gitsshgit-bashgit-extensionsssh-agent

In Git for Windows 2.42 / Git Extensions for Windows 4.2.0, how can we disable the Git CLI stdin wrapper?


I am using Git and Git Extensions for Windows for version control. A part of my workflow is that I open the Git bash from within Git Extensions to work on the command line. One of the commands I often use in the Git bash is ssh-add, because the remote repositories are available via SSH at most.

This has worked until today without any problems. If I did ssd-add <my-key-id>, I was asked for the passphrase for the key directly in Git bash.

In today's morning, I have been offered an update of Git extensions for Windows, namely to version 4.2.0, and an update of Git for Windows, namely to 2.42., and I was stupid enough to take these offers.

The result is that I can't reach the remote repositories any more: Following an ssh-add command, I am no longer asked for the passphrase in the Git bash; instead, a GUI dialog opens, consisting of a text field where I can enter the passphrase, titled "Git Extensions - git CLI stdin wrapper". The problem now is that this git CLI stdin wrapper does not process my passphrase correctly; probably it's due to the fact that the passphrase contains all sorts of special characters, including German Umlauts. Anyway, I can't unlock the needed SSH keys any more.

How can I stop this madness? Is it possible to disable that git CLI stdin wrapper so that I can enter the passphrase at the command line again?

It seems that I probably could solve the problem by using other SSH binaries (ssh-add, ssh and so on), but I don't want to do that. There is absolutely no need for that git CLI stdin wrapper (entering the passphrase directly in Git bash has always worked), and it would be stupid to use another SSH client (the one bundled with Git has always worked reliably as well, and I have put some non-negligible work into its secure configuration).

I am also aware that I could probably solve the problem by opening the Git bash on its own instead of from within Git Extensions. However, this would destroy my current workflow for non-obvious reasons that I don't want to explain here; it would be a very annoying emergency solution.

Furthermore, it is absolutely clear that I won't change my SSH passphrases just because that totally superfluous GUI stdin wrapper passes them along in an incorrect way.


Solution

  • Set SSH_ASKPASS_REQUIRE to value “never” so that it never use the program defined in SSH_ASKPASS (filled by GitExtensions). See https://man.openbsd.org/ssh-add.1

    The reason of the change that introduces the regression on your work flow:

    Change introducing bad behavior for you https://github.com/gitextensions/gitextensions/pull/11199 The reason is described in https://github.com/gitextensions/gitextensions/pull/11182 (to better handle password managers)