Connect to private github repository with libgit2

Question

I'm trying to fetch a private github repository using libgit2. The repo belongs to an organization and I have read/write permissions. The program is written in Objective-C++. I have this:

- (int)fetchBranches
{
    git_remote *remote = NULL;
    int result = 0;
    if (!(result = git_remote_load(&remote, repo, "origin"))) {
        git_remote_callbacks callbacks = GIT_REMOTE_CALLBACKS_INIT;
        callbacks.credentials = cred_acquire_cb;
        git_remote_set_callbacks(remote, &callbacks);
        result = git_remote_fetch(remote);
    }
    return result;
}

int cred_acquire_cb(git_cred **out,
                    const char * url,
                    const char * username_from_url,
                    unsigned int allowed_types,
                    void * payload)
{
    return git_cred_ssh_key_new(out, "GITHUBUSERNAME", "/Users/admin/.ssh/id_rsa.pub", "/Users/admin/.ssh/id_rsa", "PASSPHRASE");
}

This creates the credentials but when I do the fetch it fails when trying to authenticate the session with libssh2. (libgit2/src/transports/ssh.c:302):

rc = libssh2_userauth_publickey_fromfile(
      session, c->username, c->publickey,
      c->privatekey, c->passphrase);

The error is -18, LIBSSH2_ERROR_AUTHENTICATION_FAILED. I've confirmed that the public key is added to Github and tried to change it for a new one too. Also the passphrase is correct and the username is my github username. I can do the fetch through the console too. The remote config is:

[remote "origin"]
    url = git@github.com:ORGNAME/REPONAME.git
    fetch = +refs/heads/*:refs/remotes/origin/*

I've also tried to get the key from the git-agent in OSX with the same result:

return git_cred_ssh_key_from_agent(out, "GITHUBUSERNAME");

Finally I tried using the plaintext authentication:

return git_cred_userpass_plaintext_new(out, username, password);

This last method works after changing the repo url to the HTTPS address. The problem is that it requires the user to input the password each time or store the git_cred struct which contains the password in blank (don't like that).

Anyone knows why the ssh authentication is failing? Is there a way to avoid having to input the username/password with each operation (with the plaintext authentication)?

Answer 1

The user when talking over ssh is "git" (thus all the urls are git@github.com:user/repo), so you should use that instead of the "real" username on GitHub. The key you send is what the server uses to determine which user it is dealing with.