scmrepo icon indicating copy to clipboard operation
scmrepo copied to clipboard

Published 20 hours ago verified publisher icon iterative

pull: "No valid credentials" when using an ssh-agent

Open mirkolenz opened this issue 1 year ago • 7 comments

Bug Report

pull: "no valid credentials" when using ssh-agent

Description

As outlined in iterative/scmrepo#215, I tried setting up SSH keys using the webfactory/ssh-agent action. However, dvc always complained that no valid credentials were provided even though the SSH keys were added as deploy keys to the individual repositories. This is the same action that was mentioned in iterative/dvc#7702 as well, so I see some similarities here (even though the linked issue only mentions these problems on Windows-based machines).

Reproduce

Use the following GitHub action:

on:
  push:
    branches:
      - main
      - beta
env:
  POETRY_VERSION: 1.3.1
  PYTHON_VERSION: 3.9
  DVC_VERSION: 2.43.0
jobs:
  dvc-test:
    runs-on: ubuntu-latest
    steps:
      - uses: webfactory/[email protected]
        with:
          ssh-private-key: |
            ${{ secrets.SSH_ARGUEBASE_PUBLIC }}
            ${{ secrets.SSH_ARGUEBASE_PRIVATE }}
      - uses: actions/checkout@v3
      - uses: iterative/setup-dvc@v1
        with:
          version: ${{ env.DVC_VERSION }}
      - run: dvc pull --force --verbose

Expected

DVC uses the credentials provided by the ssh-agent and pulls the data. However, dvc always complains that no valid credentials were provided.

Environment information

The problem occurs on GitHub actions using ubuntu-latest and the setup-dvc action.

Additional Information (if any):

I ran the following script provided by @dtrifiro in the same GitHub action:

import asyncio

import asyncssh


async def main():
    async with asyncssh.agent.connect_agent() as agent:
        keys = await agent.get_keys()
        for key in keys:
            print(key.algorithm, key.get_comment())


if __name__ == "__main__":
    asyncio.run(main())

and got this output:

python dvc_test.py
  shell: /usr/bin/bash -e {0}
  env:
    POETRY_VERSION: 1.3.1
    PYTHON_VERSION: 3.9
    DVC_VERSION: 2.43.0
    SSH_AUTH_SOCK: /tmp/ssh-XXXXXXiyBBBE/agent.1658
    SSH_AGENT_PID: 1659
    pythonLocation: /opt/hostedtoolcache/Python/3.9.16/x64
    PKG_CONFIG_PATH: /opt/hostedtoolcache/Python/3.9.16/x64/lib/pkgconfig
    Python_ROOT_DIR: /opt/hostedtoolcache/Python/3.9.16/x64
    Python2_ROOT_DIR: /opt/hostedtoolcache/Python/3.9.16/x64
    Python3_ROOT_DIR: /opt/hostedtoolcache/Python/3.9.16/x64
    LD_LIBRARY_PATH: /opt/hostedtoolcache/Python/3.9.16/x64/lib
b'ssh-ed25519' [email protected]:recap-utr/arguebase-public.git
b'ssh-ed25519' [email protected]:recap-utr/arguebase-private.git

meaning that the keys are picked up by asyncssh.

mirkolenz avatar Jan 31 '23 15:01 mirkolenz