Projects feature authentication problem

hi there,
did dig in it a bit more:

git log shows:

Author: xxx my name :-)
Date:   Tue Mar 10 16:33:34 2020 +0000

    te

commit 67214295e237ceefd5673afb84062a4c3061c186
Author: xxx my name :-)
Date:   Tue Mar 10 16:32:51 2020 +0000

    in

commit 3b86425c179fe19736afee1386acb12fb9d2bb68
Author: xxx my name :-)
Date:   Tue Mar 10 16:32:20 2020 +0000

    Create project

~
~
~
~
~
~
~
~
~
~
~
~
~
~
~
~
~
~
~
~
~
~

manually Creating an ssh key, adding it to ssh and so on (as written in the GitHub manual) works fine.
also git clone with the newly added key from command line works.

any clues?

bash-4.4$ git clone git@github.com:echtelerp/noderedtest.git
Cloning into 'noderedtest'...
remote: Enumerating objects: 3, done.
remote: Counting objects: 100% (3/3), done.
remote: Total 3 (delta 0), reused 0 (delta 0), pack-reused 0
Receiving objects: 100% (3/3), done.
bash-4.4$ 

Do you have any idea, what else/where else I could look?

These are hard problems to debug. Given the complicated way we interact with the git command-line, we do occasionally discover ways it can fail unexpectedly that don't fit with any of the existing ways we handle.

When you get the error in your browser log, can you share a screen shot of it?

Failed to load resource: the server responded with a status of 400 (Bad Request)

I would expect the log message to contain a bit more detail than just that - maybe it needs expanding out?

If not, switch to the Network tab in the browser console and find the same failing request - see if there's any more detail in the response of the request.

This was the starting point:

I cleared the network tab, then entered my PW for the ssh key...

this is the output of the network tab:
origin preview:

response from remote:

{
    "code": "git_auth_failed",
    "message": "ssh_askpass: exec(/usr/src/node-red/node_modules/@node-red/runtime/lib/storage/localfilesystem/projects/git/node-red-ask-pass.sh): Exec format error\r\nHost key verification failed.\r\nfatal: Could not read from remote repository.\n\nPlease make sure you have the correct access rights\nand the repository exists.\n"
}

preview keys:

{
    "keys": [
        {
            "name": "testNR"
        }
    ]
}

is this from any help??

one more thing I tried:
from command line git push -u origin master did not work (auth problem) until I manually added the ssh key that I created in node-red to the ssh client...

eval "$(ssh-agent -s)"
    > Agent pid 59566

ssh-add .sshkeys/Balluff_testNR (keyname)

after adding the key manually git push -u origin master succeeded.

1 Like

This was I was hoping to find. Host key verification failed is a known error we don't handle very well.

I assume you've been running all of the git commands within your Docker container? Do you recall ever seeing a message about accepting the Host key?

You could try adding the github rsa key to your local known_hosts file. I think the following would do it:

ssh-keyscan -t rsa github.com >> /etc/ssh/ssh_known_hosts

I tried adding:

RUN mkdir /root/.ssh && chmod 0700 /root/.ssh && \
    ssh-keyscan -t rsa bitbucket.org >> /root/.ssh/known_hosts && \
    ssh-keyscan -t rsa github.com >> /root/.ssh/known_hosts

to the Dockerfile, but with no success. still an error.

still the same:

{
    "code": "git_auth_failed",
    "message": "ssh: Could not resolve hostname github.com:echtelerp: Name does not resolve\r\nfatal: Could not read from remote repository.\n\nPlease make sure you have the correct access rights\nand the repository exists.\n"
}

Curl from inside the container works:

bash-4.4$ curl -I https://github.com
HTTP/1.1 200 OK
date: Thu, 12 Mar 2020 19:00:46 GMT
content-type: text/html; charset=utf-8
server: GitHub.com
status: 200 OK
vary: X-PJAX, Accept-Encoding, Accept, X-Requested-With
etag: W/"464a7b3ceedf8da9881f224461b7b62f"
cache-control: max-age=0, private, must-revalidate
strict-transport-security: max-age=31536000; includeSubdomains; preload
x-frame-options: deny
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
referrer-policy: origin-when-cross-origin, strict-origin-when-cross-origin
expect-ct: max-age=2592000, report-uri="https://api.github.com/_private/browser/errors"
content-security-policy: default-src 'none'; base-uri 'self'; block-all-mixed-content; connect-src 'self' uploads.github.com www.githubstatus.com collector.githubapp.com api.github.com www.google-analytics.com github-cloud.s3.amazonaws.com github-production-repository-file-5c1aeb.s3.amazonaws.com github-production-upload-manifest-file-7fdce7.s3.amazonaws.com github-production-user-asset-6210df.s3.amazonaws.com wss://live.github.com; font-src github.githubassets.com; form-action 'self' github.com gist.github.com; frame-ancestors 'none'; frame-src render.githubusercontent.com; img-src 'self' data: github.githubassets.com identicons.github.com collector.githubapp.com github-cloud.s3.amazonaws.com *.githubusercontent.com customer-stories-feed.github.com spotlights-feed.github.com; manifest-src 'self'; media-src 'none'; script-src github.githubassets.com; style-src 'unsafe-inline' github.githubassets.com
Age: 8
Set-Cookie: _gh_sess=NAMtyKcAmSMD%2FKOofKpbidANw3TXB70EwvyUjtDfU%2BMMj7cglIl0tThm8SFR1PhyYKyem8ZmSFGLCgJWcb2MT7CL94ZJyQfk6dZiqv%2BwCOxKld3KEiz%2BEKgxNtk0rrf0YR%2FpjRQ0I6wn4V9ZuAuJPsI%2FMCXdb0ELwmqRxmGBadyJZ2R2E87djN5zfFYCO%2BK3xU7FI90NAq5LRA32V7colUsaZ6MofGmQ6VwiOGYy4yXZcVxyNA8ty%2FLP%2FyhsEj6jGPqFwospZeiY8jYq7j6Wtw%3D%3D--wYJ%2F8qFgdy1AzgB%2B--K%2BJ2YROWEvQ2FvfjlfVo1Q%3D%3D; Path=/; HttpOnly; Secure
Set-Cookie: _octo=GH1.1.1234414116.1584039655; Path=/; Domain=github.com; Expires=Fri, 12 Mar 2021 20:00:55 GMT; Secure
Set-Cookie: logged_in=no; Path=/; Domain=github.com; Expires=Fri, 12 Mar 2021 20:00:55 GMT; HttpOnly; Secure
Accept-Ranges: bytes
X-GitHub-Request-Id: EB2B:22CEE:136FCE8:1B96A86:5E6A86E6

git fetch from bash inside the container asks me to add the ip to trusted... (the Yes/no) question that always comes when first using the git clone command

$ ssh -vT git@github.com delivers:

bash-4.4$ ssh -vT git@github.com
OpenSSH_7.9p1, OpenSSL 1.1.1a  20 Nov 2018
debug1: Reading configuration data /etc/ssh/ssh_config
debug1: Connecting to github.com [140.82.118.4] port 22.
debug1: Connection established.
debug1: identity file /usr/src/node-red/.ssh/id_rsa type -1
debug1: identity file /usr/src/node-red/.ssh/id_rsa-cert type -1
debug1: identity file /usr/src/node-red/.ssh/id_dsa type -1
debug1: identity file /usr/src/node-red/.ssh/id_dsa-cert type -1
debug1: identity file /usr/src/node-red/.ssh/id_ecdsa type -1
debug1: identity file /usr/src/node-red/.ssh/id_ecdsa-cert type -1
debug1: identity file /usr/src/node-red/.ssh/id_ed25519 type -1
debug1: identity file /usr/src/node-red/.ssh/id_ed25519-cert type -1
debug1: identity file /usr/src/node-red/.ssh/id_xmss type -1
debug1: identity file /usr/src/node-red/.ssh/id_xmss-cert type -1
debug1: Local version string SSH-2.0-OpenSSH_7.9
debug1: Remote protocol version 2.0, remote software version babeld-dc59ae57
debug1: no match: babeld-dc59ae57
debug1: Authenticating to github.com:22 as 'git'
debug1: SSH2_MSG_KEXINIT sent
debug1: SSH2_MSG_KEXINIT received
debug1: kex: algorithm: curve25519-sha256
debug1: kex: host key algorithm: rsa-sha2-512
debug1: kex: server->client cipher: chacha20-poly1305@openssh.com MAC: <implicit> compression: none
debug1: kex: client->server cipher: chacha20-poly1305@openssh.com MAC: <implicit> compression: none
debug1: expecting SSH2_MSG_KEX_ECDH_REPLY
debug1: Server host key: ssh-rsa SHA256:nThbg6kXUpJWGl7E1IGOCspRomTxdCARLviKw6E5SY8
debug1: Host 'github.com' is known and matches the RSA host key.
debug1: Found key in /usr/src/node-red/.ssh/known_hosts:1
debug1: rekey after 134217728 blocks
debug1: SSH2_MSG_NEWKEYS sent
debug1: expecting SSH2_MSG_NEWKEYS
debug1: SSH2_MSG_NEWKEYS received
debug1: rekey after 134217728 blocks
debug1: Will attempt key: /usr/src/node-red/.ssh/id_rsa 
debug1: Will attempt key: /usr/src/node-red/.ssh/id_dsa 
debug1: Will attempt key: /usr/src/node-red/.ssh/id_ecdsa 
debug1: Will attempt key: /usr/src/node-red/.ssh/id_ed25519 
debug1: Will attempt key: /usr/src/node-red/.ssh/id_xmss 
debug1: SSH2_MSG_EXT_INFO received
debug1: kex_input_ext_info: server-sig-algs=<ssh-ed25519,ecdsa-sha2-nistp256,ecdsa-sha2-nistp384,ecdsa-sha2-nistp521,ssh-rsa,rsa-sha2-512,rsa-sha2-256,ssh-dss>
debug1: SSH2_MSG_SERVICE_ACCEPT received
debug1: Authentications that can continue: publickey
debug1: Next authentication method: publickey
debug1: Trying private key: /usr/src/node-red/.ssh/id_rsa
debug1: Trying private key: /usr/src/node-red/.ssh/id_dsa
debug1: Trying private key: /usr/src/node-red/.ssh/id_ecdsa
debug1: Trying private key: /usr/src/node-red/.ssh/id_ed25519
debug1: Trying private key: /usr/src/node-red/.ssh/id_xmss
debug1: No more authentication methods to try.
git@github.com: Permission denied (publickey).

assuming all of the above, I would guess, that my in node red generated key has not been added to the ssh client? could that be possible?

Just as a note, I have the exact same issue with the official Node Red container on a raspberry pi.

steps to reproduce:
on a clean raspberry pi:

  1. docker pull nodered/node-red
  2. docker run -it -p 1880:1880 --name mynodered nodered/node-red
  3. docker exec -it mynodered /bin/bash
  4. nano /data/settings.js
    4a) change the projects enabled to true
    4b) exit nano and save changes (ctrl+x -> y)
    4c) type exit to leave the container
  5. docker restart mynodered
  6. open browser and go to node red,
  7. create new project:
    7a) Enter GitHub username and email
    7b) project name and description
    7c) flow file
    7d) passphraze
  8. generate new ssh key
  9. copy ssh key to GitHub
  10. add remote in projects settings
  11. do first commit and got to the arrow tap to select remote
  12. after the loading bars run through, the passphrase for the ssh key pops up.
    enter key, nothing happens and this error comes up in the network section of red tools.
{
    "code": "git_auth_failed",
    "message": "ssh_askpass: exec(/usr/src/node-red/node_modules/@node-red/runtime/lib/storage/localfilesystem/projects/git/node-red-ask-pass.sh): Exec format error\r\nHost key verification failed.\r\nfatal: Could not read from remote repository.\n\nPlease make sure you have the correct access rights\nand the repository exists.\n"
}

System Node Red is running on: new clean Raspberry pi.
client: MacBook Pro, 2019, safari 13.0.5.

hope this helps also :slight_smile:

Except that isn't the same. That is failing to look up the hostname - not the host key verification error you had previously.

Curious the hostname it says it can't find is github.com:echtelerp - why is it including "echtelerp" in the hostname suddenly....?

probably because I added your suggestion to the Dockerfile:
its an additional RUN to use the ssh-keyscan.
after adding that to the Dockerfiles the error code changed.

my post should have been still an error. I changed it 2 lines above, :slight_smile:

I just had done it over again:
after clearing the container, and redoing the above procedure I get:

{
    "code": "git_auth_failed",
    "message": "ssh_askpass: exec(/usr/src/node-red/node_modules/@node-red/runtime/lib/storage/localfilesystem/projects/git/node-red-ask-pass.sh): Exec format error\r\nHost key verification failed.\r\nfatal: Could not read from remote repository.\n\nPlease make sure you have the correct access rights\nand the repository exists.\n"
}

The hostname thing came probably by my playing around with the git settings inside the container.
so maybe it was by accident.

Ok, so I think I'm going to have to try to reproduce this following the steps you've provided. Not sure when exactly I'll be able to do that - possibly tomorrow.

Any help I can provide I will :slight_smile:
Due to corona I'll be I home office for a while, so I have all my toys around me.
should I make you a screencast tomorrow?

I can recreate the issue using own docker image and the steps you describe. Thanks for providing those.

If I run:

ssh-keyscan -t rsa github.com >> /usr/src/node-red/.ssh/known_hosts

it will add the appropriate key to the right known_hosts file and it starts to work.

I did get the 'Could not resolve hostname' error once, but I wonder if that was some local dns caching because I can't reproduce it.

ssh-keyscan -t rsa github.com >> /usr/src/node-red/.ssh/known_hosts

We can also create route folder by name known_hosts in docker and then run command on docker

ssh-keyscan -t rsa github.com >> /usr/src/node-red/.ssh/known_hosts

Which will solve our docker image error.

I have a similar problem trying to connect to a git repo on an azure devops site, using https.

when pushing the manage remote branch button, I get the authentication windows pop-up.
on entering the username and password nothing happens after confirmation. I get the same authentication window again.
no info in the node-red log console.
in the chrome devtools logconsole I get the following error message:

GET http://localhost:1880/projects/TEXbox_EventService/branches/remote?{} 400 (Bad Request)

running the same get directly in the chrome browser I get some extra info:

{
* code: "git_auth_failed",
* message: "error: cannot spawn C:\Users\psmt\AppData\Roaming\npm\node_modules\node-red\node_modules\@node-red\runtime\lib\storage\localfilesystem\projects\git\node-red-ask-pass.sh: Exec format error bash: /dev/tty: No such device or address error: failed to execute prompt script (exit code 1) fatal: could not read Username for 'https://xxxxxxxx.visualstudio.com': No such file or directory "
}

running on windows 10,
node-red v1.0.6
git version 2.14.2.windows.3

from a git bash in the project folder I can push to the remote.

Any suggestions? Am I doing something wrong?

Hi @psmtvdw - do you have multiple remote repositories configured for the project? If so, I have just fixed an issue that caused this issue if those repositories require HTTPS authentication.

The workarounds are either:

  1. fall back to the command line to run the git push
  2. remove the 'extra' remotes so you only have one configured at a time.

hi,
No I don't have multiple remote repo's, but I did try a lot to erase a repo, create a new one, etc... so to be 100% sure I wanted to check if there's no double remote in the repo.
I checked the config file in the .git folder of the project:

[remote "origin"]
	url = https://xxxxxx.visualstudio.com/TEXbox/_git/EventService
	fetch = +refs/heads/*:refs/remotes/origin/*

I suppose this looks fine?

update: got it working by now. so combination of

  • node-red projects
  • git
  • https remote connection
  • windows 10
    is working fine.
    The problem was probably due to the use of wrong credentials. After creating all new credentials everything worked fine. Only problem left was that after every restart of node-red I was asked to enter credentials again, but that problem was related to my git configuration

This topic was automatically closed 14 days after the last reply. New replies are no longer allowed.