Git Bash and Pageant are not using keys

Question

I've got Git for Windows (configured for MinTTY and PuTTY\plink.exe) and PuTTY installed, and I am trying to get it to work with a Bitbucket repository. I've got my SSH key loaded, in Pageant and on the website, and yet whenever I attempt to do anything that requires pulling/pushing:

Permission denied (publickey).
fatal: Could not read from remote repository.

Please make sure you have the correct access rights
and the repository exists.

When I run the suggested ssh -v [email protected] it uses id_rsa but none of my other keys in ~/.ssh. Trying to use ssh-add ~/.ssh/bitbucket_rsa results in:

Could not open a connection to your authentication agent.

I've read about configuring PuTTY to allow forwarding, but that's usually where the advice ends, so I just set this option for the default session and saved it there.

I've run ps to check which applications were running, and ssh-agent was not among them. Running eval 'ssh-agent' starts the daemon, but it makes no difference.

Answer 1

This is what ended up working for me.

BTW, I do have Bash on Windows as well, but I don't think that matters.

I had Sourcetree installed and pointed at its folder with plink.exe, puttygen.exe, & pageant.exe. You could also download and install these separately as well.

Configure Windows Environment Variable

1. Type Environment into your Windows 10 search bar. Otherwise, open up System Properties / Advanced System Settings and find your Environment Variables.
2. Add a new System variable
   • Variable Name: GIT_SSH
   • Variable Value: full path to plink.exe file (you may also have pageant.exe and puttygen.exe in the same folder).

     • Mine was: C:\Program Files (x86)\Atlassian\SourceTree\tools\putty\plink.exe

     • Note: Newer versions of Sourcetree seem to install ot %localappdata%. The tools are located at %localappdata%\SourceTree\app-x.x.x\tools\putty

     • Note: The newer Sourcetree (v2 on Windows) uses versioned directories, so every time you update it, you'll have to update this which is a pain. It is best to just make a copy of plink.exe and put it somewhere that's not going to change.

     • If you have any of the above programs running you can always open up task manager, find the process, and open up the folder location to get the path to plink.exe.

Profit

Make sure to restart your terminals so that they get the updated environment variables. For me, I was running Bash for my integrated terminal within Visual Studio Code, so I had to restart Visual Studio Code. It would have surely been acceptable to close the integrated terminal and open a new one, but I also wanted the built in git functionality in Visual Studio Code to work as well.

Note

Given that I have Sourcetree installed I was able to use its interface to clone down out of Bitbucket and push through its interface, but trying through terminals was not working, because they were using a different credential set.

Another interesting thing to point out is that if you navigate into your project's git configuration located at: ./.git/config, you could swap out your remote from using SSH to HTTPS. You can grab the following values from your Overview on your Bitbucket repository.

• ssh layout: [email protected]:USERNAME/REPO_NAME.git
• https layout: https://[email protected]/USERNAME/REPO_NAME.git

I noticed while using HTTPS on Windows 10 it then will use the Windows Credential Manager (I tried adding my credentials to it while trying to figure this out myself, but I was still using SSH so it didn't matter) When you go to interact with the remote repository it will prompt you for your credentials and store them for later use in Windows Credential Manager :)

Hopefully one of these methods will work out for you. The HTTPS method will skip the whole SSH key generation and pushing it up into Bitbucket, but it feels more secure and portable for me.

Mac OS

You may need to add your key to the keychain especially if you're using Visual Studio Code and have a passphrase on your key (currently Visual Studio Code will not allow you to type in a passphrase).

ssh-add -K ~/.ssh/id_rsa

https://help.github.com/articles/generating-a-new-ssh-key-and-adding-it-to-the-ssh-agent/#adding-your-ssh-key-to-the-ssh-agent

Additions

I'm not sure if these may be helpful for someone, but I've been following getting SSH support into Visual Studio Code for Windows: https://github.com/Microsoft/vscode/issues/13680.

• https://github.com/PowerShell/openssh-portable
• https://github.com/rupor-github/ssh-agent-wsl

Answer 2

You are mixing things up.

PuTTY and Pageant are not compatible with OpenSSH tools and can't communicate together. PuTTY can't read keys from your OpenSSH agent and OpenSSH can't read the keys from Pageant. The key format is also different. That is a bad thing in this world, but there is no solution on the horizon.

Also "agent forwarding" is something different than "using agent".

If you set up Git with plink (make sure you really did), check if your Pageant is running and if the option "Attempt authentication using Pageant" is checked in your stored profile in PuTTY under Connection → SSH → Auth.

If it will not resolve your problems, post some debug log from PuTTY.

Answer 3

You don't need PuTTY to work with Bitbucket in ssh: the OpenSSH version (C:\prgs\git\PortableGit-2.7.0-64-bit\usr\bin\ssh.exe) packaged in git-for-windows works just fine.

Make sure that, in your current shell session, you have HOME set to %USERPROFILE% (a PortableGit-2.7.0-64-bit\git-cmd.exe is enough to open a regular CMD properly configured).

Create a file named config in %USERPROFILE%\.ssh (as in step 3 of the Atlassian documentation):

Host bitbucket.org
 IdentityFile ~/.ssh/bitbucket_rsa

(You can also use "/C/path/to/bitbucket_rsa".)

That allows to use an SSH URL like bitbucket.org:user/repo. Test it with ssh -Tv bitbucket.org (after adding your public key to your Bitbucket account, of course).

Note: ssh-agent is only needed if your private key is passphrase-protected.

Update 2018, two years later: "Say Farewell to PuTTY as Microsoft adds an OpenSSH Client to Windows 10". It is really time to ditch putty aside: no need for a different (ppk) key format and proprietary solution, now that OpenSSH is officially distributed as a Windows feature (in beta for now, Q1 2018).

Answer 4

For future googlers,

Just do like what @CTS_AE said or you can just run this in elevated powershell

[Environment]::SetEnvironmentVariable("GIT_SSH", "$(Get-Command PLINK.EXE)", "Machine")

You will need to restart your shell.

To set try it immediately in the current Powershell instance without restarting:

${env:GIT_SSH}="$(Get-Command PLINK.EXE)"

Answer 5

To access SSH keys loaded in Pegeant from Git Bash, that comes with Git on Windows, you can use this program. The installation process is described on the linked page.

Answer 6

What worked for me with Git Bash for Windows 7: convert .pkk file to OpenSSH format:

https://www.simplified.guide/putty/convert-ppk-to-ssh-key

Add generated key to IdentityFile .ssh/config at Git Bash, for example:

Host repository
     # My converted OpenSSH key
     IdentityFile /c/Users/me/open-ssh.pri

     # This repository server uses a specific name, not usually needed.
     User git

     # This repository server uses a specific port, not usually needed
     Port 8322

     # Repository server full name
     Hostname repo.server.com

Answer 7

Ensure that you have cloned your repository using the ssh url no the http url

To check, use git origin --remote -v

In case if the remote url is an http url like the following

origin  https://[email protected]/username/repo.git

change the remote url using the git remote set-url origin command, for example:

git remote set-url origin [email protected]:username/repo.git