libgit2sharp icon indicating copy to clipboard operation
libgit2sharp copied to clipboard
verified publisher icon libgit2

failed to start SSH session: unable to exchange encryption keys

Open abdeldjalil-fellah opened this issue 5 years ago • 8 comments 

        var r = new Repository(working);
        r.Network.Remotes.Add("remote", @"[email protected]:user1234/test.git");

        r.Network.Push(r.Network.Remotes["remote"], @"refs/heads/master", new PushOptions
        {
            CredentialsProvider =
            //(url, user, credentials) => new UsernamePasswordCredentials
            //{
            //    Username = "user1234",
            //    Password = "********"
            //}
            (url, user, credentials) => new SshUserKeyCredentials
            {
                Username = "git",
                Passphrase = string.Empty,
                PublicKey = @"C:\Users\me\.ssh\gitlab.pub",
                PrivateKey = @"C:\Users\me\.ssh\gitlab"
            }
        });

both UsernamePasswordCredentials and SshUserKeyCredentials (openssh keys already added to gitlab) give:

failed to start SSH session: unable to exchange encryption keys

abdeldjalil-fellah avatar Jul 15 '20 19:07 abdeldjalil-fellah

LibGit2Sharp does not support SSH.

bording avatar Jul 15 '20 19:07 bording

LibGit2Sharp does not support SSH.

will it support SSH soon?

abdeldjalil-fellah avatar Jul 16 '20 07:07 abdeldjalil-fellah

No, the official packages are unlikely to ever support it. We would have to ship SSH libraries as part of our packages, and that's not something we're interested in doing. There's far too many maintenance and security burdens involved if we did that.

If you want to use LibGit2Sharp, you'll need to use HTTPS instead of SSH.

bording avatar Jul 16 '20 14:07 bording

I think that the realistic way to support this is to build the ability for libgit2 to understand how to talk to /usr/bin/ssh (or ssh.exe). This would be an opt-in experience for people using the library, obviously. Depending on libssh2 is probably fine for many people, but I think that most users just want ssh to work like it does with git. https://github.com/libgit2/libgit2/pull/5507

ethomson avatar Jul 16 '20 16:07 ethomson

If libgit2 did implement that kind of change, then yeah LibGit2Sharp could definitely take advantage of that.

Until something like that happens, though, HTTPS is going to be the only supported protocol.

bording avatar Jul 16 '20 17:07 bording

Strongly agree - you shouldn't (can't, realistically) be the security response team for somebody else's product.

ethomson avatar Jul 16 '20 19:07 ethomson

libgit2 libraries for other languages (e.g. nodejs) support SSH. Lacking this feature is a significant limitation.

michaelkruglos avatar Dec 17 '21 06:12 michaelkruglos

I haven't dug through the code, but what about defining an interface for SSH operations? Users can implement the interface then hand it over to LibGit2Sharp and have it route all SSH operations through the provided interface instance.

That way y'all don't have to ship another library with it and those who need it can add it on and still use all the wonderfulness this library has to offer.

KeyPuncher avatar Apr 14 '23 23:04 KeyPuncher