Permission failure cloning in Git in Windows

Question

When I clone from GitHub using CMD or PowerShell with ssh-agent on Windows 10 v.1909, the following shows:

git@github.com: Permission denied (publickey).
fatal: Could not read from remote repository.

However, I ran ssh -vT git@github.com and the key does work

debug1: Offering public key: {My key}

And

Hi {My username}! You've successfully authenticated, but GitHub does not provide shell access.

But with Git bash I can clone just fine.

This also happen with GitLab.

I tried

Host *
 ForwardAgent yes

in .ssh/config and it doesn't work.

I also tried every solution from GitHub Support Page and GitHub Community Forum and still doesn't work.

PS. I prefer Windows cmd.

VonC · Accepted Answer · 2021-05-25T13:42:45.910

5

In your Powershell session, try:

$env:GIT_SSH_COMMAND='ssh -Tv'; git clone git@gitlab.com:myuser/myrepo.git

And see where SSH is looking for your default id_rsa/id_rsa.pub key pair.

Make sure, if the private key is passphrase-protected, to launch ssh-agent first.

The OP mentions:

Apparently, Git doesn't use native OpenSSH.

That is false. Maybe GitHub Desktop does not use OpenSSH, as seen in desktop/desktop issue 5641: "Desktop does not use OpenSSH on Windows if running, favours embedded SSH"

Hence the workaround:

git config --global core.sshCommand "'C:\Windows\System32\OpenSSH\ssh.exe'"

But Git itself does:

D:\prgs\gits\current\bin>where ssh
D:\prgs\gits\current\usr\bin\ssh.exe

D:\prgs\gits\current\bin>ssh -V
OpenSSH_8.2p1, OpenSSL 1.1.1f  31 Mar 2020

This is more recent than the Windows one:

C:\WINDOWS\System32\OpenSSH\ssh.exe -V
OpenSSH_for_Windows_7.7p1, LibreSSL 2.6.5

(Winver: 1909, build 18363.836=

That is why I always launch tools with my own PATH

set PATH=C:\WINDOWS\system32;C:\WINDOWS;C:\WINDOWS\System32\Wbem;C:\WINDOWS\System32\WindowsPowerShell\v1.0\
set GH=C:\path\to\git
set PATH=%GH%\bin;%GH%\usr\bin;%GH%\mingw64\bin;%PATH%

That way, I am sure I will use Git tools first (incuding an OpenSSH one) before anything else.

edited May 25 '21 at 13:42

answered May 01 '20 at 16:55

VonC

1,262,500
529
4,410
5,250

This is default ssh key ```C:\\Users\\%username%/.ssh/id_rsa``` However ```ssh -vT git@github.com``` offer ssh-agent key ```Offering public key: RSA SHA256: [SHA] [External directory]``` no need to type passphase. But ```git clone``` doesn't. – buratud May 02 '20 at 02:11
If I put SSH in ```C:\\Users\\%username%/.ssh/id_rsa``` I have to type passphase every time I use ```git``` command. Which is annoying. – buratud May 02 '20 at 02:13
I think that using ``git``` command doesn't offer ssh-agent key but with ```ssh``` only ssh-agent does offer. – buratud May 02 '20 at 02:22
@buratud git has nothing to do with ssh-agent. If your SSH private key is passphrase-protected, only ssh-agent (launched separately) is able to provide said passphrase. – VonC May 02 '20 at 12:17
but why git doesn't trigger ssh-agent than, it's weird. Same SSH but different behavier. – buratud May 02 '20 at 14:58
I give up, using linux can get rid of this. – buratud May 02 '20 at 14:59
@buratud That will work indeed. But git alone is not concerned with SSH. Which is why git does not trigger anything SSH-related. – VonC May 02 '20 at 15:48
@VonC the original line requires a `;` between setting the env var and calling git clone. – Robin May 25 '21 at 10:37
1

@Robin Thank you. I have edited the answer accordingly. – VonC May 25 '21 at 13:43

buratud · Answer 2 · 2020-05-30T11:05:55.337

3

It turns out that git doesn't use native OpenSSH. Here what's I did

git config --global core.sshCommand "'C:\Windows\System32\OpenSSH\ssh.exe'"

Reference here

edited May 30 '20 at 11:05

answered May 30 '20 at 09:19

buratud

83
2
7

Permission failure cloning in Git in Windows

2 Answers2

Linked