Page MenuHomeVyOS Platform
Create Task
Maniphest T7048

SSH Agent is not available for Git commit archive
Closed, ResolvedPublicBUG
Actions

Description

Issue: when the user's ssh keys are password protected, they are prompted for password (twice) when commit-archive is enabled with a git ssh url, even if their ssh keys have been added to an ssh-agent

Expected behavior: user can start an ssh-agent session, enter their password once, and when they commit they are not prompted for ssh.

Reproduction steps:
ssh-keygen (enter a password, do not use generate ssh client-key since it will not make password-protected keys
eval $(ssh-agent)
ssh-add (enter your password)
(add the public key to github)
conf
set system config-management commit-archive location git://git@github.com:<username>/<repo>.git
commit
(you will be prompted for the password twice, once for pull once for push)

Tested on: VyOS 1.5-rolling-202412100007

Planned fix: I made a live change to the GitC#upload method on my test system to add SSH_AUTH_SOCK and SSH_AGENT_PID to the env dictionary that is passed to the git command. I'll add some validation and get a PR put together soon.

EDIT: removed formatting marks from the repro steps

Details

Version
VyOS 1.5-rolling-202412100007
Is it a breaking change?
Perfectly compatible
Issue type
Bug (incorrect behavior)

Related Objects

Event Timeline

xeluior created this task.Jan 14 2025, 4:39 PM
xeluior updated the task description. (Show Details)Jan 14 2025, 4:43 PM
Viacheslav triaged this task as Normal priority.Jan 14 2025, 5:13 PM
pasik subscribed.Jan 14 2025, 5:46 PM
xeluior added a comment.Jan 15 2025, 3:07 PM

PR https://github.com/vyos/vyos-1x/pull/4303

c-po added projects: VyOS 1.5 Circinus, VyOS 1.4 Sagitta (1.4.2).Jan 18 2025, 8:35 PM
Restricted Repository Identity mentioned this in rVYOSONEX245b2b6f09b9: remote: T7048: merge git environment with the os environment.Jan 18 2025, 8:36 PM
Restricted Repository Identity mentioned this in rVYOSONEX4d3e976271e3: Merge pull request #4303 from xeluior/ssh-agent.Jan 18 2025, 8:36 PM
Viacheslav changed the task status from Open to Needs testing.Jan 20 2025, 5:36 PM
Viacheslav assigned this task to xeluior.
yun subscribed.Jan 30 2025, 8:24 PM

Note that if you have configured a Git commit archive backend with a password protected SSH key, it will probably hang if you use the REST API to make and commit changes. This is not a problem if you don’t use the API, but it’s something to be aware of.

Maybe needs a note in the documentation.

dmbaturin closed this task as Resolved.Wed, Mar 12, 3:41 PM
dmbaturin changed Is it a breaking change? from Unspecified (possibly destroys the router) to Perfectly compatible.
dmbaturin moved this task from Backlog to Finished on the VyOS 1.4 Sagitta (1.4.2) board.
dmbaturin moved this task from Open to Finished on the VyOS 1.5 Circinus board.
dmbaturin moved this task from Need Triage to Completed on the VyOS Rolling board.