npm install private Gitlab Repo Permission Denied (publickey) in Powershell

windows ssh permissions powershell git

7,927

Solution 1

I had the same problem. This is how I solved it / my workaround:

Make sure that you can authenticate against GitHub: ssh -T [email protected]
Make sure OpenSSH Authentication Service is not disabled (set it to manual start) - not sure if this step is necessary
Now the most important step: remove the password protection from your id_rsa key. npm install can't handle password protected ssh keys.

I would recommend adding a read only SSH key directly to the repository you like to install. This makes having a SSH key without password protection a little bit less dangerous.

Add a config file into ~/.ssh/ in which you define your keys:

IdentityFile ~/.ssh/id_rsa IdentityFile ~/.ssh/repository_ssh_key

Solution 2

I ran into this problem and was not able to fix as all the solutions lacked one important step, so I am posting my answer in very detail.

Assuming you have already generated ssh-key and added its public key to your github account.

npm install on Windows-10 causes a lot of problems because there are ssh-agents running from 2 different sources:

Windows provided ssh-agent (OpenSSH). This feature was added in one of the Windows-10 updates and is the culprit. :)
Git ssh-agent (this one is required for your scenario)(assuming git is installed.)

Detect source of running ssh-agent

Run start-ssh-agent (to run git provided ssh-agent) and ssh-agent (to run Windows provided ssh-agent) in cmd.
Go to task manager and click on details tab.
Look for ssh-agent.exe.

After following above steps, you can see 2 ssh-agent.exe running. In the 'User name' column you can see one for SYSTEM (this is provided by Windows) and one for your-user-name (this is git). Now, please close all ssh-agents you ran for npm install.

Cause of issue:

ssh-agent that npm install is trying to use is from the git but it is being conflicted with the windows provided ssh-agent.

Git ssh-agent can be started using start-ssh-agent but when you try to add ssh-key to your ssh-agent using command ssh-add -k ~/.ssh/id_rsa, it is trying to access ssh-add.exe from Windows path but not picking ssh-add.exe from git.

Solution:

Solution is to add ssh path of git to the Environment variables of your system and adding it before the "%SYSTEMROOT%\System32\OpenSSH" so it has higher priority.

This is only required so that you can access ssh-add.exe of git and after successful npm build you can freely remove it(even if you want to clone more repos and build them). Unless you want to add more keys for different repos.

Note: This path is different from the already present git/cmd path added during git installation so please make sure it is added before openSSh path variable for higher priority.

Please follow below steps to resolve your issue:

Start your git ssh-agent by running start-ssh-agent in cmd. Don't use ssh-agent as it starts the Windows provided ssh-agent.
Open Task Manager and go to Details tab.
Look for ssh-agent.exe.
Right click on ssh-agent.exe(on the one provided by git) and click open file location.
Copy the path and add it to Environment variables for system.(Ignore if already present).
Close cmd and also close the running ssh-agent.exe from task manager. Note: Closing cmd is required for Env. variables to take effect.
Open cmd in your repo and run where ssh-agent and where ssh-add to test which ssh path will be preferred. (Hope you see 2 paths now and OpenSSH should not be appearing before Git/bin/usr path :) )
Now, you are done. Run start-ssh-agent.(Runs git ssh-agent)
Add your preferred ssh key to you ssh-agent by ssh-add -k ~/.ssh/id_rsa.(choose private key). (Adds keys to git ssh-agent, not Windows ssh-agent)
Once successfully added, run npm install.

I hope it works, and if you are not comfortable, after successful npm build you can even remove the newly added path from env. variables as it was required only once(to access ssh-add from git), and start-ssh-agent is not accessed from that path.

Solution 3

Permission denied (publickey).

This means that your current public key cannot be authenticated by the remote server.

Check access via SSH

Run:

ssh -T [email protected]

to see whether you're authenticated with gitlab.com correctly. Otherwise, make sure you've added your publickey to your GitLab account.

Use `git+ssh://`

Use git+ssh://, instead of git://, for example:

npm i -S git+ssh://[email protected]/my-project/repo.git

See: Install npm module from GitLab private repository.

Provide different identity via SSH

To list your current identities, run:

ssh-add
ssh-add -L

To add different identity, run: ssh-add ~/.ssh/MyOtherKey.pem

Check `npm`

Also, make sure that you are not using any proxy for your npm. Check the config by npm config list.

Use `npm` Enterprise

You can use npm Enterprise to connect to your existing authentication system, such as OAuth2 (for GitLab), GitHub Enterprise and other. You can also check for existing auth-plugin (for GitLab, see: npme-auth-gitlab), or write one for custom authentication.

Use personal token

As for workaround, you can create your personal or OAuth2 access token (GitLab/OAuth2; GitHub/OAuth) and use it along with your private repository URL. OAuth token will allow you to access repo via API, and personal token directly via URL, e.g.

GitHub: https://[email protected]/my-project/repo
GitLab: https://gitlab.com/my-project/repo?private_token=<PERSONAL_ACCESS_TOKEN>

7,927

Philipp

Updated on September 18, 2022

Comments

Philipp over 1 year
I try to install a private gitlab repository via npm to another node project. The command is npm install --save gitlab:my-project#master This fails with
```
npm ERR! Permission denied (publickey).
npm ERR! fatal: Could not read from remote repository.
npm ERR!
npm ERR! Please make sure you have the correct access rights
npm ERR! and the repository exists.
```
I have the following set up: Windows 10, git and Powershell.

Using git commands directly in Powershell is working fine, e.g. git pull asks for the password of my private key and it works. All the other git stuff is working fine except for the npm install command, which seems to use git internally.

If I use the git bash, that is installed with git on Windows, I can run the npm command and install the private repository. It only fails within Powershell.

Nevertheless one could say: use git bash, but I'm somehow used to the PowerShell. :)
- sean christe about 6 years
  
  I suspect you need new keys
- Philipp about 6 years
  
  I'm not sure about this: the keys are working if I use git commands directly in Powershell. And in the git bash (which is installed during the git installation on Windows) even the npm stuff works. I rather think that the process executed by npm is not allowed to read the private key / doesn't even know there is any.
- Xeos about 3 years
  
  I've filed a bug report with NPM on this issue github.com/npm/cli/issues/2891
Philipp about 6 years

No proxy configured in npm. I can't run ssh-add nor ssh in powershell. Both are not recognized (probably missing in Windows PATH). If I want to execute the ssh-add.exe, which is installed in /git/usr/bin I first have to start the ssh agent (on Linux I'm using eval $(ssh-agent -s) for this). Nevertheless: even if I start and add the identity to the ssh agent (I'll try later; don't want to break something now). Why does it work if I use the git command in Powershell?!
kenorb about 6 years

Git could have some configuration in .gitconfig, for npm you need to specify the identity separately.
kenorb about 6 years

@Philipp I'd recommend you to clone private repository with your personal token, I've added another section. I haven't tested it, so not sure if URL is correct, please let me know.
kenorb about 6 years

@Philipp Try also using git+ssh:// instead of git://.