sheldon lock --update fails if github is configured to use ssh

[lburgazzoli]

My plugin setup is as follow:

shell = "zsh"
apply = ["defer"]

[templates]
defer = { value = 'zsh-defer source "{{ file }}"', each = true }

[plugins]

[plugins.zsh-defer]
github = "romkatv/zsh-defer"
apply = ["source"]

[plugins.zsh-syntax-highlighting]
github = "zsh-users/zsh-syntax-highlighting"
use = ["{{ name }}.zsh"]

When I run sheldon lock --update, the process ends after a long time with the following error:

error: failed to install source `https://github.com/romkatv/zsh-defer`
  due to: failed to git fetch
  due to: Failed to retrieve list of SSH authentication methods: Failed getting response; class=Ssh (23); code=Auth (-16)

error: failed to install source `https://github.com/zsh-users/zsh-syntax-highlighting`
  due to: failed to git fetch
  due to: Failed to retrieve list of SSH authentication methods: Failed getting response; class=Ssh (23); code=Auth (-16)

This seems to be caused by the fact that in my git configuration, I always use ssh to access git repos:

[url "git@github.com:"]
    insteadOf = https://github.com

If I remove the mapping above, then the command succeed.

[rossmacarthur]

@lburgazzoli are you using an ssh-agent? Currently sheldon only supports authentication over ssh when there is an ssh-agent present. As far as I understand SSH with github always requires authentication even just to clone a public repository.

[lburgazzoli]

Yes I have the ssh-agent running (on OSX)

➜ ps -ef | grep ssh-agent
  501  1944     1   0 Tue06PM ??         0:03.39 /usr/bin/ssh-agent -l

My ssh config is like:

Host github.com
    HostName ssh.github.com
    Port 443
    User lburgazzoli
    IdentityFile ~/.ssh/github

[tyronick]

Just saw this - you need the ssh agent env vars on any shell that you run, so it makes sense to eval $(ssh-agent) before sheldon, other wise it won't be able to find the agent.

Also on macOS I do this:

Host github.com
  AddKeysToAgent yes
  UseKeychain yes
  IdentityFile ~/.ssh/id_ed25519```

[lburgazzoli]

@tyronick o great, that works !

[qnlbnsl]

@rossmacarthur I am encountering this issue as well but as i am accessing my server via ssh this does not work. I am able to access github via ssh directly but not via sheldon.

❯ ssh git@github.com
PTY allocation request failed on channel 0
Hi qnlbnsl! You've successfully authenticated, but GitHub does not provide shell access.
Connection to ssh.github.com closed.
❯ exec zsh
Loaded ~/.config/sheldon/plugins.toml

error: failed to install source `https://github.com/ohmyzsh/ohmyzsh`
  due to: failed to git clone `https://github.com/ohmyzsh/ohmyzsh`
  due to: failed to connect to github.com: Operation timed out; class=Os (2)

[rossmacarthur]

@qnlbnsl your config is trying to access github over https. If access via https is not allowed on the server this won't work. If you intend to clone repos using ssh you will need to modify your sheldon config file. See the documentation https://sheldon.cli.rs/Configuration.html#cloning-with-git-or-ssh-protocols

[Systemcluster]

I'm having the same issue. Sheldon is stuck at fetching the repositories when using git over ssh.

❯ less ~/.config/sheldon/plugins.toml
shell = "zsh"
[plugins]
[plugins.zsh-autosuggestions]
github = 'zsh-users/zsh-autosuggestions'
proto="ssh"
...

❯ less ~/.config/git/config
[url "ssh://git@github.com/"]
    insteadOf = https://github.com/
...

❯ less ~/.ssh/config
Host github.com
        HostName ssh.github.com
        Port 443
        IdentityFile ~/.ssh/id_ed25519
        AddKeysToAgent yes

ssh-agent is running:

❯ ps -ef | grep ssh-agent
Chris        210     156  0 16:18 ?        00:00:00 /usr/bin/ssh-agent -D -a /run/user/1000/ssh-agent.socket
Chris       1826    1244  0 16:23 pts/0    00:00:00 rg --color=auto ssh-agent

❯ env
...
SSH_AUTH_SOCK=/run/user/1000//ssh-agent.socket
...

Running sheldon lock hangs forever:

❯ sheldon lock --update
Loaded ~/.config/sheldon/plugins.toml
^C

Hovever when I run ssh git@github.com (or fetch a git repo over ssh) once in the session before, it works:

❯ ssh git@github.com
PTY allocation request failed on channel 0
Hi Systemcluster! You've successfully authenticated, but GitHub does not provide shell access.
Connection to ssh.github.com closed.

❯ sheldon lock --update
Loaded ~/.config/sheldon/plugins.toml
   Checked ssh://git@github.com/zsh-users/zsh-autosuggestions
   ...
Locked ~/.local/share/sheldon/plugins.lock

Any suggestions for debugging this?

[Systemcluster]

Solved, I'm leaving this here in case anyone else runs into it.

The issue is a combination of multiple potential issues. I did the following, not all of it might be necessary:

• Make sure you own .local, .config, .ssh etc. and have set the right permissions.
• Remove your .local/share/sheldon
• Back up and remove your .ssh/known_hosts
• Check that ssh git@github.com works and adds the [ssh.github.com]:443 fingerprints.

Now sheldon lock --update will fail with invalid or unknown remote ssh hostkey. This is due to git2 not reading .ssh/config in default configuration (ref), therefore connecting to GitHub at github.com:22 instead. Run the following to add the github.com fingerprints:

• ssh-keyscan github.com >> ~/.ssh/known_hosts

Now sheldon lock --update will work.