jj git clone doesn't support interactive authentication

[zygoloid]

Description

jj git clone (and presumably other jj git commands) don't support interactive authentication, for example if ssh is used to connect to the remote and the ssh key has a passphrase.

Steps to Reproduce the Problem

1. Set up a github ssh key with a passphrase, and specify a corresponding IdentityFile in .ssh/config
2. Attempt to jj git clone git@github:...

Expected Behavior

The passphrase for the ssh identity file is requested, and the git operation continues.

Actual Behavior

jj git clone fails with the error:

Error: Fetch failed: Failed to retrieve list of SSH authentication methods: Failed getting response; class=Ssh (23); code=Auth (-16)

Specifications

• Platform: linux
• Version:

[martinvonz]

This is a known limitation. I recommend using ssh-agent until it's fixed (and also after it's fixed).

[worldofgeese]

I think (I've since gone back to Git) that this means jj doesn't currently work with 1Password's SSH agent or at least I was unable to continue when using it. Just wanted to add this to the issue in case others wander by looking.

[dbarnett]

Even if ssh-agent is running it seems to give cryptic errors if the agent doesn't have the key added yet:
Error: Failed to authenticate SSH session: Unable to extract public key from private key file: Wrong passphrase or invalid/unrecognized private key file format; class=Ssh (23)

Seems like the error message could at least be improved for that case, but that probably comes directly from libgit2, right?

[dbarnett]

I'd like to follow up to get this improved in whatever relevant dependency. Does anyone understand if the misfeature is in libgit2 or libssh2 or something else? I found relevant error message text in libgit2 ssh_libssh2.c and in libssh2 openssl.c.

[dbarnett]

And I'm guessing this code or something like it is what gets me the "Enter passphrase for key" from git fetch on my system: https://github.com/openssh/libopenssh/blob/05dfdd5/ssh/sshconnect2.c#L1477

[bnjmnt4n]

Does #3191 handle this? It switches from libssh2 to use OpenSSH for SSH interaction. I'm not very familiar with the internals of the libgit2 SSH workflow, but I suspect that we might prefer the OpenSSH variant eventually because it permits configuration from ~/.ssh/config to be read, which libssh2 does not.

[dbarnett]

Ooh, I'll give it a try and verify, thanks!

[dbarnett]

Yep, awesome, tried your openssh version locally and it worked exactly like I expected, at least for the "Unable to extract public key" scenario. Will follow up on the PR.