Vscode: Linux ssh-agent/ssh-askpass problem

Created on 29 Aug 2018  路  21Comments  路  Source: microsoft/vscode


As already reported in #33814, #32097, #52137 the bug isn't fixed for me and the workarounds don't work either

VSCode Version: 1.26.1
OS Version: Ubuntu 16.04
Date: 2018-08-16T18:34:20.517Z
Electron: 2.0.5
Chrome: 61.0.3163.100
Node.js: 8.9.3
V8: 6.1.534.41
Architecture: x64
Shell: zsh

Steps to Reproduce:

  1. Open a Git repo folder
  2. Call a Git action like sync, push etc


Does this issue occur when all extensions are disabled?: Yes

I'm using ssh-agent to keep all my keys opened and enter the passwords after I boot (ssh-add ~/.ssh/id_rsa). I can use git from the terminal without any problems, but "use the terminal then" is not a valid workaround for me when a whole feature doesn't work.
I've set some configs in my ~/.ssh/config file as well

Host *
  ServerAliveInterval 60
  AddKeysToAgent yes
  IdentityFile ~/.ssh/id_rsa
Host gitlab.com
  HostName gitlab.com
  User git
Host github.com
  HostName github.com
  User git

But it still get this error when using a feature that calls a remote git action:

> git pull --tags origin master
ssh_askpass: exec(/usr/bin/ssh-askpass): No such file or directory
Permission denied (publickey).
fatal: Could not read from remote repository.

Please make sure you have the correct access rights
and the repository exists

I already tried installing ssh-askpass with sudo apt-get install ssh-askpass-gnome ssh-askpass but he asks me every single time for a password, so the ssh-agent is ignored

bug git

Most helpful comment

In our screen sharing session we figured out what was happening:

@derN3rd uses i3 with rofi. He launches code from rofi, which finds executables in the PATH. Code sets up the CLI launcher executable in the PATH, so rofi picks that one up. This is problematic since we never expected the CLI launcher executable to be launched in a non-shell environment, i.e. window managers. So, the CLI launcher behaves as if it was in a shell environment and doesn't run our getUnixShellEnvironment. The result is a Code instance which never got the chance to execute (in this case) .zshrc. So, the SSH agent is improperly configured.

For a fix, we need to have a better way for whatever process we put in the PATH to detect whether it is already in an environment which was populated with the user's RC files (whether it is a descendant of a shell process).

All 21 comments

It's pretty strange that the configured ssh-askpass is being ignored. Do you see the ssh-askpass-gnome opening up when using the terminal?

And I assume that, in the terminal, you are never asked for your key password, since it is unlocked at login?

@joaomoreno No, I just installed it to try fix to error with vscode.

I have a script that adds all my keys with ssh-add after I login, then I enter my passwords. After that I'm never asked again until I reboot

Interesting. Are you also not asked if you're using Code's integrated terminal?

Where do you set that script up? In .bashrc? Could I see it?

I'm using zsh instead of bash. The interegrated terminal uses zsh as well, so there should be no difference to the normal terminal.

The next configs are required to have all ssh-add(ed) keys in one single instance of a ssh-agent

In my .zshrc I have

SSH_ENV="$HOME/.ssh/environment"
source ~/.dotfiles/.sshAgent

and my .dotfiles/.sshAgent file

function start_agent {
    echo "Initialising new SSH agent..."
    /usr/bin/ssh-agent | sed 's/^echo/#echo/' > "${SSH_ENV}"
    echo succeeded
    chmod 600 "${SSH_ENV}"
    . "${SSH_ENV}" > /dev/null
    /usr/bin/ssh-add -t 432000 ;
}

if [ -f "${SSH_ENV}" ]; then
    . "${SSH_ENV}" > /dev/null
    ps -ef | grep ${SSH_AGENT_PID} | grep ssh-agent$ > /dev/null || {
        start_agent;
}
else
    start_agent;
fi

after running, my .ssh/environment file looks like this:

SSH_AUTH_SOCK=/tmp/ssh-0xpADF7zw61c/agent.1158; export SSH_AUTH_SOCK;
SSH_AGENT_PID=1160; export SSH_AGENT_PID;
#echo Agent pid 1160;

EDIT: I have this config in both .bashrc and .zshrc
EDIT2: The configs I use are from http://www.cygwin.com/ml/cygwin/2001-06/msg00537.html

Is it possible that your zshrc bails out earlier if it detects it is not an interactive session?

I don't think so. I even tried to set the integrated terminal to bash but it didn't change anything.
Maybe vscode is using its own ssh_auth_sock?

It isn't... It does use its own GIT_ASKPASS, but that's different.

I even tried to set the integrated terminal to bash but it didn't change anything.

What do you mean? I thought it always works when you use the integrated terminal.

Can you show me your full .zshrc file?

I meant it doesn't change anything with the integrated git in VSCode.
Both terminal shells work without any problems.

I will add my .zshrc when I'm at work.

If you have time, I would be available for a remote debugging session today/tomorrow from 10AM - 7 PM CEST

@derN3rd Sure, how about now? Give me an email address and I'll send you a meeting invite.

Sounds good.
For debugging, my dotfiles: https://github.com/derN3rd/dotfiles

Sent!

In our screen sharing session we figured out what was happening:

@derN3rd uses i3 with rofi. He launches code from rofi, which finds executables in the PATH. Code sets up the CLI launcher executable in the PATH, so rofi picks that one up. This is problematic since we never expected the CLI launcher executable to be launched in a non-shell environment, i.e. window managers. So, the CLI launcher behaves as if it was in a shell environment and doesn't run our getUnixShellEnvironment. The result is a Code instance which never got the chance to execute (in this case) .zshrc. So, the SSH agent is improperly configured.

For a fix, we need to have a better way for whatever process we put in the PATH to detect whether it is already in an environment which was populated with the user's RC files (whether it is a descendant of a shell process).

Was this fixed then or is there a workaround? I have the same issue, using i3 with j4-dmenu-desktop

I have observed the same issue on Manjaro (XFCE). When started from a launcher, it ignores keys added through ssh-add.

Fixed this by ticking "Start in terminal" in the launcher, although this spawns a useless terminal window, so it's not a good solution.

I am also experiencing the same issue on Lubuntu 18.04.

Thank you for the topic. I was able to solve my problem (I did not load askpass first) and this posting straightened me out. Thank you! Ubuntu 19.10

Is that a commad @joaomoreno that you meantioned? Because if it is then it doesn't exist on mine. (noob)

pranav@Exam:~$ ssh-askpass-gnome
ssh-askpass-gnome: command not found

In Ubuntu 19.10 I have same kindof issue.
Screenshot from 2019-12-13 14-31-40

This problem still exists with vscode 1.44 and dmenu (on latest Manjaro).

Fixed this by ticking "Start in terminal" in the launcher, although this spawns a useless terminal window, so it's not a good solution.

Didn't work for me either.

Starting vscode from a terminal manually works fine however.

I am also facing the same problem with vscode 1.43.2 running on Archlinux XFCE with fish shell.

Screenshot_2020-05-17_00-40-53

Log:

Looking for git in: git
Using git 2.26.0 from git
> git rev-parse --show-toplevel
> git rev-parse --git-dir
Open repository: /home/farbod/webLab
> git status -z -u
> git symbolic-ref --short HEAD
> git rev-parse master
> git rev-parse --symbolic-full-name master@{u}
> git rev-list --left-right master...refs/remotes/origin/master
> git for-each-ref --format %(refname) %(objectname) --sort -committerdate
> git remote --verbose
> git config --get commit.template
> git show :index.html
> git show :resources/css/styles.css
> git ls-files --stage -- /home/farbod/webLab/index.html
> git ls-files --stage -- /home/farbod/webLab/resources/css/styles.css
> git cat-file -s 9d7ec2eb82367ceba1387feb891b8cbcc6a8c727
> git cat-file -s 409bb7f364f04190690c6f67d135fedcc58a6bfb
> git check-ignore -v -z --stdin
> git push origin master:master
ssh_askpass: exec(/usr/lib/ssh/ssh-askpass): No such file or directory
[email protected]: Permission denied (publickey).
fatal: Could not read from remote repository.

Please make sure you have the correct access rights
and the repository exists.

Hello i had same problems with Code - OSS on Manjaro

Version : 1.44.2
Validation : ff915844119ce9485abfe8aa9076ec76b5300ddd
Date : 2020-04-23T19:32:05.786Z
脡lectron : 7.1.14
Chrome : 78.0.3904.130
Node.js : 12.8.1
V8 : 7.8.279.23-electron.0
OS : Linux x64 5.4.40-1-MANJARO

I use Manjaro with KDE and he provide ksshaskpass i have simply create a symbolic link to his binary with and it's work
sudo ln -s /usr/bin/ksshaskpass /usr/lib/ssh/ssh-askpass

Screenshot_20200529_221133

I also tried openssh-askpass
sudo ln -s /usr/bin/qt4-ssh-askpass /usr/lib/ssh/ssh-askpass

They are cool because may integrate better into the desktop environments.

In my tests only x11-ssh-askpass automatically create "/usr/lib/ssh/ssh-askpass"

Look the packages in your distribution i think you can find same packages

But i don't understand why VSCode could not use ssh-agent to not ask password at each push/pull maybe an other bug because i haven't this problems on windows

I took some hints from @joaomoreno's comment above: https://github.com/microsoft/vscode/issues/57488#issuecomment-417259290. In the context of KDE Plasma, I now run code with a global shortcut that runs konsole -e code. This runs the app in a terminal but the terminal flashes up and disappears. The app then has access to the ssh-agent as per a regular bash terminal session. I imagine there would be similar approaches for other DEs/WMs.

I also recommend using @sebtiz13's approach in https://github.com/microsoft/vscode/issues/57488#issuecomment-636184685 as one cannot copy and paste a password into the x11-ssh-askpass prompt.

Was this page helpful?
0 / 5 - 0 ratings