Reputation: 5591
why does git push cause a request to unlock the private key on my local machine when I am logged in remotely using ssh
I regularly ssh into a development machine from which I run git. I would expect this connection to be isolated from my local machine.
Today I sshed in from a different machine to the same development machine I always use and whenever I run git push a request appears on my local machine - not the development machine - to unlock its private key. I decline this and the push still works but reports:
sign_and_send_pubkey: signing failed: agent refused operation
Why do I get a prompt on and about my local machine rather than the development machine itself?
Is there some information leak in ssh? Is it somehow less isolated than it appears?
I'm guessing that when I ssh in it sets up something which is accessible from the remote end. It must do as for instance I am using ssh -Y for X11 forwarding.
I get the impression this is harmless rather than something malicious going on but is there some kind of attack possible via this route?
Possibly similar to this question However, there was no mention of being logged in via ssh and the accepted answer didn't really explain what was going on under the hood.
I'm looking for enlightenment as to what ssh and git are doing internally here.
Upvotes: 1
Views: 80
Answers (1)
Reputation: 45649
ssh has a thing called credential forwarding. The idea is, your private key is supposed to be protected. You probably don't (or at least probably shouldn't) want copies of it laying around on shared servers you use. Instead you should have it stored under your control.
So if I ssh into a dev server, but then make an ssh connection from there (say, to do an scp, or to access git via an ssh url), then I have two options: I can have my keys sitting on the dev server (another copy of them that could be compromised), or I can have some mechanism for using the copies I have locally.
ssh will let you do either or both. It has an ssh-agent that will say "hey, you used ssh to get here, maybe you have the key you want me to use for this other connection?"
I don't know enough about your setup to say much more specific than that, but I think that addresses the basic mystery of why your local keys are part of the equation.
Upvotes: 2
Related Questions
- Git keeps asking me for my ssh key passphrase
- git push from a remote machine accessed through ssh gives "Permission denied (publickey)" error
- git pull asks for password everytime
- Git always asks for my ssh-key passphrase
- ssh asks for passphrase at each git push
- How to make Git not ask me for password when accessing remote repositories?
- Git asks for password everytime when I push ,I used ssh
- Remote SSH git pull asks id_rsa passphrase every time
- Git works fine locally, but when accessing machine remotely Git asks for password
- Keep getting prompted for SSH passphrase in Git