Ssh + git-commit --> error in libcrypto?

,

Really strange problem that I’m not sure how to debug.

If I ssh from a macOS laptop to my Fedora workstation, I’m unable to create a new git commit:

Last login: Mon Jul 11 23:21:03 2022 from 100.101.210.30
❯ mkdir test
❯ cd test
❯ git init
Initialized empty Git repository in /home/bfallik/test/.git/
❯ git commit --allow-empty -m "test"
error: Load key "/tmp/.git_signing_key_tmp5kTBdK": error in libcrypto?

fatal: failed to write commit object

But if I’m sitting at the workstation I don’t encounter this issue and can git commit just fine.

The client is iTerm2 running on macOS Monterey. The Fedora workstation is up-to-date F36.

Any tips on how to debug this further?

What is the output of $TERM when sitting at the workstation?
What is the output of $TERM when logged in via ssh from the Mac?

If they are different I would look there first.

Then looking at the key error, it could be the fact that your key is being loaded from /tmp. My public key is in ~/.ssh/authorized_keys and my private key is in ~/.ssh/id_rsa. The private key has permissions rw------- and the public key has permissions rw-r–r–

Where is your private key stored?
What are the ownership & permissions on the key in /tmp?

TERM=xterm-256color locally and over SSH.

I have no idea why git is looking for my key in /tmp or how my key got there in the first place. AFAIK my ssh keys remain in ~.ssh.

❯ ls -lZ /tmp/.git_signing_key_tmp5kTBdK
-rw-------. 1 bfallik bfallik unconfined_u:object_r:user_tmp_t:s0 566 Jul 12 19:58 /tmp/.git_signing_key_tmp5kTBdK

❯ md5sum /home/bfallik/.ssh/id_rsa.pub /tmp/.git_signing_key_tmp5kTBdK
63f93b96a1676f3ff611fa7f4fbe6b7b  /home/bfallik/.ssh/id_rsa.pub
63f93b96a1676f3ff611fa7f4fbe6b7b  /tmp/.git_signing_key_tmp5kTBdK

Eureka. Poking a bit more, I remembered I’d set a signing key within my ~/.gitconfig to enable gpg signing. Removing that fixed my git-commit issue over SSH. Still under why gpg signing works locally but not over SSH.

I’ve encountered this problem when trying to use GPG signing during an SSH session.

You likely need to configure your SSH sessions with access to ssh-agent. If you wanted to test this out, SSH onto your machine and run eval $(ssh-agent) before attempting your commit.

1 Like