[英]VS Code / Bitbucket / SSH - Permission denied (publickey)
I'm trying to access bitbucket via ssh from vscode but always get permission denied (publickey) .我正在尝试通过 ssh 从 vscode 访问 bitbucket,但总是获得权限被拒绝 (publickey) 。
SSH key(s) are located under ~\.ssh\
, public key(s) are correctly setup in bitbucket/settings/security/sshkeys
. SSH 密钥位于
~\.ssh\
下,公钥在bitbucket/settings/security/sshkeys
中正确设置。 The keys are tested and do work!密钥已经过测试并且可以正常工作!
After booting, I can access my repository without problems from the windows command prompt and powershell but NOT from git bash or from vscode.启动后,我可以从 windows 命令提示符和 powershell 访问我的存储库而不会出现问题,但不能从 git bash 或 vscode 访问。 Manually setting up ssh in git bash and starting vscode works though:
在 git bash 中手动设置 ssh 并启动 vscode 可以:
eval $(ssh-agent)
ssh-add /c/Users/username/.ssh/privatekey
code
My environment:我的环境:
For me the problem boils down to one question: Why is vscode not using windows native, correctly setup ssh service and instead relying on git bash ssh agent?对我来说,问题归结为一个问题:为什么 vscode 不使用 windows native,正确设置 ssh 服务,而是依赖 git bash ssh 代理?
Disclaimer: I spent hours reading threads about this topic and fiddling with settings.免责声明:我花了几个小时阅读有关此主题的主题并摆弄设置。 I suspect the problem to be related to the delayed deployment of network drives under Windows10 (a known issue).
我怀疑这个问题与 Windows10 下网络驱动器的延迟部署有关(一个已知问题)。 My windows group policy is set to wait for the network on boot/login.
我的 Windows 组策略设置为在启动/登录时等待网络。
Windows 10 allows using all default OpenSSH tools. Windows 10 允许使用所有默认的 OpenSSH 工具。 However, git was throwing permission denied for every time when I tried to clone repositories from Github, Gitlab or Bitbucket over SSH.
但是,每次我尝试通过 SSH 从 Github、Gitlab 或 Bitbucket 克隆存储库时,git 都会抛出权限被拒绝。 You need to perform a few tweaks to make it work.
您需要进行一些调整才能使其正常工作。
Get-Service -Name ssh-agent | Set-Service -StartupType Manual
ssh-agent
ssh-add
git config --global core.sshCommand C:/Windows/System32/OpenSSH/ssh.exe
In case someone is looking for an answer in mac万一有人在mac中寻找答案
ssh-agent
ssh-add
, after this command add your passphrase ssh-add
,在此命令之后添加您的密码
In addition to the answer from Alexandr Pilgun some additional information that made the difference for me.除了 Alexandr Pilgun 的回答之外,一些额外的信息对我产生了影响。
At step 4 I needed to provide double backslashes.在第 4 步,我需要提供双反斜杠。 VSCode complained that it could not find the ssh.exe.
VSCode 抱怨找不到 ssh.exe。 Using the double backslashes looks like this:
使用双反斜杠如下所示:
git config --global core.sshCommand C:\\Windows\\System32\\OpenSSH\\ssh.exe
I am using Windows 10.0.19042 Enterprise我正在使用 Windows 10.0.19042 企业版
I've had this for sooo long, and finally got to the bottom of it!我有这个太久了,终于明白了!
Note, I'm on Windows 10.请注意,我使用的是 Windows 10。
There are quite a few things that can be wrong.有很多事情可能是错误的。 Some of those are fixed in the other answers.
其中一些在其他答案中是固定的。 Also over course of time and various VSCode versions (or VS or GitHub Desktop or other programs using git), it has been different.
此外,随着时间的推移和各种 VSCode 版本(或 VS 或 GitHub Desktop 或其他使用 git 的程序),情况也有所不同。 An update to OpenSSL (which is automatic) was also the culprit once.
OpenSSL 的更新(这是自动的)也曾是罪魁祸首。 In short, it's a mess to figure out what's going on.
简而言之,弄清楚发生了什么是一团糟。
I've got two more points to add that you could debug to figure out what's going on:我还有两点要补充,您可以调试以弄清楚发生了什么:
PATH
PATH
相关的SSH_AUTH_SOCK
SSH_AUTH_SOCK
相关What we need to verify is that the git.exe
used by your IDE is the same one you talk to on the terminal.我们需要验证的是,您的 IDE 使用的
git.exe
与您在终端上交谈的那个 git.exe 是同一个。
Whenever you're in Git Bash for Windows ("Bash" from now on), the PATH
is different from the global PATH
, as Bash inserts some paths, in my case每当您在 Windows 的 Git Bash 中(从现在开始为“Bash”)时,
PATH
与全局PATH
不同,因为在我的情况下,Bash 会插入一些路径
/mingw64/bin
/usr/bin
$HOME/bin
(note that the paths starting with /
are automatically prepended with the git installation folder, which by default is C:\Program Files\Git
). $HOME/bin
(请注意,以/
开头的路径会自动添加 git 安装文件夹,默认情况下为C:\Program Files\Git
)。 This can cause Bash and the IDE to resolve different git.exe
, as PATH
is used for that (and ssh.exe
and ssh-add.exe
).这可能会导致 Bash 和 IDE 解析不同的
git.exe
,因为PATH
用于此(以及ssh.exe
和ssh-add.exe
)。 When I start my IDE, vscode in my case, it uses Windows' PATH to resolve git.exe
and it found (in my setup) C:\Program Files\Git\cmd\git.exe
.当我启动我的 IDE(在我的情况下为 vscode)时,它使用 Windows 的 PATH 来解析
git.exe
并找到(在我的设置中) C:\Program Files\Git\cmd\git.exe
。 That's really unfortunate, because in the Bash terminal it finds /mingw64/bin/git.exe
.这真的很不幸,因为它在 Bash 终端中找到
/mingw64/bin/git.exe
。 You can find VSCode's git version from the very first line in the Git log in the Output panel.你可以在输出面板的 Git 日志的第一行找到 VSCode 的 git 版本。 The bash one simply by running
which git
or where git
(the latter will show you all of them on PATH
). bash 一个只需运行
which git
或where git
(后者将在PATH
上显示所有这些)。
I standardized on using the git in mingw64
by adapting the PATH
accordingly.我通过相应地调整
PATH
来标准化在mingw64
中使用 git。
Now if you have your ssh-agent
enabled, you enter your passphrase in the terminal you might expect that from then on your IDE can resolve the passphrase too, as they use the same git.exe
and thereby the same ssh.exe
and ssh-add.exe
.现在,如果您启用了
ssh-agent
,则在终端中输入您的密码,您可能希望从那时起您的 IDE 也可以解析密码,因为它们使用相同的git.exe
,因此使用相同的ssh.exe
和ssh-add.exe
。
The only thing that's truly important for any terminal or IDE to communicate with the ssh-agent
is that it knows about it.对于任何终端或 IDE 与
ssh-agent
通信来说,唯一真正重要的是它知道它。 That's solely conferred by the environment variable SSH_AUTH_SOCK
(see the source code ).这完全由环境变量
SSH_AUTH_SOCK
赋予(参见源代码)。 If your IDE or terminal doesn't know about this environment variable, it's not going to find the passphrase in the ssh-agent
.如果您的 IDE 或终端不知道此环境变量,它不会在
ssh-agent
中找到密码。
It's important to realize how this environment variable is communicated among various programs.重要的是要了解这个环境变量是如何在各种程序之间进行通信的。 This is why many answers on SO will write it to a file
~/.ssh/agent.env
and will read that on every bash terminal.这就是为什么 SO 上的许多答案会将其写入文件
~/.ssh/agent.env
并在每个 bash 终端上读取的原因。 But this has no effect on IDEs.但这对 IDE 没有影响。 This also is not a great solution if you combine it with Powershell:
如果将它与 Powershell 结合使用,这也不是一个很好的解决方案:
.env
file so bash wouldn't know about the ssh-agent.env
文件,所以 bash 不会知道 ssh-agent
-StartupType Automatic
has no affect in the terminal-StartupType Automatic
在终端中没有影响.env
file, so it doesn't know about the bash-instantiated ssh-agent
.env
文件中读取,因此它不知道 bash 实例化ssh-agent
You could confirm that this is in fact the issue by starting your IDE with the environment variable set, for instance by contrasting您可以通过使用环境变量集启动 IDE 来确认这实际上是问题所在,例如通过对比
code ./your-project
(which gives permission-denied) with code ./your-project
(拒绝许可)export SSH_AUTH_SOCK=/tmp/ssh-...your/agent...; code ./your-project
export SSH_AUTH_SOCK=/tmp/ssh-...your/agent...; code ./your-project
(which doesn't give permission denied, assuming ssh-client
is up and populated, ie ssh-add
has been called elsewhere). export SSH_AUTH_SOCK=/tmp/ssh-...your/agent...; code ./your-project
(假设ssh-client
已启动并已填充,即ssh-add
已在其他地方调用),则不会拒绝授予权限)。 You can find the socket of your agent by running ssh-agent
, it'll print it (otherwise you haven't started it or added your passphrase yet).您可以通过运行
ssh-agent
找到代理的套接字,它会打印它(否则您还没有启动它或添加您的密码)。 I'm just concluding along the way that ssh-agent
is a binary that prints an executable bash, hence you can do eval `ssh-agent`
.我只是在总结
ssh-agent
是一个打印可执行 bash 的二进制文件,因此您可以执行eval `ssh-agent`
。
Now the question is how you can get your VSCode to know about SSH_AUTH_SOCK
.现在的问题是如何让 VSCode 了解
SSH_AUTH_SOCK
。 There are some ways listed above (and eg this ), and those have worked for me sometimes, but not always/currently.上面列出了一些方法(例如this ),这些方法有时对我有用,但并非总是/当前。 I also don't see how that would work.
我也看不出这将如何工作。 Let me know if you do.
如果你这样做,请告诉我。
If you start vscode from the terminal which exports SSH_AUTH_SOCK
, then it'll have access to the ssh-agent
, but if you start vscode from the start menu or another shortcut, yeah, then it's not going to have the environment variable.如果您从导出
SSH_AUTH_SOCK
的终端启动 vscode ,那么它将可以访问ssh-agent
,但如果您从开始菜单或其他快捷方式启动 vscode ,是的,它不会有环境变量。 You can't really make it a global environment variable in the System Environment at system startup because the value is assigned too late: only when running the ssh-agent.您不能在系统启动时真正将其设置为系统环境中的全局环境变量,因为该值分配得太晚:仅在运行 ssh-agent 时。
So currently I do just that.所以目前我就是这样做的。 I restart vscode from the vscode terminal.
我从 vscode 终端重新启动 vscode。 That's not really satisfactory.
这并不令人满意。 I'm considering changing the shortcut.
我正在考虑更改快捷方式。 One last question I have, to anyone who come so far: how is an IDE supposed to know about the
SSH_AUTH_SOCK
environment variable?对于到目前为止的任何人,我的最后一个问题是:IDE 应该如何了解
SSH_AUTH_SOCK
环境变量? I don't see it.我没看到。 VSCode doesn't seem to run
~./bashrc
on startup, only for the terminals. VSCode 似乎没有在启动时运行
~./bashrc
,仅适用于终端。 Maybe this is behavior that varies over the VSCode versions?也许这是随 VSCode 版本而变化的行为?
Last things you could just: make sure your environment variables GIT_SSH
and GIT_SSH_COMMAND
are empty (that you haven't played with them, and forgotten about that).你可以做的最后一件事是:确保你的环境变量
GIT_SSH
和GIT_SSH_COMMAND
是空的(你没有玩过它们,并且忘记了这一点)。 Same goes for the git config sshCommand
. git config
sshCommand
。 (I have mine pointed to C:/Program\\ Files/Git/usr/bin/ssh.exe
). (我的指向
C:/Program\\ Files/Git/usr/bin/ssh.exe
)。
On Windows, I have to launch VS Code from bash.在 Windows 上,我必须从 bash 启动 VS Code。
> code
Then it inherits what I've got in .bashrc to load ssh agent with the keys I use.然后它继承我在 .bashrc 中的内容,用我使用的密钥加载 ssh 代理。 Slight inconvenience, but I usually have bash open as well if I'm working in VS Code anyway.
有点不便,但如果我在 VS Code 中工作,我通常也会打开 bash。
This is what JBSnorro has described in much more detail above.这就是 JBSnorro 在上面更详细地描述的内容。
Bottom of this page kind of recommends this approach: https://code.visualstudio.com/Docs/editor/versioncontrol此页面底部推荐这种方法: https ://code.visualstudio.com/Docs/editor/versioncontrol
You can also, "Open in Terminal" your folder in VSCODE.您也可以在 VSCODE 中“在终端中打开”您的文件夹。
And from there you can continue pushing your updates git push origin master
then it asked for passphrase just type it and enter and then it will continue.从那里你可以继续推送你的更新
git push origin master
然后它要求输入密码短语并输入它然后它会继续。
I hope that this help some of you to quickly solve the problem.我希望这可以帮助你们中的一些人快速解决问题。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.