Windows 10 version 1803 broke my ssh-agent
Closed this issue ยท 32 comments
System Details
- posh-git version/path: 0.7.3.1 C:\tools\poshgit\dahlbyk-posh-git-9bda399\src
- PowerShell version: 5.1.17134. 48
- Git version: git version 2.17.0.windows.1
- Operating system name and version: Win32NT 10.0.17134.0 Microsoft Windows NT 10.0.17134.0
- SSH version: OpenSSH_for_Windows_7.6p1, LibreSSL 2.6.4
Issue Description
When Windows 10 updates to 1803, SSH is now native on windows and SSH-AGENT is now a windows service.
Posh-Git only currently works with SSH installed as part of the Git tools.
The effect is Start-SshAgent -Quiet will ask you to enter a password every time you start a console session and git will ask you to enter your password as the ssh-agent's are conflicting.
If you need to get git working with the new SSH
http://adamralph.com/2018/05/15/windows-10-version-1803-broke-my-git-ssh/
Fun times :)
Yup, see the latest on #575 Actually, I prefer the new ssh support as I can use VS now without having to start it from PowerShell. We're also considering removing the ssh support in posh-git to another module.
This is going to keep coming up now that it's shipping with Windows, so we need to teach Start-SshAgent to be smarter about this. There's a good framework for this in #575 (comment). I would add to that that we should just Start-Service if the service is registered but not running; that's what our command is named, after all.
We're also considering removing the ssh support in posh-git to another module.
With Windows moving toward OpenSSH being in the box, and Git for Windows likely to handle this better in the future (git-for-windows/git#1683, git-for-windows/git#1556), we may be able to just punt altogether on spinning out another module. Just drop the helpers from 1.0 and assume folks can figure it out?
On a system like Windows 10 1803, with OpenSSH installed or earlier version of Windows where you can install OpenSSH from here - I'm thinking maybe we just remove the helpers.
The helpers are pretty simply replaced on such systems:
Add-SshKey -> ssh-add
Get-SshAgent -> Get-Process ssh-agent | Foreach Id
Get-SshPath -> ~\.ssh\<file>
Start-SshAgent -> Start-Service ssh-agent
Stop-SshAgent -> Stop-Service ssh-agent
I was getting this message and I went into look at the local services and the actual "OpenSSH Authentication Agent" service was disabled. Maybe the 1803 update disabled it, but I'm not sure. I set the service to automatic and now all is fine.
On my one test PC, every single, new Windows 10 Insiders build, disables the service so I have to configure/start it after each install. :-(
Opened #586 to address this.
@dahlbyk should this now be under the 0.8 milestone?
I have the same problem on a Windows 10 Pro, v.1803 and Open SSH Service set to Automatic.
Every time I open a VSCode terminal or Powershell it prompts again for the password.
Is there a workaround to still use posh-git, as it's quite an annoying thing?
@sebid Yes, the workaround for now is to explicitly unset the ssh variables. Edit your profile and add the following after you import posh-git:
[System.Environment]::SetEnvironmentVariable("SSH_AUTH_SOCK", $null)
[System.Environment]::SetEnvironmentVariable("SSH_AGENT_PID", $null)
(Makes sure you're not also calling Start-SshAgent)
You'll also need to make sure that you configure git to use use the new openssh if you haven't already:
git config --global core.sshCommand C:/Windows/System32/OpenSSH/ssh.exe
This is already fixed in the repo ready for the 0.8 release.
Thank you. if 0.8 is in the pipeline I can wait for a release :)
Thanks for the quick fix!
@JeremySkinner I had a new dev try this yesterday and we couldn't get it to work with OpenSSH:
git config --global core.sshCommand C:/Windows/System32/OpenSSH/ssh.exe
We reverted back to using the env var and that worked. Any idea what we might have been doing wrong? We verified the path was correct. We try both forward and backward slashes.
@rkeithhill hm strange, this is what I have in my .gitconfig which is working:
sshCommand = "C:/Windows/System32/OpenSSH/ssh.exe"
Could it be that it needs the quotes?
Oh and I assume that the service was started? :D
It had quotes because the path is under C:\Program Files. We used chocolatey to install the OpenSSH pkg. The service was started. I'll keep playing with this to see if we can figure out the magic syntax. :-)
OK, this works when your path has spaces in it:
git config --global core.sshCommand "'C:/Program Files/OpenSSH/ssh.exe'"
From https://help.github.com/articles/associating-text-editors-with-git/ This also works when you need to specify parameters to ssh like we do:
git config --global core.sshCommand "'C:/Program Files/OpenSSH/ssh.exe' -c aes128-cbc"
My recommendation: Remove the buggy windows component (which since Windows 10 1803 is installed by default), using PS as admin
Get-WindowsCapability -Online | Where Name -like "*OpenSSH*" | Remove-WindowsCapability -Online
This will remove the need to specify paths.
Well that will only remove it if you enabled the optional component. Most folks really should be installing the latest OpenSSH bits using Chocolatey. The Chocolatey pkg has been keeping up with bug fixes and is several revs ahead of what you get with the optional component.
FWIW I've been using this with Git for the past ~8 months and it's been working fine.
@rkeithhill Installing latest version of poshgit on windows 10 1803 or later will give you this bug since the "optional component" is installed by default and overrides any other openssh client in path, so uninstalling it is required unless you want to keep forcing alternative paths to OpenSSH, I'm sure that is fine.
But I rather not have Microsofts version of OpenSSH on my system at all.
since the "optional component" is installed by default
Hmm, I'm not seeing that on the systems on our dev team. The nature of being "optional" is that you have to go out of your way to install/enable it. That said, if you don't want the Microsoft version of OpenSSH that's fine too. :-)
The nature of being "optional" is that you have to go out of your way to install/enable it.
Again, it is installed by default on 1803 (or at least when upgrading from 1709 to 1803), and optional means "not required" and has nothing to do with if it is installed on a standard installation or not ;)
Thank you for a great module.
I'm running into the same issue but only after upgrading to Git 2.20.0. I've tried all the solutions above with no luck (forcing git to use OpenSSH, starting the services). The only solution I have at the moment is to remove posh-git from my profile altogether. I have also tried to import the module manually by cloning the master but that didn't help either. Any idea on when v0.8 will be released with this fix?
PS: I apologize if this has already been answered!
Just importing posh-git should have no effect on accessing Git via SSH. Are you using the Start-SshAgent and Add-SshKey commands? FWIW I upgraded to 2.20.0 and I'm not seeing any problems. Of course, I use the built-in OpenSSH support and not the SSH commands from this module.
Hi @rkeithhill, I'm not using any of the SSH commands. Just importing the posh-git module in my profile causes the CLI to hang indefinitely on startup. The posh-git version I've been using was v1.0.0.-beta2 and the reason I thought it had something to do with Git 2.20.0 was it was working fine before when I had Git 1.19.1 and previous versions.
I was able to resolve this by upgrading to Git 2.20.1 which was released today. To be honest, I'm not sure if something else got messed up but hey it works which makes me happy. I apologize if I wasted everybody's time with this. Thanks @rkeithhill for taking a look!
No problem. Glad 2.20.1 resolved it but after looking at the 2.20.1 release notes, I'm not sure why it fixed it.
@rkeithhill yeah me neither as it was a minor update with new version of cURL but just glad that it works now. Probably something else got messed on my machine and was jut a coincidence.
Pretty sure this issue is the same problem I'm having... Git Bash is remembering my key passphrase correctly, but I tend to use Powershell for most tasks which refuses to remember anything.
In Powershell, if I run git pull the git command is showing me the ubuntu bash path
Enter passphrase for key '/c/Users/graha/.ssh/id_rsa':
If I run ssh-add -l my ssh-agent (also in Powershell) is looking for the Windows C:\ path
2048 SHA256:...... C:\Users\graha.ssh\id_rsa (RSA)
It's like git on my computer is using the wrong ssh agent?
Looking at the start ssh agent commands I have available:
If I run start-ssh-agent, Git bash runs and it basically turns my Powershell window in to a strange git bash. Command location: C:\Program Files\Git\cmd\start-ssh-agent. This works and remembers my password.... but doesn't look like powershell anymore.
If I run Start-SSHAgent posh-git fires off ssh-agent from C:\WINDOWS\System32\OpenSSH\ssh-agent.exe
So posh-git is using System32/OpenSSH... I have run:
git config --global core.sshCommand "'C:\WINDOWS\System32\OpenSSH\ssh.exe'"
Still no luck, git is using /c/Users/... but when I git pull it asks me to enter the passphrase for c:/Users/...
Edit: Solved
I updated my "Git for Windows" to the latest version and it's now working correctly with the inbuilt ssh-agent. Hooray! I guess when I installed Git originally none of this was a problem...
https://git-scm.com/download/win
Before: git version 2.9.x
After: git version 2.20.1.windows.1
Also, you can just run the new installer over the top, which is nice!
https://stackoverflow.com/a/39704331/2366062
One of the things I noticed today is that the version of ssh.exe that get's reference depends on your system Path. I recently updated Git For Windows and as a part of it's process it removed it's Path entries and re-added them. When this happened, the Git For Windows path entries were at the end of the path, after %SYSTEMROOT%\System32\OpenSSH\. This caused the built in OpenSSH version of ssh.exe to be used throughout the system instead of the ssh.exe provided by Git For Windows.
As a result of this change in Path precedence I noticed myself dealing with some issues. (For example, specifying the coreSshCommand was something I thought I had to do). In addition to this, the built in ssh.exe doesn't appear to support SSH tunneling, which is something I rely on. This caused other confusing issues.
After all was said and done I realized that I simply needed to re-adjust my system Path. I placed the entries for the Git For Windows binaries first... and everything went back to working normally. No need for specifying a coreSshCommand, resetting environment variables, or anything else. Simply adjusting the order in the system Path was enough to fix all my problems.
I will point out though that if you can use the built-in SSH and ssh-agent, it will A) remember your SSH key passwords across reboots and B) the ssh-agent Windows service will be available to all process - not just processes launched from the same PowerShell process that started the ssh agent that comes with Git for Windows. This is handy for GUI applications like Visual Studio which are typically launched from the Start menu or taskbar and not from a PowerShell console.
So posh-git is using System32/OpenSSH... I have run:
git config --global core.sshCommand "'C:\WINDOWS\System32\OpenSSH\ssh.exe'"
This is the important bit that I needed after a fresh install using a scoop install of git.
Edit: I found out this was already answered above: #583 (comment), with a better approach.
An alternative approach to those who installed OpenSSH in your Program Files or any other folder with spaces in them: use the old Windows names:
git config --global core.sshCommand "C:\Progra~1\OpenSSH\ssh.exe"
Also, this comment #583 (comment) is actually very important - using the Win32-OpenSSH (https://github.com/PowerShell/Win32-OpenSSH/wiki/Install-Win32-OpenSSH) package is a better way as outlined in the comment above. You can share your keys between Windows and WSL too! I've moved it to the top of my path ๐
Given that we have split out SSH support into a separate module posh-sshell, please use that module for SSH support and submit issues related to SSH to https://github.com/dahlbyk/posh-sshell.