-
Notifications
You must be signed in to change notification settings - Fork 4
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
ssh issues with encrypted identity files on MacOS #20
Comments
reposting from iterative/scmrepo#210 (comment)
|
@pmrowla Thank you for clarifying! That sounds very good. |
This issue probably should not have been moved into However, the underlying issue w/asyncssh not supporting all OpenSSH flags does actually affect Essentially, the macos We don't have a straightforward fallback mechanism for DVC remotes, since DVC was never using subprocess to run system To handle this properly for DVC remotes we would need an fsspec sftp implementation that is capable of using CLI |
SSH on MacOS provides the
UseKeychain
option (man ssh_config
) that makes it possible to decrypt encrypted ssh identity files on-the-fly by retrieving the passphrase from MacOS' keychain.This works with
git clone
and other git cli commands, but fails when using certain dvc operations (dvc exp list
,dvc get
, ...) because the ssh vendor we use for git operations and for remote operations (asyncssh
) does not support Apple keychain integration.Using
UseKeychain
can result in authentication issues (unexpectedCloneError
orPermission Denied
errors).The solution is to decrypt the ssh key and add it to the ssh agent:
ssh-add --apple-load-keychain ~/.ssh/ed255
(note that
--apple-load-keychain
used to be-A
)By adding the key to the ssh-agent,
asyncssh
is able to properly use the (decrypted) key.First noted by @shcheklein in iterative/dvc#7702 (comment)_
The text was updated successfully, but these errors were encountered: