5

I created the ssh key, added it on gitlab, and followed the instructions. When I do a push from git bash everything works fine, it keeps annoying me to enter the passphrase every time. But when I try to push from vsCode it doesn't ask me for the passphrase and throws an error

Git: git@gitlab.com: Permission denied (publickey,keyboard-interactive).

Is there any way to fix this? And bonus help: how can I stop it from asking me every time for the passphrase.

I know, there are similar questions around for my bonus help, but I couldn't find anything about the vsCode issue. I am using windows 11.

Sorry if the title is misleading.

Tinaira
  • 727
  • 2
  • 7
  • 23
  • Note that it's not *Git* that asks for the passphrase. It's ssh. Ssh stored your key data in encrypted files, encrypted with the passphrase; and ssh didn't *save* the passphrase, so ssh needs the passphrase again to *de*-crypt the files, to get the keys. If ssh can get the key without needing to decrypt the files, ssh won't need the key. If ssh can get the key without decrypting the file, the key is less secure. You cannot have it both ways: pick one and live with it. – torek Mar 22 '22 at 07:54
  • Note that ssh *does* offer a sort of compromise, via something it calls an "ssh agent". Here, the *agent* gets the key, and programs then ask the agent for the key. The agent needs the passphrase, if there is one, so that it can decrypt and hold the key. This means that the key is only available while the agent is running, but if someone ever compromises the agent, that's pretty bad in and of itself. Again, you can't have it both ways: pick a way (use agent, don't use agent) and live with it. – torek Mar 22 '22 at 07:57
  • and how do I use this ssh agent? – Tinaira Mar 22 '22 at 08:02
  • On Windows? I have no idea. On macOS, it's pre-installed, you just run `ssh-add` in any Terminal window. On Linux, there are a bunch of options for installing it. – torek Mar 22 '22 at 08:06
  • maybe it's the same on windows with git bash. I will try when I get home – Tinaira Mar 22 '22 at 08:22
  • There might be (I don't know if there *is*, just "might") also be some issue with using the agent with VSCode. I think there have been questions here on SO about it. – torek Mar 22 '22 at 08:24

3 Answers3

2

But when I try to push from vsCode it doesn't ask me for the passphrase and throws an error

It will ask you, starting with VSCode 1.72 (Sept. 2022):

When an SSH key with a passphrase is used for Git operations, VS Code will now display the quick input control so that you can enter the passphrase for the SSH key.

The passphrase is not cached and has to be entered every time a Git operation is performed.

Using an ssh-agent should help avoiding the passphrase (more than once per session). See "VScode on OSX - GIT ssh key passphrase - working from build in terminal put not from command palette".

VonC
  • 1,262,500
  • 529
  • 4,410
  • 5,250
  • 1
    IMHO it should be the accepted answer, it as more pointers to explain why it's like that, it's focused on VScode and is not a "just drop the security you'll be just fine" answer. – webofmars Mar 14 '23 at 14:01
2

You can save passphrase in the Keychain store.

For mac

ssh-add --apple-use-keychain ~/.ssh/[private-key]

older than 12.0 Monterey

ssh-add -K ~/.ssh/[your-private-key]

Here is similar question .

Yevhenii
  • 301
  • 1
  • 5
  • 14
-1

I think you have given passphrase while creating the keys that is why, you need to supply passphrase everytime you commit something. One solution is that update/ re make the ssh keys without passphase and add it to gitlab.
Jaymit Gupta
  • 567
  • 5
  • 13
  • but is it a good idea to leave it without passphrase? if I am not wrong, there must be something that will add my device to a whitelist. correct me if I am wrong – Tinaira Mar 22 '22 at 05:48
  • The purpose of the passphrase is usually to encrypt the private key. This makes the key file by itself useless to an attacker. But ayou should not use private key anywhere as it makes your sys vulnerable. Better to use public key. – Jaymit Gupta Mar 22 '22 at 05:59
  • but when I created my gitlab account and the first project in it, it said that I must have an ssh key. can you please explain me a bit more what you mean with private key and public key in gitlab and what are their purpose – Tinaira Mar 22 '22 at 06:41
  • SSH is used for remote file transfer, network management, and remote operating system access.SSH uses pair of keys i.e public and private. For example if you have used ssh-keygen on your server. in .ssh folder on home directory, it will have these 2 files id_rsa.pub and id_rsa. You should copy id_rsa.pub to gitlab account. Public key carries a identity which can be decrypted by private key on the server – Jaymit Gupta Mar 22 '22 at 07:04
  • I copied the .pub to my gitlab account – Tinaira Mar 22 '22 at 07:13
  • 1
    Then you wont need passphrase. In the real world system also, we wont use it. – Jaymit Gupta Mar 22 '22 at 08:44
  • ok thanks. any idea about my problem with vsCode? – Tinaira Mar 22 '22 at 09:19
  • 1
    yes remove the passphase it will not throw you an error – Jaymit Gupta Mar 22 '22 at 09:43
  • this answer sounds like "remove your door you will not have to search for your keys anymore" to me. The point is that other tools like purely using the git cli on command line wont ask for the passphrase because it use ssh-agent. The question is then more why vscode can't ? – webofmars Mar 14 '23 at 13:59