gitui icon indicating copy to clipboard operation
gitui copied to clipboard

Published 20 hours ago • verified publisher icon extrawurst

Yubikey-associated ssh keys produce error in gitui but are usable elsewhere

Open elmarsto opened this issue 3 years ago • 5 comments

I recently upgraded my ssh keys to ed25519-sk. The -sk stands for 'secure key', and it means that, instead of being asked for a password, I just touch my yubikey to auth the use of the ssh key.

This works great with git in bash. As expected, I get x11-ssh-askpass prompting me to confirm my presence; I touch the yubikey, and the push goes through.

But in gitui, I get an error (attached) after x11-ssh-askpass completes.

In other words: my current ssh config works flawlessly in bash using git push, but throws an error (and fails to complete) in gitui.

IMPACT: This makes gitui unusable for those of us who use hardware-validated ssh keys.

To Reproduce

  • Purchase a yubikey
  • Run ssh-keygen -t ed25519-sk. Provide an empty passphrase
  • Run gitui in some repo that depends on this key to push to origin

Expected behavior

  • Askpass runs
  • I touch my yubikey
  • Push completes

Screenshots 20211028_16h31m04s_grim 20211028_16h31m25s_grim

Context (please complete the following information):

  • OS/Distro + Version: NixOS 21.05 w/ Wayland
  • GitUI Version 0.18.0
  • Rust version: 1.58-0-nightly, but gitui was installed with system (unsure of which version of Rust compiled gitui

Additional context Here's the log:

23:54:04 [TRACE] (1) gitui::app: [src/app.rs:329] update
23:54:04 [TRACE] (6) mio::poll: [/build/gitui-0.16.1-vendor.tar.gz/mio/src/poll.rs:478] registering event source with poller: token=Token(0), interests=READABLE
23:54:04 [TRACE] (6) mio::poll: [/build/gitui-0.16.1-vendor.tar.gz/mio/src/poll.rs:478] registering event source with poller: token=Token(1), interests=READABLE
23:54:04 [TRACE] (1) asyncgit::status: [asyncgit/src/status.rs:90] request: [hash: 15221039271888170970] (type: WorkingDir)
23:54:04 [TRACE] (1) asyncgit::status: [asyncgit/src/status.rs:90] request: [hash: 6093762865935412823] (type: Stage)
23:54:04 [TRACE] (3) asyncgit::status: [asyncgit/src/status.rs:143] status fetched: 6093762865935412823 (type: Stage)
23:54:04 [TRACE] (1) gitui::app: [src/app.rs:348] update_git: Status
23:54:04 [TRACE] (2) asyncgit::status: [asyncgit/src/status.rs:143] status fetched: 15221039271888170970 (type: WorkingDir)
23:54:04 [TRACE] (1) gitui::app: [src/app.rs:348] update_git: Status
23:54:04 [TRACE] (1) gitui::app: [src/app.rs:260] event: Input(Key(KeyEvent { code: Char('p'), modifiers: NONE }))
23:54:04 [INFO] push: branch 'main' has upstream for remote 'origin' - using that
23:54:04 [TRACE] (1) asyncgit::push: [asyncgit/src/push.rs:72] request
23:54:04 [TRACE] (1) gitui::app: [src/app.rs:329] update
23:54:04 [TRACE] (1) asyncgit::status: [asyncgit/src/status.rs:90] request: [hash: 14599022095447610536] (type: WorkingDir)
23:54:04 [TRACE] (1) asyncgit::status: [asyncgit/src/status.rs:90] request: [hash: 5802346139558605474] (type: Stage)
23:54:04 [TRACE] (3) asyncgit::status: [asyncgit/src/status.rs:143] status fetched: 5802346139558605474 (type: Stage)
23:54:04 [TRACE] (1) gitui::app: [src/app.rs:348] update_git: Status
23:54:04 [TRACE] (2) asyncgit::status: [asyncgit/src/status.rs:143] status fetched: 14599022095447610536 (type: WorkingDir)
23:54:04 [TRACE] (1) gitui::app: [src/app.rs:348] update_git: Status
23:54:06 [DEBUG] (7) asyncgit::sync::remotes::push: creds: '[email protected]:~/myrepo.git' Some("git") (USER_PASS_PLAINTEXT | SSH_KEY | SSH_MEMORY | SSH_CUSTOM | SSH_INTERACTIVE)
23:54:08 [DEBUG] (7) asyncgit::sync::remotes::push: creds: '[email protected]:~/myrepo.git' Some("git") (USER_PASS_PLAINTEXT | SSH_KEY | SSH_MEMORY | SSH_CUSTOM | SSH_INTERACTIVE)
23:54:08 [TRACE] (1) gitui::app: [src/app.rs:348] update_git: Push
23:54:08 [ERROR] push error: git error:Bad credentials.
23:54:08 [TRACE] (1) gitui::app: [src/app.rs:348] update_git: Push
23:54:08 [TRACE] (1) gitui::app: [src/app.rs:329] update
23:54:08 [TRACE] (1) asyncgit::status: [asyncgit/src/status.rs:90] request: [hash: 15969545935799951279] (type: WorkingDir)
23:54:08 [TRACE] (1) asyncgit::status: [asyncgit/src/status.rs:90] request: [hash: 1945689241303045799] (type: Stage)
23:54:08 [TRACE] (4) asyncgit::status: [asyncgit/src/status.rs:143] status fetched: 1945689241303045799 (type: Stage)
23:54:08 [TRACE] (1) gitui::app: [src/app.rs:348] update_git: Status
23:54:08 [TRACE] (2) asyncgit::status: [asyncgit/src/status.rs:143] status fetched: 15969545935799951279 (type: WorkingDir)
23:54:08 [TRACE] (1) gitui::app: [src/app.rs:348] update_git: Status
23:54:09 [TRACE] (1) gitui::app: [src/app.rs:329] update
23:54:09 [TRACE] (1) asyncgit::status: [asyncgit/src/status.rs:90] request: [hash: 370514404697195426] (type: WorkingDir)
23:54:09 [TRACE] (1) asyncgit::status: [asyncgit/src/status.rs:90] request: [hash: 13708053634060089698] (type: Stage)
23:54:09 [TRACE] (4) asyncgit::status: [asyncgit/src/status.rs:143] status fetched: 13708053634060089698 (type: Stage)
23:54:09 [TRACE] (1) gitui::app: [src/app.rs:348] update_git: Status
23:54:09 [TRACE] (2) asyncgit::status: [asyncgit/src/status.rs:143] status fetched: 370514404697195426 (type: WorkingDir)
23:54:09 [TRACE] (1) gitui::app: [src/app.rs:348] update_git: Status
23:54:10 [TRACE] (1) gitui::app: [src/app.rs:260] event: Input(Key(KeyEvent { code: Char('q'), modifiers: NONE }))
23:54:10 [TRACE] (1) gitui::app: [src/app.rs:260] event: Input(Key(KeyEvent { code: Char('c'), modifiers: CONTROL }))

elmarsto avatar Oct 28 '21 23:10 elmarsto

Unfortunately I have no sich key myself. Maybe someone can tackle this with access to a hardware key

extrawurst avatar Oct 29 '21 11:10 extrawurst

I encountered the same problem these days, here is my solution, hope it will help:

  1. check ~/.ssh/config file exists, if not, create one and execute chmod 600 ~/.ssh/config
  2. add AddKeysToAgent yes to the config file, this will auto execute ssh-add <privatekey> when ssh running
  3. restart ssh service: sudo systemctl restart sshd.service or sudo systemctl restart ssh.service in some other Linux distros(my distro is Manjaro)

I tried execute ssh-add ~/.ssh/<privatekey>, and it worked temporarily, so I guess this is not the gitui issue, I think ssh service does not automatically add ssh key when handling this kind of situation

CengsBlanky avatar Nov 01 '21 12:11 CengsBlanky

I've got the similar behavior i.e. with git error: Bad credentials at the end and git command working without issues. But I don't use Yubikey for ssh but use a specific IdentityFile in ~/.ssh/config. Adding AddKeysToAgent yes into config solved it. So maybe it's not Yubikey issue but issue of any non-default ssh setting. Thanks for the idea with AddKeysToAgent. It really helped.

ivosm avatar Dec 29 '21 21:12 ivosm

Unfortunately, for me, AddKeysToAgent yes merely changed the error message to:

git error:failed to start SSH session: Unable to exchange encryption keys; class=Ssh (23)

So... yeah, still unable to use gitui for anything whatsoever. Harrumphing back to my precious command line ;D

(As ever: thank you gitui devs for your contributions, and I'm just sad that I can't use them yet!)

elmarsto avatar Dec 30 '21 00:12 elmarsto

This issue has been automatically marked as stale because it has not had any activity half a year. It will be closed in 14 days if no further activity occurs. Thank you for your contributions.

stale[bot] avatar Jul 10 '22 02:07 stale[bot]