.com/PowerShell/Win32-OpenSSH/issues/307#issuecomment-491812395 my GIT_SSH environment variable is set to C:\Windows\System32\OpenSSH\ssh.exe
Maybe this will also be relevant: https://docs.microsoft.com/en-us/azure/devops/repos/git/use-ssh-keys-to-authenticate
Hi, same problem here on npm 8 on windows 10. After debuggin a little bit, I found that the problem may be npmcli project.
On @npmcli/git/lib/opts.js there is the initialization of the gitEnv, which sets the
GIT_SSH_COMMAND: 'ssh -oStrictHostKeyChecking=accept-new'
This overrides the GIT_SSH command, which may have been set to C:\Windows\System32\OpenSSH\ssh.exe for instance.
I just commented the line to make it works..
Hi, same problem here on npm 8 on windows 10. After debuggin a little bit, I found that the problem may be npmcli project.
On @npmcli/git/lib/opts.js there is the initialization of the
gitEnv, which sets theGIT_SSH_COMMAND: 'ssh -oStrictHostKeyChecking=accept-new'This overrides the
GIT_SSHcommand, which may have been set toC:\Windows\System32\OpenSSH\ssh.exefor instance.I just commented the line to make it works..
Thanks for that !
Adding an environment variable GIT_SSH_COMMAND with "%GIT_SSH%" solved my problem, it now properly uses plink (configured in %GIT_SSH%)
I have the same issue with npm 8.3.1. I'm using the core.sshCommand git global config var (no system-level environment variables) for my setup:
git config --global core.sshCommand "c:/windows/system32/openssh/ssh.exe
As mentioned above, explicitly setting, GIT_SSH_COMMAND works. Is there an easy way for npmcli to respect any existing configuration?
For more context, the command that was failing was:
git --no-replace-objects ls-remote ssh://git@host:repo
(I assume npm uses this to get the appropriate tag)
When settings GIT_SSH_COMMAND, the quotes around the path are important. Otherwise it won't work.
The setting of the GIT_SSH_COMMAND environment variable that causes the issue was added in https://github.com/npm/cli/commit/42965fdfa08072e2b172d777569900522de63802. The commit message doesn't make clear what that change was supposed to do, so maybe it can simply be reverted? @wraithgar You are the author of the commit, any idea?
https://github.com/npm/git/commit/8f2ce0459744719458201f42aa51bce02ad0c003
Ah, I see.
On a side note, a hanging installation as described in https://github.com/npm/git/pull/7 is certainly not good but I am not sure that simply accepting all new host keys is the wise thing to do. Perhaps aborting with an error would be better. But I'll assume you have evaluated this question and came to the conclusion that the risk is acceptable.
The solution in https://github.com/npm/git/commit/8f2ce0459744719458201f42aa51bce02ad0c003 is not going to work and should definitely be reverted in its current state.
There are three (four if you include the simple fallback) SSH variants supported by Git and the solution in https://github.com/npm/git/commit/8f2ce0459744719458201f42aa51bce02ad0c003 only works for one of them and only in some cases.
Unfortunately for plink and tortoiseplink the solution is not a simple command line switch because the authors of plink are of the opinion that the risk is not acceptable. If a host key is to be automatically accepted, one has to add it to the registry beforehand manually or by using a trick with pscp.
This bug also exists on MacOS
Could you please share more details on this?
This issue is now resolved in npm version 10.8.2 which has my PR above in it: https://github.com/npm/cli/releases/tag/v10.8.2
@wraithgar I think this can be closed now