7

On a mac mini with Mavericks I am having problems authenticating when I try to git clone from a private git server. I have installed and configured git on Windows and Ubuntu a few times with this same server and haven't this sort of problem before. I'm at a loss as to what to try next.

Symptoms:

git clone https://username@git.example.com:8448/git/libs/project.git
Cloning into 'project' ...
Password for 'https://username@git.example.com:8448': [1] note
fatal: Authentication failed for 'https://username@git.example.com:8448/git/libs/project.git'

[1] I am not asked for this on other systems. I believe I have configured my git client to not ask for passwords. No password I provide is good at this prompt

I have this in my ~/.gitconfig:

[http]
        sslKey = /Users/macuser/auth/username.key
        sslCert = /Users/macuser/auth/username.pem
        sslVerify = false
[user]
        name = username
        email = username@example.com

I received the following files when setting up my client certificates which I placed in a folder named ~/auth:

username.cer
username.p12
username.pem
ca.cer

I ran this command to generate the key file:

openssl rsa -in /Users/macuser/auth/username.pem -out /Users/macuser/auth/username.key

And then I ran git config commands such as:

git config --global http.sslKey /Users/macuser/auth/username.key
git config --global http.sslCert /Users/macuser/auth/username.pem
git config --global http.sslVerify false

After configuring git just like the steps above, on other systems when I do a 'git clone https' it just works. On OS X Mavericks with Xcode command line tools installed, git cannot authenticate.

What am I doing wrong?

Thanks in advance.

Edit:

I thought I'd add this piece of information. The server is using a self signed certificate, or one which comes from no authority. This is why I set http.sslVerify to false.

Here are the verbose clone commands. The setups on Linux and Mac are the same, save for auth folder locations. The Linux version succeeds while the Mac version fails.

http://cache.codebot.org/stackoverflow/linux-git-works.txt
http://cache.codebot.org/stackoverflow/mac-git-fails.txt

Answer:

sudo port install git-core
sysrpl
  • 1,559
  • 3
  • 15
  • 24
  • From the logs you provided, you are using Git 1.8.3.2 on Linux and Git 1.8.3.4 on the Mac, so these are pretty close, and the Git ChangeLog does not suggest any suspicious changes that might be responsible for the different behaviour you observe. So what about curl or libcurl (I'm not sure how Git is using curl)? Which versions are you using on the two machines? – herzbube Nov 01 '13 at 17:19

4 Answers4

3

when you try to use git clone and if its prompt for password please provide the git personal access token here

that will resolve the issue.

Rakesh Suryawanshi
  • 420
  • 6
  • 17
1

The solution was to use the macports version of git rather than using the version included with Xcode command line tools.

sudo port install git-core
sysrpl
  • 1,559
  • 3
  • 15
  • 24
0

sslVerify false? Then you desactivate completely the certificate verification by curl.

You can have more details with:

GIT_CURL_VERBOSE=1 git clone https://...

Check if the other systems don't have a %HOME%/_netrc (Windows) or ~/.netrc (unix) with your credentials in it, which would explain why you don't have to enter a password there.

In your case, it is possible the CA and other root certificates used in Linux in /etc/ssl/certs/ca-certificates.crt aren't present on mac.
Try to add the content of that Linux file to the git cert file on the client side on your <path/to/git/bin/curl-ca-bundle.crt> file, a bit like in this solution.

The OP sysrpl reports though that it isn't necessary, since sysrpl had to do a:

sudo port install git-core

to update/reset the git installation on the Mac.

Community
  • 1
  • 1
VonC
  • 1,262,500
  • 529
  • 4,410
  • 5,250
  • Here are two verbose outputs. One from Linux where clone works, the other from my mac system where clone fails. Both have the same git configuration: http://cache.codebot.org/stackoverflow/linux-git-works.txt http://cache.codebot.org/stackoverflow/mac-git-fails.txt – sysrpl Nov 01 '13 at 09:24
  • @sysrpl "couldn't find host `git.example.com` in the `.netrc` file; using defaults": if you know that username should have a password on `git.example.com`, then define a `.netrc` (as in http://stackoverflow.com/a/6031266/6309). If not, simply remove `username` from the url (that is supposing there is an anonymous access in place, as in http://thread.gmane.org/gmane.comp.version-control.git/204286). – VonC Nov 01 '13 at 09:27
  • in no instances do I have a .netrc file. Removing the username@ in the url simple results in git clone prompting me for a username. Regarding providing a password when prompted, no password I provide is acceptable, either my giblet login password or the password used by openssl rsa when creating the key file. – sysrpl Nov 01 '13 at 09:37
  • sorry about that. the linux works version has been corrected. the difference in the fail starts at line 14 with * TLS 1.0 connection using TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA – sysrpl Nov 01 '13 at 09:42
  • @sysrpl some root certificates must be missing. I have edited my answer. – VonC Nov 01 '13 at 10:31
  • The server certificate is self signed. That is, it doesn't come from any certificate authority. This is why I set http.sslVerify to false. – sysrpl Nov 01 '13 at 16:20
  • @sysrpl still, I would make sure the /etc/ssl/certs/ca-certificates.crt content is copied over into your **`path/to/git/bin/curl-ca-bundle.crt`**, just to see if that make any difference. – VonC Nov 01 '13 at 18:52
0

The root cause of this critical authentication error arises due to the absence of an APP Password (in Bitbucket) or Token (in GitHub). To resolve this issue, you should establish an APP password or generate a token (depending on your chosen provider).

When prompted for a password, utilize this token or app password.

You can create this credential as follows (once generated, Save it somewhere safe):

  1. For Bitbucket,

    Navigate to Bitbucket Settings.

    Enter App password label.

    Set the permissions for the app password. Add read access to Account, Workspace membership, Projects, Repositories and Pull requests.

Click on Create.

Copy and save your app pasword securely.

  1. For GitHub, visit https://github.com/settings/personal-access-tokens/new to generate a new token.
Ritesh
  • 21
  • 7