Github forced through SSH protocol

ssh
github

#1

We have some tests that provide a port when connecting to github. This is to help us test our ability to handle ports in some of our code. We use port 443 for testing in this case so that we can connect to github successfully. Normally, this isn’t an issue, but with ssh-agent and identity files configured, the subject is wrong I think.

Details:

Cloning from github with port 443 set yields the following:

ubuntu@box1171:/tmp$ git clone https://github.com:443/
Cloning into ‘…’…
ssh_exchange_identification: Connection closed by remote host
fatal: Could not read from remote repository.

Please make sure you have the correct access rights
and the repository exists.

SSHing into github with port:

ubuntu@box1171:/tmp$ ssh -p 443 -v git@github.com
OpenSSH_6.6.1, OpenSSL 1.0.1f 6 Jan 2014
debug1: Reading configuration data /home/ubuntu/.ssh/config
debug1: /home/ubuntu/.ssh/config line 12: Applying options for github.com
debug1: Reading configuration data /etc/ssh/ssh_config
debug1: /etc/ssh/ssh_config line 1: Applying options for *
debug1: Connecting to github.com [192.30.253.112] port 443.
debug1: Connection established.
debug1: identity file /home/ubuntu/.ssh/id_circleci_github type -1
debug1: identity file /home/ubuntu/.ssh/id_circleci_github-cert type -1
debug1: Enabling compatibility mode for protocol 2.0
debug1: Local version string SSH-2.0-OpenSSH_6.6.1p1 Ubuntu-2ubuntu2.6
ssh_exchange_identification: Connection closed by remote host

SSHing into github without port:

ubuntu@box1171:/tmp$ ssh -v git@github.com
OpenSSH_6.6.1, OpenSSL 1.0.1f 6 Jan 2014
debug1: Reading configuration data /home/ubuntu/.ssh/config
debug1: /home/ubuntu/.ssh/config line 12: Applying options for github.com
debug1: Reading configuration data /etc/ssh/ssh_config
debug1: /etc/ssh/ssh_config line 1: Applying options for *
debug1: Connecting to github.com [192.30.253.112] port 22.
debug1: Connection established.
debug1: identity file /home/ubuntu/.ssh/id_circleci_github type -1
debug1: identity file /home/ubuntu/.ssh/id_circleci_github-cert type -1
debug1: Enabling compatibility mode for protocol 2.0
debug1: Local version string SSH-2.0-OpenSSH_6.6.1p1 Ubuntu-2ubuntu2.6
debug1: Remote protocol version 2.0, remote software version libssh-0.7.0
debug1: no match: libssh-0.7.0
debug1: SSH2_MSG_KEXINIT sent
debug1: SSH2_MSG_KEXINIT received
debug1: kex: server->client aes128-ctr hmac-sha1 none
debug1: kex: client->server aes128-ctr hmac-sha1 none
debug1: sending SSH2_MSG_KEX_ECDH_INIT
debug1: expecting SSH2_MSG_KEX_ECDH_REPLY
debug1: Server host key: RSA 16:27:ac:a5:76:28:2d:36:63:1b:56:4d:eb:df:a6:48
debug1: Host ‘github.com’ is known and matches the RSA host key.
debug1: Found key in /home/ubuntu/.ssh/known_hosts:1
debug1: ssh_rsa_verify: signature correct
debug1: SSH2_MSG_NEWKEYS sent
debug1: expecting SSH2_MSG_NEWKEYS
debug1: SSH2_MSG_NEWKEYS received
debug1: SSH2_MSG_SERVICE_REQUEST sent
debug1: SSH2_MSG_SERVICE_ACCEPT received
debug1: Authentications that can continue: publickey
debug1: Next authentication method: publickey
debug1: Trying private key: /home/ubuntu/.ssh/id_circleci_github
debug1: key_parse_private2: missing begin marker
debug1: read PEM private key done: type RSA
debug1: Authentication succeeded (publickey).
Authenticated to github.com ([192.30.253.112]:22).
debug1: channel 0: new [client-session]
debug1: Entering interactive session.
debug1: Sending environment.
debug1: Sending env LANG = en_US.UTF-8
PTY allocation request failed on channel 0
debug1: client_input_channel_req: channel 0 rtype exit-status reply 0
Hi fossas/FOSSA! You’ve successfully authenticated, but GitHub does not provide shell access.


#2

Hmm a bit more info… I guess git supports different protocol and circle ci explicitly forces ssh instead of https:

[url “ssh://git@github.com”]
insteadOf = https://github.com

Is there a reason behind this?


#3

@abef try add user key directly(at Project Settings/Permissions/Checkout SSH Keys)

it works for me.


#4

I’d prefer to use HTTPS rather than SSH to checkout the code. Could the CircleCI checkout please take an argument to specify which protocol to use?


#5