Setting up password-less connection in Git Bash or cmd

All right, we're after Setting up password-less connection in Netbeans and Setting up password-less connection in TortoiseGit, now it is time to do the same in "pure Windows", that is: to be able to establish password-less connection with any Git-based repository in command-line (both cmd and Git Bash).

If you were using your repo in Netbeans and/or TortoiseGit painlessly, but each attempt of doing the same in console, ends up with annoying message:

Disconnected. No supported authentication methods available (server sent: publickey)

then you're in right place to get help.

In short

I've tried many solutions and approaches to solve the same problem, found in the Internet, and none of them worked, until I found a comment to this SeverFault answer, written by Owen Blacker.

In short, Git Bash or cmd doesn't have own configuration or own ways to read and use your private keys. It always uses some external authentication agents to handle this job. But, wait the moment... Isn't TortoiseGit doing exactly the same? Haven't you noticed a small icon, that pops up next to system clock, each time you connect to a remote repo for the first time that particular day? Yes, that is true. Then, why we couldn't use the same solution? The answer is, yes... we can.

Note, that I'm referring to TortoiseGit in this article, so all paths refers to it as well. There's, of course, no problem in having mentioned programs in PuTTY's folder (if you don't use TortoiseGit) or in any other folder (if you don't use PuTTY). Simply, adjust all paths and names mentioned in following text, in this case. Read "Final words" section, at the end of this article, for more details on this.

Use pageant

TortoiseGit by default uses a little tool called pageant (pageant.exe), which is part of great PuTTY package (it ships with TortoiseGit as well). You can grab it directly from PuTTY's webpage. It is free to be used in any conditions, including commercial ones (with kind exception of these countries, where using SSH, SSL or any other kind of encryption based on private-public key pair is prohibited by law). And you can use it right away, after unpacking from archive, without need of installation.

PuTTY's pageant uses keys in format generated by puttygen (PuTTY's key generator -- .ppk file). You should refer to Setting up password-less connection in TortoiseGit article, to read, how to generate private-public key pair to for your computer, using puttygen. Or simply run this program, if you're familiar with it and can generate your pair without need for further help. You can obtain PuTTYget from PuTTY's webpage, because it is also part of PuTTY family.

Now, add a new shortcut to your Startup folder (%APPDATA%\Microsoft\Windows\Start Menu\Programs\Startup) and point it to C:\Program Files\TortoiseGit\bin\pageant.exe (if you're using copy from TortoiseGit) or to any other location, where you store it. You have to add an additional run parameter, that will point pageant, to the place, where you store your private key.

Complete string should be for example:

"C:\Program Files\TortoiseGit\bin\pageant.exe" "C:\Program Files\TortoiseGit\TortoiseGit\Key.ppk"

Adjust it, if you store pageant.exe in other directory or if your key is named differently.

From this moment, pageant should start with your Windows startup and should load your key, so you should never see the "Disconnected. No supported authentication blah... blah..." message again, when doing some operations on git, that requires authentication.

If you have your private key password-protected (you should have!), then you'll be asked for providing that password, one time at each Windows session.

Don't forget about TortoisePlink!

Above solution won't work in Git Bash for Windows (Git in general), if you don't set it to use TortoisePlink.exe as SSH auth client.

When you start Git Bash, execute echo $GIT_SSH and check, if it does point to C:\Program Files\TortoiseGit\bin\TortoisePLink.exe (or your own location of TortoisePlink.exe). If it doesn't, then you have to options:

1. To temporally change location of SSH client used by Git / Git Bash (for example, to check if everything has been setup correctly and works just fine), execute export GIT_SSH="/c/Program Files (x86)/TortoiseGit/bin/TortoisePLink.exe" (adjust path, of course).

2. To permanently change this setting, double click Computer icon on your desktop, while holding Left Alt button pressed (or select Properties from context menu of Computer) and then go to Advanced system Properties > Advanced > Environmental Variables > System variables. Find GIT_SSH variable, add it (click New), if it does not exist, edit it and set its value to proper path to your TortoisePlink.exe. Close all open windows, restart console and check if this worked, by executing echo $GIT_SSH again.

After you done this, you can test, if everything is OK, by executing simple git pull or any other Git command, that require authentication. If all gone well, you should see an error saying, that authentication failed and server returned public key. This is normal. You have to now add your public key to the remote.

Note, that TortoisePlink.exe (sometimes named TortoiseGitPlink.exe) and plink.exe file, that you may find in your PuTTY's folder are two different programs. Solution described in this article will not work, if you have your Git for Windows set to use plink.exe!

I don't have TortoiseGit!

And, what if you don't have / don't use TortoiseGit? Well... it seems, that you have two options. You can force Git Bash to start using plink.exe, that comes with PuTTY. But, that goes far beyond borders of this text, so you need to work on your on. Plus, I found this solution no working (Git Bash did not recognize the key)!

Alternatively, you can get your own copy of TortotisePlink.exe, put it into any folder (like PuTTY's) and start using it, without installing entire TortoiseGit. If you don't have any copy of TortotisePlink.exe, you have to install TortoiseGit, because it is not available as .zip file, from which you could extract this file. You can get current stable version of TortoiseGit from its download page. Install it, copy TortotisePlink.exe, msvcp120.dll and msvcr120.dll to some other folder and then uninstall TortoiseGit. Finally, setup GIT_SSH environmental variable in the way, it was shown in previous chapter.

If you do have your own copy of TortotisePlink.exe, then don't forget, that it needs msvcp120.dll and msvcr120.dll libraries to run and that they must match TortotisePlink.exe's platform version (i.e. using 64-bit libraries with 32-bit TortotisePlink.exe doesn't seems to be a wise idea). You can obtain these two files from services like dll-files.com or opendll.com or by installing Visual C++ Redistributable Packages for Visual Studio 2013 from Microsoft. If you're stupid enough to not handle this problem yourself, there's even a YouTube video for those like you.

Adding public key to remote

Now, you have to add your public key on server side, to made these things work (server sends that public key to your client and then verifies it against your private key stored locally).

To get your public key, open your .ppk file in puttygen (enter key passpharse, if required) and copy it from its biggest edit field. This is your public key from in format generated by puttygen. Works fine for most web services like GitHub or BitBucket. If you need it in format used by ssh-keygen command (required in most cases by Linux servers) then follow to this post for details.

To add your public key to remote, you should:

1. If you're using services like GitHub, BitBucket, Gerrit or GitLab, you most likely have proper option for uploading or entering public keys, somewhere in web UI. Mostly in repository's configuration or user settings.

2. If you're dealing with a remote server without GUI, you have to add your public key manually, via console.

In second case you should (in general) follow these steps (use Git Bash, where console is mentioned):

1. Copy your converted key to your home directory at server, this time authorizing yourself still with password:

scp "/c/Program Files/TortoiseGit/TortoiseGit Key.pub" user@some.remote.host.com

2. Login to your account at remote server:

ssh user@some.remote.host.com

3. Navigate to your home directory, to .ssh subfolder (cd ~/.ssh); create it, if it does not exists:

mkdir -p ~/.ssh

4. Add contents of just copied public key to authorized_keys file (or create one, if it does not exists):

cat ../id_rsa.pub >> authorized_keys

5. And remove just copied & added key (rm ../id_rsa.pub).

Finally, you can test, if your password-less login works. Either, by executing some command over SSH (ssh user@some.remote.host.com ls -ls) or by doing some Git operation, that requires authorization (i.e. git push). If everything went OK, you shouldn't be asked for password anymore. Follow here for some details.

Final words

If you're not using TortoiseGit, you may still use TortoisePlink.exe (in some versions named TortoiseGitPlink.exe) from some other folder (for example from PuTTY's). In this case, you will of course need all set of required files (like .dll files), not just TortoisePlink.exe to be placed in destination folder.

In particular, TortoisePlink.exe requires "Visual C++ Redistributable Packages for Visual Studio 2013" to be installed on your computer. It can be downloaded from Microsoft website. If it is not installed, any attempt to run TortoisePlink.exe will end up with error message complying, that mvcr120.dll library is missing.

Keep in mind, that some people report, that you should use 32-bit version of "Visual C++ Redistributable Packages for Visual Studio 2013" even on 64-bit machines.

If my solution doesn't work, then they might be other reasons. Take a look at this SeverFault question and many good-quality answers to it. You may find solution for your problems among there. If, however, all other fails, googling for Disconnected. No supported authentication methods available (server sent: publickey) might be another option. Good luck!

Leave a Reply