I have a codespace provided by CS50. I want to ssh into it using my local terminal. I installed github-cli.
When I run gh cs list It shows the codespace :
NAME DISPLAY NAME REPOSITORY BRANCH STATE CREATED AT
roshanpaudel111-literate-space-sniffle-g6x64ww79x9cvgg9 literate space sniffle code50/65642985 main Available 6d
But when I try to ssh into it using this command gh cs ssh roshanpaudel111-literate-space-sniffle-g6x64ww79x9cvgg9, it shows the following output:
? Choose codespace: code50/65642985 (main): literate space sniffle
ubuntu#localhost: Permission denied (publickey,password).
shell closed: exit status 255
How can I solve this issue?
The whole process looks like this :
linux#linux ~ $ gh cs list
NAME DISPLAY NAME REPOSITORY BRANCH STATE CREATED AT
roshanpaudel111-literate-space-sniffle-g6x64ww79x9cvgg9 literate space sniffle code50/65642985 main Available 6d
linux#linux ~ $ gh cs ssh roshanpaudel111-literate-space-sniffle-g6x64ww79x9cvgg9
? Choose codespace: code50/65642985 (main): literate space sniffle
ubuntu#localhost: Permission denied (publickey,password).
shell closed: exit status 255
linux#linux ~ [1] $
Double-check the format of the private key you registered in GitHub Codespaces.
It should start with -----BEGIN OPENSSH PRIVATE KEY----- and ends with -----END OPENSSH PRIVATE KEY----- (meaning a non-encrypted private key)
The EOL (end of lines) used in that file should be LF (not the Windows CRLF), although if you copy-pasted its content directly, it should be fine.
See also the process followed in cs50/codespace issue 62.
The OP Rosan Paudel adds in the comments:
I think it works with the codespaces that we create manually.
I was trying to ssh into a codespace that is provided by cs50 which is in my repository.
Whenever I run update50 it screws up everything. So I have to backoff doing any tweaks.
After a fresh Linux install I'm trying to set up my environment and I keep getting the Git: gpg failed to sign the data error upon committing changes locally. I'm using Visual Studio Code, proprietary, not opensource version.
.gitconfig:
[user]
name = djweaver-dev
email = djweaver#djweaver.dev
signingkey = 37A0xxxx...
[core]
excludesfile = /home/dweaver/.gitignore_global
[commit]
gpgSign = true
yikes. furthermore I can't find a way to copy the output log nor can I find where that log is so here is a pic:
Steps I have taken so far:
generated new key (RSA 4096) in gnugp
added signing key to global .gitconfig
set "git.enableCommitSigning": true in Visual Studio Code settings
cloned my repo from github
Typically when I commits in the past I would get a dialog box requesting GPG authentication upon commit. I do not get this now, just the error dialog.
UPDATE: Okay now I'm really confused. I restarted vscode (not the first time I've done this in this process) and voilà, it works. Only thing I can think of is maybe I biffed the directory somehow? Either way, it works now.
UPDATE: Oddly, I'm back to this same issue almost a month later after a fresh arch install. I've tried everything that I've been able to find on this site, and nothing works.
I've tried adding export GPG_TTY=$(tty) to .bash_profile, and also .bashrc
Git log:
Looking for git in: git
Using git 2.26.2 from git
> git rev-parse --show-toplevel
> git rev-parse --git-dir
Open repository: /home/dw/dev/website
> git status -z -u
> git symbolic-ref --short HEAD
> git rev-parse master
> git rev-parse --symbolic-full-name master#{u}
> git rev-list --left-right master...refs/remotes/origin/master
> git for-each-ref --format %(refname) %(objectname) --sort -committerdate
> git remote --verbose
Failed to watch ref '/home/dw/dev/website/.git/refs/remotes/origin/master', is most likely packed.
Error: ENOENT: no such file or directory, watch '/home/dw/dev/website/.git/refs/remotes/origin/master'
at FSWatcher.start (internal/fs/watchers.js:165:26)
at Object.watch (fs.js:1270:11)
at Object.t.watch (/usr/lib/code/extensions/git/dist/main.js:1:604919)
at T.updateTransientWatchers (/usr/lib/code/extensions/git/dist/main.js:1:83965)
at e.fire (/usr/lib/code/out/vs/workbench/services/extensions/node/extensionHostProcess.js:46:87)
at e.updateModelState (/usr/lib/code/extensions/git/dist/main.js:1:103179)
> git config --get commit.template
> git check-ignore -v -z --stdin
> git check-ignore -v -z --stdin
> git commit --quiet --allow-empty-message --file - -S
error: gpg failed to sign the data
fatal: failed to write commit object
> git config --get-all user.name
> git config --get-all user.email
Same config as last time, user.name and user.email both match each key I've been trying it with... user.signingkey matches. Not sure where else to go with this one, as I've tried it across newly initialized local repos as well as repos that I've pulled from github both with official MS vscode (AUR) and OSS version, in the vscode terminal emulator as well as gnome terminal with same results so it has to be either a git thing or a gnugp thing.
What I have noticed is that after committing without signing, it will work immediately after: I get prompted for my key passphrase the first time, then it works on subsequent commits until a seemingly random number of minutes later, it just doesn't work anymore and the process has to be repeated.
There were a few macos users posting about having a stalled gpg-agent running in the background and it fixed it for them, however, I am seeing:
[dw#dwLinux website]$ gpg-agent
gpg-agent[2870]: gpg-agent running and available
Whats interesting also is that by doing echo "test" | gpg --clearsign I get the same results: it works for a short period of time, then I can't sign anymore.
UPDATE
Okay so day number 2 of trying to fix this. To rule out the gpg-agent theory as described here I followed the instructions on how to reload gpg-agent using the $ gpg-connect-agent reloadagent /bye command demonstrated on the Arch Linux Wiki
This had no effect
So being that I can reproduce this problem across vscode official, oss code, and vscodium, as well as bash, I thought maybe this was a permissions related issue, as so many problems with linux typically are. I added my user to all kinds of groups, including root, and this also had no effect so I think I can safely rule out the following:
VS Code
GnuGP
gpg-agent
Linux permissions
So my next focus was the config files themselves, but as has been stated before the credentials match the key in .gitconfig and my .bash_profile has been correctly configured with export GPG_TTY=$(tty).
An interesting note on this from the official GnuPG docs shows a syntax discrepency between their way, and the way you are instructed to append this to .bash_profile on the GitHub docs here
From GnuPG: "The far most common reason for this is that the environment variable GPG_TTY has not been set correctly. Make sure that it has been set to a real tty device and not just to ‘/dev/tty’; i.e. ‘GPG_TTY=tty’ is plainly wrong; what you want is ‘GPG_TTY=tty’ — note the back ticks. Also make sure that this environment variable gets exported, that is you should follow up the setting with an ‘export GPG_TTY’"
As I understood $(whatever) in bash was to execute a command, but for safe measure I've appended .bash_profile using both ways and neither solved the issue.
One last thing
In this post the user talks about gpg-agent authentication not being available when daemonized and gpg access is being initiated by another application (such as an IDE like VSCode), which explains how I could temporarily sign commits after committing a random file or doing echo "test" | gpg --clearsign and being authenticated... but alas like most other 'solutions' to this topic, they reveal that all they had to do in the end was add export GPG_TTY=$(tty) to their .bash_profile, which I have already tried.
Where to go from here?
I still can't explain why it worked on my previous install, and frankly, not a whole lot has changed afaik. I typically do fresh installs often and keep a pretty minimal arch linux build with lts kernel each time w/base-devel and nodejs/python/git/vscode/firefox/discord is pretty much my entire workflow. I'm all out of ideas.
first make sure to add
export GPG_TTY=$(tty)
in your .bashrc
Apparently VSCode doesn't ask for the passphrase and that's why it gives an error.
I don't know the reason.
My personal solution do a console commit first or run the following line
echo "test" | gpg --clearsign
Edit
In order to avoid typing the passphrase on every commit, you can make GPG remember it for 8 hours or until the next reboot:
mkdir -p ~/.gnupg
echo "default-cache-ttl 28800" >> ~/.gnupg/gpg-agent.conf
GitHub Guide
Maybe git cannot find gpg? That was my problem with working with VSCode and using Remote-Containers to create development containers. Try running this in the Terminal within VSCode (in the container)
git config --global --unset gpg.program
git config --global --add gpg.program /usr/bin/gpg
or wherever your gpg is located. You can find out by typing
which gpg
If that works then you can put it in your Dockerfile for your development container.
I had the same issue a few days ago while using VS Code with WSL. The problem is that VS Code doesn't load the .profile file (and all the environment variables in it) correctly (try to run this command but it doesn't get the correct result: echo $GPG_TTY). Fortunately, setting the "-l" option for shell args in VS Code preferences worked for me. This ensures that the .profile (or .zprofile) file is successfully loaded.
I added these lines to settings.json:
"terminal.integrated.shellArgs.linux": [
"-l"
]
Make sure to add export GPG_TTY=$(tty) in your .profile file and restart your terminal and VS Code.
Update: Since VSCode is deprecating the shellArgs oprion, use
the following snippet as an alternative.
"terminal.integrated.profiles.linux": {
"bash": {
"path": "bash",
"args": ["-l"],
"icon": "terminal-bash"
},
"zsh": {
"path": "zsh",
"args": ["-l"],
},
"fish": {
"path": "fish",
"args": ["-l"],
},
"tmux": {
"path": "tmux",
"args": ["-l"],
"icon": "terminal-tmux"
},
"pwsh": {
"path": "pwsh",
"args": ["-l"],
"icon": "terminal-powershell"
}
},
"terminal.integrated.defaultProfile.linux": "bash"
-l option is added to all terminal profiles above,
delete unused profiles and set your default profile at your wish.
I have same issue, and I have resolved it.
Background
macOS
GPG Suite to generate GPG key
pinentry-mac
How I solve this problem
I saw this answer, and followed it.
Get keys
gpg2 --list-keys
Result
/Users/xxuser/.gnupg/pubring.kbx
---------------------------------
pub dsa2048 2010-08-19 [SC] [expires: 2024-05-11]
85E38F69046BSDFB07B76D78F0500D026C4
uid [ unknown] GPGTools Team <team#gpgtools.org>
uid [ unknown] [jpeg image of size 6329]
sub rsa4096 2014-04-08 [S] [expires: 2024-05-11]
sub rsa4096 2020-05-11 [E] [expires: 2024-05-11]
pub rsa4096 2020-05-04 [SC] [expires: 2024-05-03]
B97E9964ACAD1928300D37CC8A9E3745558E41AF
uid [ unknown] GPGTools Support <support#gpgtools.org>
sub rsa4096 2020-05-04 [E] [expires: 2024-05-03]
pub rsa4096 2021-07-29 [SC] [expires: 2025-07-29]
926E268C01892E8A2FCCD2A101CEB6267272A9A5
uid [ultimate] xxuser <x#xxgolo.com>
sub rsa4096 2021-07-29 [E] [expires: 2025-07-29]
Since x#xxgolo.com is the email that I create secret for, 926E268C01892E8A2FCCD2A101CEB6267272A9A5 is the key code I need.
Let git user this key.
git config --global user.signingkey 926E268C01892E8A2FCCD2A101CEB6267272A9A5
Now it should work.
git commit -S -m "This is a signed commit"
note If you need it to work with Github, you need to add your public GPG key to Github, following this Guide.
Make sure echo "test" | gpg --clearsign runs successfully first before trying the below.
Very helpful to check what git commit is doing under the hood. Run the following commit with GIT_TRACE=1 as follow
GIT_TRACE=1 git commit -S -m "MESSAGE"
This will show what user name, email and key does git uses when committing.
In my case, I found that git was picking up the wrong user's and key details for signing the commit. I mainly intended to use the local config of the repo rather than the global and adding the following to the local git config (located at "REPO_PATH/.git/config") got signing the commit to work both in Terminal and VSCode
[user]
name = USER NAME
email = USER EMAIL
signingKey = SIGNING KEY
It can also be set with the following:
git config --local user.name "USER NAME"
git config --local user.email "USER EMAIL"
git config --local user.signingkey "USIGNING KEY"
I'm not sure if this is too late, but... I did find an immediate solution.
To see what user.name and user.email you have, run:
git config -l
You may notice two entries for user.name. You may have made the same mistake as me! I put my actual name in there instead of GitHub username, and there ended up being two entries of user.name! I just changed the global user.name back to my github username, like so...
git config --global user.name "ghusername"
Next, git commit, and it should work:
git commit -m "<YOUR MESSAGE>"
Let me know if this works for you, I want to know if it's the same problem.
I am trying to SFTP a Debian-7-Wheezy-V20140807 Instance on Google Compute Engine from Windows 7, 64 Bit Client.
Finally my problem got solved using this
Also in Windows I first installed Cygwin and then used set the Environment Variable CLOUDSDK_PYTHON to python instead of C:\python27\python.exe
and finally from cygwin ran this
curl https://sdk.cloud.google.com | bash
All the instructions below are symptoms. First i tried Filezilla, which errors out with message
Status: Waiting to retry...
Status: Connecting to 23.xx.xx.xx..
Response: fzSftp started
Command: open "Abdul#23.236.51.19" 22
Error: Disconnected: No supported authentication methods available (server sent: publickey)
Error: Could not connect to server
User :root
password :
<same as passphrase set up on running SSH key>
I have also tried gcloud compute copy-files
gcloud compute copy-files deccan4-clone:/etc/ssh/ssh_host_rsa_key.pub ssh_host_rsa_key.pub --zone=us-central1-b
ssh_host_rsa_key.pub: **Permission denied
ERROR**: (gcloud.compute.copy-files) exit code 1: /usr/bin/scp -i /home/Abdul/.ssh/google_compute_engine
sudo gcloud compute copy-files deccan4-clone:/etc/ssh/ssh_host_rsa_key.pub ssh_host_rsa_key.pub --zone=us-central1-b
WARNING: You do not have an SSH key for Google Compute Engine.
WARNING: ssh-keygen will be executed to generate a key.
This tool needs to create the directory /root/.ssh before being able
to generate SSH keys.
Do you want to continue (Y/n)? Y
Generating public/private rsa key pair.
Enter passphrase (empty for no passphrase):
Enter same passphrase again:
Your identification has been saved in /root/.ssh/google_compute_engine.
Your public key has been saved in /root/.ssh/google_compute_engine.pub.
The key fingerprint is:
root#deccan4-clone
**ERROR: (gcloud.compute.copy-files) some requests did not succeed:
- Insufficient Permission**
I have also tried
Abdul#deccan4-clone:/home/a_rahman_synergywell_com$ gcloud compute copy-files de ccan4-clone:test.txt test.txt --zone=us-central1-b
scp: test.txt: No such file or directory
ERROR: (gcloud.compute.copy-files) exit code 1: /usr/bin/scp -i /home/Abdul/.ssh
/google_compute_engine -r Abdul#23.236.51.19:test.txt test.txt
Please let me know if I am missing some key setup.
Ok, so I'm trying to configure and install svnserve on my Ubuntu server. So far so good, up to the point where I try to configure sasl (to prevent plain-text passwords).
So; I installed svnserve and made it run as a daemon (also installed it as a startup script with the command svnserve -d -r /var/svn).
My repository is in /var/svn and has following configuration (to be found in /var/svn/myrepo/conf/svnserve.conf) (I left comments out):
[general]
anon-access = none
auth-access = write
realm = my_repo
[sasl]
use-sasl = true
min-encryption = 128
max-encryption = 256
Over to sasl, I created a svn.conf file in /usr/lib/sasl2/:
pwcheck_method: auxprop
auxprop_plugin: sasldb
sasldb_path: /etc/my_sasldb
mech_list: DIGEST-MD5
I created it in that folder as the article at this link suggested: http://svnbook.red-bean.com/nightly/en/svn.serverconfig.svnserve.html#svn.serverconfig.svnserve.sasl (and also because it existed and was listed as a result when I executed locate sasl).
Right after that I executed this command:
saslpasswd2 -c -f /etc/my_sasldb -u my_repo USERNAME
Which also asked me for a password twice, which I supplied. All going great.
When issuing the following command:
sasldblistusers2 -f /etc/my_sasldb
I get the - correct, as far as I can see - result:
USERNAME#my_repo: userPassword
Restarted svnserve, also restarted the whole server, and tried to connect.
This was the result from my TortoiseSVN client:
Authentication error from server: SASL(-13): user not found: unable to canonify
user and get auxprops
I have no clue at all in what I'm doing wrong. I've been scouring the web for the past few hours, but haven't found anything but that I might need to move the svn.conf file to another location - for example, the install location of subversion itself. which svn results in /usr/bin/svn, thus I moved the svn.conf to /usr/bin (although that doesn't feel right to me).
Still doesn't work, even after a new reboot.
I'm running out of ideas. Anyone else?
EDIT
I tried changing this (according to what some other forums on the internet told me to do): in the file /etc/default/saslauthd, I changed
START=no
MECHANISMS="pam"
to
START=yes
MECHANISMS="sasldb"
(Actually I had already changed START=no to START=yes before, but I forgot to mention it). But still no luck (I did reboot the whole server).
It looks like svnserve uses default values for SASL...
Check /etc/sasl2/svn.conf to be readable by the svnserver process owner.
If /etc/sasl2/svn.conf is owned by user root, group root and --rw------, svnserve uses the default values.
You will not be warned by any log file entry..
see section 4 of https://svn.apache.org/repos/asf/subversion/trunk/notes/sasl.txt:
This file must be named svn.conf, and must be readable by the svnserve process.
(it took me more than 3 days to understand both svnserve-sasl-ldap and this pitfall at the same time..)
I recommend to install the package cyrus-sasl2-doc and to read the section Cyrus SASL for System Administrators carefully.
I expect this is caused by the SASL API for the call
result = sasl_server_new(SVN_RA_SVN_SASL_NAME,
hostname, b->realm,
localaddrport, remoteaddrport,
NULL, SASL_SUCCESS_DATA,
&sasl_ctx);
if (result != SASL_OK)
{
svn_error_t *err = svn_error_create(SVN_ERR_RA_NOT_AUTHORIZED, NULL,
sasl_errstring(result, NULL, NULL));
SVN_ERR(write_failure(conn, pool, &err));
return svn_ra_svn__flush(conn, pool);
}
as you may see, handling the access failure by svnserve is not foreseen, only Ok or error is expected...
I looked in /var/log/messages and found
localhost svnserve: unable to open Berkeley db /etc/sasldb2: No such file or directory
When I created the sasldb to the above file and got the permissions right, it worked. Looks like it ignores or does not use the sasl database path.
There was another suggestion that rebooting solved the problem but that option was not available to me.
I have a copy of a repo on my localhost with a saved username / password for the SVN repo.
The problem is that I changed my svn password (and would like to keep it that way) but every time I try to svn commit, it is asking for my GNOME keyring password (which I enter correctly). This is odd in the first place because I never had it ask me this before.
Then, after entering my password to the keyring, I get this error message:
svn: OPTIONS of 'PATH_TO_CHANGED_FILES': authorization failed: Could not authenticate to server: rejected Basic challenge (REPO_URL)
This is happening on 2 repos that I have but a 3rd one is just fine.
When I disable authentication on the server, everything commits just fine and if I try to update / commit from another server, it also works just fine.
I tried adding the following lines to my ~/.subversion/servers:
store-passwords = no
store-plaintext-passwords = no
And I also tried adding the following lines to my ~/.subversion/config:
store-passwords = no
store-auth-creds = no
But those config file changes do nothing.
Is there a way for my localhost svn to forget the username and passwords I have entered for these repos (they were saved before) so I can get back to everything?
I was able to solve this by deleting the keyring file for MATE. It is a bit of a brute way of doing it but it worked. You can delete the keyring file for MATE with the following command:
rm ~/.config/mate/keyrings/*.keyring
I don't know, how to remove stored data from keyring (old pass for repo), but you can try to replace it.
Use in console any SVN command, which will require authentication with additional options
Global options:
--username ARG : specify a username ARG
--password ARG : specify a password ARG
and test repo-communication in usual way after it
About keyring pass-request:
Check settings in ~/.subversion/config, [auth] section for password-stores =
Check settings in ~/.subversion/servers, [global] section for
store-passwords =
store-plaintext-passwords =