1

I have two computers, say notebook and desktop. Both have cygwin with git and msysgit installed.

When I am on desktop and do a git fetch origin from the cygwin command window, everything works fine, as well as git fetch origin from the msysgit console.

But when I SSH into desktop from notebook using the cygwin SSH client and then do a git fetch origin from the SSH session, I get

error: could not open '//path/to/origin.git'
fatal: Could not read bundle '//path/to/origin.git'.

I assume it is a rights problem because the share I'm accessing is not readable for everyone but only for certain users. I think, when going through SSH to my desktop, I am not the same user as I am when accessing the share directly from desktop.

How do I get the correct user in cygwin to access a protected share?

Edit: although it's claimed that this question shall be a duplicate of 'X' does not appear to be a git repository (I'm sure the path is correct), I don't see any relations to that question.

Edit: if that matters:

  • cygwin git is in version 1.7.5.1
  • cygwin ssh is OpenSSH_5.8p1, OpenSSL 0.9.8r 8 Feb 2011
  • msysgit is in version 1.7.6.msysgit.0
Community
  • 1
  • 1
eckes
  • 64,417
  • 29
  • 168
  • 201
  • possible duplicate of ['X' does not appear to be a git repository (I'm sure the path is correct)](http://stackoverflow.com/questions/5731732/x-does-not-appear-to-be-a-git-repository-im-sure-the-path-is-correct) – sehe Oct 13 '11 at 13:36
  • You are the same user, but you may not be authenticated to the share. Does the desktop authenticate against Active Directory? And which method of authentication do you use when sshing into the desktop? – Jan Hudec Oct 14 '11 at 06:35
  • @sehe: No, definitely not a duplicate. – Jan Hudec Oct 14 '11 at 08:57

1 Answers1

1

Windows with centralized user management using Active Directory use Kerberos tickets to authenticate access to the shares. Since privileged process can change local credentials to specified user, logging in with ssh may not go through Kerberos though and in such case the you will be able to do anything locally as usual, but shares will not recognize you.

If you use public key authentication, it never goes through Kerberos and thus you will never be able to access shares (not accessible to everyone), ever.

If you use passwords, it has to go through Kerberos. I believe the system than does have access to shares, but I am not sure about it, because it's still not regular login from Windows point of view.

OpenSSH actually supports authentication using Kerberos tickets if compiled with the right options and linked against Kerberos library. However last time I looked cygwin ssh was not compiled that way and integration with Active Directory wasn't possible. But it was still cygwin 1.5, so it might have been implemented since then.

In any case, I'd suggest logging into the desktop with Remote Desktop Protocol instead. There are working clients for Linux as well. The downside is it's GUI, so it's not scriptable. You may also have some luck if you connect with RDP, so you are actually logged, put it into background and log in with ssh in parallel to that, but I didn't try, so I am not sure.

I also successfully used Unix Kerberos implementation to obtain the ticket from Active Domain (there are a few quirks like the domain has to be typed in uppercase, but nothing too complicated) and use the Kerberos support in Samba to connect to the shares from Unix.

Jan Hudec
  • 73,652
  • 13
  • 125
  • 172
  • Yes, I'm using public key authentication to authenticate for my SSH session. Logging in with RDP is -- of course -- possible but my use case is to use SSH when I have only limited bandwidth (VPN tunnel from home to work) and RDP is not really funny to work with when your bandwidth is low... – eckes Oct 14 '11 at 07:24
  • @eckes: Well, it won't work with SSH public key authentication, ever. Period. Try with password authentication or having rdp in background (and not use it, so it won't do anything and use ssh) or you could try getting ssh server for windows that supports kerberos. – Jan Hudec Oct 14 '11 at 09:01
  • Is there absolutely no way to tell cygwin to claim to be me when accessing shares? – eckes Oct 19 '11 at 05:43
  • @eckes: With public keys it's not possible, no matter whether Windows or Linux. We had Kerberos-authenticated AFS at university and you couldn't use public keys to log into the lab either. Ssh supports authenticating with Kerberos ticket too, which worked with that AFS and should work with shares. Support for this is however not compiled into the cygwin openssh package and since I could always use RDP instead, I never researched whether it's possible to enable it. – Jan Hudec Oct 19 '11 at 05:55
  • Thanks for the explanation. Even 'no' is a valid answer :-) – eckes Oct 20 '11 at 05:26