The documentation for setting up Git to work well in a headless Windows environments is surprisingly sparse and the process is extremely frustrating (in my experience). Hopefully this will help!
Setup Git
It is advisable to run services (like a build service) as a pre-defined user, as opposed to the SYSTEM user. However, if Git really must be used as the SYSTEM user, the following will help emulate that environment.
- To run commands as the SYSTEM user, you can use psexec.exe from SysInternals.
- From an Administrator cmd.exe prompt, psexec -i -s cmd.exe will open a new shell as the SYSTEM user.
General Advice when Setting Up Git
- Define a HOME env var equal to %USERPROFILE%.
- Create passphrase-less rsa keys and put them in %HOME%/.ssh. These keys should be setup on whatever server hosts the Git repos. In GitHub, for example, you would need to add the public keys to your account.
- Do an initial ssh git@github.com to add GitHub to the known_hosts.
- Get rid of any GIT_SSH env vars if using the default OpenSSL ssh client for auth (as opposed to plink.exe, etc). GIT_SSH=c:\…\plink.exe may exist if you have previously used PuTTY/Pageant/TortoiseGit/etc to access Git repos.
- ssh git@github.com (or wherever your repo is) is very useful for debugging. One to three -v flags (i.e. ssh -vv git@github.com) may be added to help debug the connection process.
- Set the %HOME%/.ssh/config to specify which authentication to use:
Host github.com
User git
Hostname github.com
PreferredAuthentications publickey
- If you see the following error message and your files do have the correct perms (0600), then you are suffering from a bug in the msysgit ssh executable. Unix permissions (0644) don't map to NTFS ACLs. Msys just fakes the behavior of chmod, but it can't fake a chmod to a restrictive enough permissions set. Steps to fix are below.
@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@ @ WARNING: UNPROTECTED PRIVATE KEY FILE! @ @@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@ Permissions 0644 for '/path/to/key' are too open. It is recommended that your private key files are NOT accessible by others. This private key will be ignored. bad permissions: ignore key: /path/to/key
- Assuming cygwin is installed at c:\cygwin and msysgit is installed at c:\Program Files\Git, this will replace the ssh executable in msysgit with the one from cygwin, which recognizes file perms:
@rem From an Administrator cmd.exe @rem This works for 32bit Windows. Adjust accordingly for 64bit. c: ren "C:\Program Files\Git\bin\ssh.exe" "C:\Program Files\Git\bin\ssh.bak.exe" copy "C:\cygwin\bin\ssh.exe" "C:\Program Files\Git\bin\ssh.exe" copy "C:\cygwin\bin\cyg*.dll" "C:\Program Files\Git\bin\"
Some Sources
*** This is an excerpt from Jenkins Windows Slave and Git, originally published on Thomas Van Doren's blog.
Appreciated feedback from: George Reilly
Comments