Re: Bug report: parallel fetch tries to unlock SSH keys over and over again

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

On 2025-01-24 at 19:46:58, Perez-Lopez Áron Ricardo wrote:
> What did you do before the bug happened? (Steps to reproduce your issue)
> git fetch --all --tags --prune --jobs=10
> 
> What did you expect to happen? (Expected behavior)
> Being asked for the password of my SSH key, then git updating all of
> the remotes.
> 
> What happened instead? (Actual behavior)
> I get asked for my SSH key many times over, and the fetch does not succeed.
> 
> What's different between what you expected and what actually happened?
> I should only be asked to unlock my SSH key once. All fetch jobs
> should wait for this and then use the unlocked (cached) key.
> 
> Anything else you want to add:
> If I do just `git fetch` and unlock my key (once), it does get added
> to the SSH agent properly, and afterwards I can execute the command
> above with no issues.

While this would be nice, Git doesn't actually prompt your for your SSH
passphrase, so it has no knowledge as to whether a passphrase is needed
or not.  This is usually done either by your SSH client (such as
OpenSSH), or by some tool which functions as an SSH agent (such as a
system keychain).

Git, in fact, couldn't even just query the agent to see if the key is
there because it's possible in some cases to make the agent require a
password for every usage or after a certain amount of time, so even if
the agent has the key, that doesn't mean that it is or isn't accessible
without a password.

The only way that Git does anything related to the password is to pass
the appropriate file descriptors to the SSH process so that the SSH
client can prompt on the terminal if it so chooses.  So regretfully,
there's no change we can make in Git that will address this in a useful
and general way.  As a workaround, you can explicitly add your SSH key
to the agent, or you can use something like a password manager as your
agent (I use 1Password, but there are others) that will prompt you only
once for all uses, which will avoid the competing prompts.
-- 
brian m. carlson (they/them or he/him)
Toronto, Ontario, CA

Attachment: signature.asc
Description: PGP signature

[Index of Archives]     [Linux Kernel Development]     [Gcc Help]     [IETF Annouce]     [DCCP]     [Netdev]     [Networking]     [Security]     [V4L]     [Bugtraq]     [Yosemite]     [MIPS Linux]     [ARM Linux]     [Linux Security]     [Linux RAID]     [Linux SCSI]     [Fedora Users]

  Powered by Linux