2

I am trying to use pip install git+ssh://git@bitbucket.org/my_org/my_package_repo.git to install a custom-made python package (shared by multiple applications) from BitBucket WITHOUT having to enter the SSH password.

There seems to be a lot of good information in one of the answers to this question for doing this in GitLab, etc. There's also some solid supporting information here.

I've already setup an SSH key between my local Mac and this BitBucket account. I'm able to push/pull code all the time to/from this account without having to re-enter the SSH password. Why is the pip install command requiring the password, when it's not required by git commands? Is there a way around this with BitBucket and the setup I've described?

Update

When I run the GIT_SSH_COMMAND='ssh -vvv' pip install git+ssh://git@bitbucket.org/my_org/my_package_repo.git command recommended in the comments, I get the following (sanitized) response:

Collecting git+ssh://git@bitbucket.org/my_org/my_package_repo.git
  Cloning ssh://git@bitbucket.org/my_org/my_package_repo.git to /private/var/folders/hh/v8z4pvkn3kl14c9ty827578c0000gq/T/pip-req-build-i9q_8b83
  Running command git clone -q ssh://git@bitbucket.org/my_org/my_package_repo.git /private/var/folders/hh/v8z4pvkn3kl14c9ty827578c0000gq/T/pip-req-build-i9q_8b83
  OpenSSH_8.1p1, LibreSSL 2.7.3
  debug1: Reading configuration data /Users/username/.ssh/config
  debug1: /Users/username/.ssh/config line 1: Applying options for *
  debug1: Reading configuration data /etc/ssh/ssh_config
  debug1: /etc/ssh/ssh_config line 47: Applying options for *
  debug1: Connecting to bitbucket.org port 22.
  debug1: Connection established.
  debug1: identity file /Users/username/.ssh/id_rsa type 0
  debug1: identity file /Users/username/.ssh/id_rsa-cert type -1
  debug1: identity file /Users/username/.ssh/id_dsa type -1
  debug1: identity file /Users/username/.ssh/id_dsa-cert type -1
  debug1: identity file /Users/username/.ssh/id_ecdsa type -1
  debug1: identity file /Users/username/.ssh/id_ecdsa-cert type -1
  debug1: identity file /Users/username/.ssh/id_ed25519 type -1
  debug1: identity file /Users/username/.ssh/id_ed25519-cert type -1
  debug1: identity file /Users/username/.ssh/id_xmss type -1
  debug1: identity file /Users/username/.ssh/id_xmss-cert type -1
  debug1: Local version string SSH-2.0-OpenSSH_8.1
  debug1: Remote protocol version 2.0, remote software version conker_a7531beec7 c7d1b850e369
  debug1: no match: conker_a7531beec7 c7d1b850e369
  debug3: fd 7 is O_NONBLOCK
  debug1: Authenticating to bitbucket.org:22 as 'git'
  debug3: hostkeys_foreach: reading file "/Users/username/.ssh/known_hosts"
  debug3: record_hostkey: found key type RSA in file /Users/username/.ssh/known_hosts:3
  debug3: load_hostkeys: loaded 1 keys from bitbucket.org
  debug3: order_hostkeyalgs: prefer hostkeyalgs: rsa-sha2-512-cert-v01@openssh.com,rsa-sha2-256-cert-v01@openssh.com,ssh-rsa-cert-v01@openssh.com,rsa-sha2-512,rsa-sha2-256,ssh-rsa
  debug3: send packet: type 20
  debug1: SSH2_MSG_KEXINIT sent
  debug3: receive packet: type 20
  debug1: SSH2_MSG_KEXINIT received
  debug2: local client KEXINIT proposal
  debug2: KEX algorithms: curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c
  debug2: host key algorithms: rsa-sha2-512-cert-v01@openssh.com,rsa-sha2-256-cert-v01@openssh.com,ssh-rsa-cert-v01@openssh.com,rsa-sha2-512,rsa-sha2-256,ssh-rsa,ecdsa-sha2-nistp256-cert-v01@openssh.com,ecdsa-sha2-nistp384-cert-v01@openssh.com,ecdsa-sha2-nistp521-cert-v01@openssh.com,ssh-ed25519-cert-v01@openssh.com,ecdsa-sha2-nistp256,ecdsa-sha2-nistp384,ecdsa-sha2-nistp521,ssh-ed25519
  debug2: ciphers ctos: chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com
  debug2: ciphers stoc: chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com
  debug2: MACs ctos: umac-64-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha1-etm@openssh.com,umac-64@openssh.com,umac-128@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1
  debug2: MACs stoc: umac-64-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha1-etm@openssh.com,umac-64@openssh.com,umac-128@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1
  debug2: compression ctos: none,zlib@openssh.com,zlib
  debug2: compression stoc: none,zlib@openssh.com,zlib
  debug2: languages ctos:
  debug2: languages stoc:
  debug2: first_kex_follows 0
  debug2: reserved 0
  debug2: peer server KEXINIT proposal
  debug2: KEX algorithms: curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-s
  debug2: host key algorithms: ssh-rsa,rsa-sha2-256,rsa-sha2-512,ssh-dss
  debug2: ciphers ctos: aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,chacha20-poly1305@openssh.com
  debug2: ciphers stoc: aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,chacha20-poly1305@openssh.com
  debug2: MACs ctos: hmac-sha2-256-etm@openssh.com,hmac-sha2-256,hmac-sha1,hmac-sha1-96
  debug2: MACs stoc: hmac-sha2-256-etm@openssh.com,hmac-sha2-256,hmac-sha1,hmac-sha1-96
  debug2: compression ctos: none
  debug2: compression stoc: none
  debug2: languages ctos:
  debug2: languages stoc:
  debug2: first_kex_follows 0
  debug2: reserved 0
  debug1: kex: algorithm: curve25519-sha256@libssh.org
  debug1: kex: host key algorithm: rsa-sha2-512
  debug1: kex: server->client cipher: chacha20-poly1305@openssh.com MAC: <implicit> compression: none
  debug1: kex: client->server cipher: chacha20-poly1305@openssh.com MAC: <implicit> compression: none
  debug3: send packet: type 30
  debug1: expecting SSH2_MSG_KEX_ECDH_REPLY
  debug3: receive packet: type 31
  debug1: Server host key: ssh-rsa SHA256:serverhostkeyzzzzzzzzzzzzzzzzzzzzzzzzzzzzzz
  debug3: hostkeys_foreach: reading file "/Users/username/.ssh/known_hosts"
  debug3: record_hostkey: found key type RSA in file /Users/username/.ssh/known_hosts:3
  debug3: load_hostkeys: loaded 1 keys from bitbucket.org
  debug3: hostkeys_foreach: reading file "/Users/username/.ssh/known_hosts"
  debug3: record_hostkey: found key type RSA in file /Users/username/.ssh/known_hosts:11
  debug3: load_hostkeys: loaded 1 keys from 104.192.141.1
  debug1: Host 'bitbucket.org' is known and matches the RSA host key.
  debug1: Found key in /Users/username/.ssh/known_hosts:3
  debug3: send packet: type 21
  debug2: set_newkeys: mode 1
  debug1: rekey out after 134217728 blocks
  debug1: SSH2_MSG_NEWKEYS sent
  debug1: expecting SSH2_MSG_NEWKEYS
  debug3: receive packet: type 21
  debug1: SSH2_MSG_NEWKEYS received
  debug2: set_newkeys: mode 0
  debug1: rekey in after 134217728 blocks
  debug1: Will attempt key: /Users/username/.ssh/id_rsa RSA SHA256:rsasha256zzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzz
  debug1: Will attempt key: /Users/username/.ssh/id_dsa
  debug1: Will attempt key: /Users/username/.ssh/id_ecdsa
  debug1: Will attempt key: /Users/username/.ssh/id_ed25519
  debug1: Will attempt key: /Users/username/.ssh/id_xmss
  debug2: pubkey_prepare: done
  debug3: send packet: type 5
  debug3: receive packet: type 7
  debug1: SSH2_MSG_EXT_INFO received
  debug1: kex_input_ext_info: server-sig-algs=<ssh-rsa,rsa-sha2-256,rsa-sha2-512,ssh-dss,ecdsa-sha2-nistp521,ecdsa-sha2-nistp521-cert-v01@openssh.com,ecdsa-sha2-nistp256,ecdsa-sha2-nistp384,ssh-rsa-cert-v01@openssh.com,ssh-dss-cert-v01@openssh.com,ecdsa-sha2-nistp256-cert-v01@openssh.com,ecdsa-sha2-nistp384-cert-v01@openssh.com>
  debug3: receive packet: type 6
  debug2: service_accept: ssh-userauth
  debug1: SSH2_MSG_SERVICE_ACCEPT received
  debug3: send packet: type 50
  debug3: receive packet: type 51
  debug1: Authentications that can continue: publickey
  debug3: start over, passed a different list publickey
  debug3: preferred publickey,keyboard-interactive,password
  debug3: authmethod_lookup publickey
  debug3: remaining preferred: keyboard-interactive,password
  debug3: authmethod_is_enabled publickey
  debug1: Next authentication method: publickey
  debug1: Offering public key: /Users/username/.ssh/id_rsa RSA SHA256:rsasha256zzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzz
  debug3: send packet: type 50
  debug2: we sent a publickey packet, wait for reply
  debug3: receive packet: type 60
  debug1: Server accepts key: /Users/username/.ssh/id_rsa RSA SHA256:rsasha256zzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzz
  debug3: sign_and_send_pubkey: RSA SHA256:rsasha256zzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzz
  debug3: sign_and_send_pubkey: signing using rsa-sha2-512
Enter passphrase for key '/Users/username/.ssh/id_rsa':
Jed
  • 1,823
  • 4
  • 20
  • 52
  • did you try to run ```GIT_SSH_COMMAND='ssh -vvv' pip install git+ssh://git@bitbucket.org/my_org/my_package_repo.git``` to see WHY ssh ignores your key? you can use the same env var to ensure proper key is used. – Maxim Sagaydachny Nov 19 '21 at 10:40

1 Answers1

1

Your log does not show SSH require a password. But a passphrase (because the private key was created and then stored encrypted, protected by a passphrase).

That means any pip install should be done from a shell where eval $(ssh-agent); ssh-add ~/.ssh/id_rsa has been executed first, in order to cache said passphrase, and allow the all process to not require any input, for an unattended run.

VonC
  • 1,262,500
  • 529
  • 4,410
  • 5,250
  • VonC, any chance you know the answer to this question?: https://stackoverflow.com/questions/70160034/pip-install-custom-package-from-bitbucket-with-ssh-without-entering-ssh-password – Jed Nov 29 '21 at 19:11
  • @Jed I did not at first, but I see Ervin did a fine job answering it. – VonC Nov 29 '21 at 22:30