0

I have a web app that launches PowerShell to run git.

I have my local IIS configured to run as my own user account. The app pool is configured to use my account, and the process model has both loadUserProfile and setProfileEnvironment set to true.

The problem is that the git command is behaving differently in IIS vs IIS Express. The git config --show-origin -l lists out identical settings from identical locations in both environments, so the settings both instances are using appear to be the same. Even though the same code is running is both places, the git fetch command is succeeding under IIS Express, but failing under IIS with the error:

FATAL ERROR: Disconnected: No supported authentication methods available (server sent: publickey)

fatal: Could not read from remote repository.

Please make sure you have the correct access rights and the repository exists.

I cannot find an explanation for this. It's the same web app, either published to my local IIS or running directly in Visual Studio. Git config settings appear to be identical in all 4 config files that Git accesses on windows, and yet connections to the remote repository are failing in one environment but not the other. The same user account is used to run the process in both places.

Triynko
  • 18,766
  • 21
  • 107
  • 173
  • Currently inspecting differences in enviroment variables. Git-related variables appear to be the same, but the visual studio environment is running as 32-bit, while the IIS environment is running as 64-bit. It seems odd that any meaningful settings for git would not appear in the git config list. Can't imaging some of these settings depending on environment variables. – Triynko Jan 10 '19 at 23:59
  • I deployed the application in x86 mode, and although this brings the environment variables almost entirely into alignment (a few VS environment variables are missing), I am still getting the same connection error. None of this makes any sense. It works perfectly fine in IIS express, but fails in IIS. Everything is the same, same git command, same git environment variables, same git config settings from the exact same 4 config file locations, etc. Different results. – Triynko Jan 11 '19 at 00:18
  • Seems that Putty is being invoked, but it is failing to detect that Pageant is running. I can see this difference when running plink from IIS vs running from IIS express. Where IIS express-initiated process detects that pageant is running and loads the keys, the IIS-initated process just tries to use my username without specifying any keys. No idea why this is happening. Not sure if this is related, but it doesn't work: https://stackoverflow.com/questions/4313834/plink-pageant-not-working-from-asp-net – Triynko Jan 11 '19 at 03:40
  • Looking like this is some kind of ridiculous, intention security restriction, that's ultimately self-defeating. https://stackoverflow.com/a/11776311/88409 Services seems to run in a different "windows session", which is why plink cannot find the running Pageant instance. Meanwhile, I cannot start Pageant from within the service, because it's not meant to be scripted (e.g. it's meant to be interacted with only, with popup windows and manually entering passwords, etc.). The solution is to use the -i option of plink to specify the ppk, but that requires an unencrypted ppk! Real smart. – Triynko Jan 11 '19 at 04:21
  • Every single recommendation is basically "remove the password": https://stackoverflow.com/a/7296576/88409 – Triynko Jan 11 '19 at 04:26
  • This is exactly the output I'm seeing: https://stackoverflow.com/q/27637723/88409 When running from a service, it doesn't make it to the line saying "Pageant is running. Requesting keys." It's unable to find pagent. So now I need to find a way to run it. – Triynko Jan 11 '19 at 04:37
  • Ok, I figured out how to bypass the restriction completely and avoid using pageant altogether. Simply set your repository's local config value 'ssh.variant' to 'plink'. That will switch off git's auto detection of the ssh variant and force plink (i.e. use a set of parameters appropriate for plink). Then set your local git variable 'core.sshCommand' like this in powershell `git config --local core.sshCommand "'C:\Program Files\PuTTY\plink.exe' -i ~/.ssh/stash-nopass.ppk"`. Note that path to the plink is surrounded by single quotes. That'll allow fetch/pull to run without pageant running. – Triynko Jan 11 '19 at 05:45

0 Answers0