Authentication failed on a specific machine via HTTPS with git bash - follow up question

可紊 提交于 2020-04-17 21:48:07

问题


With this previous answer I was able to use git clone, etc using SSH on the problematic machine. But - only on such machine - I'm still getting an error from git bash for https:

$ git clone https://giuliohome:mypassword@github.com/giuliohome/MyPrivateRepo.git
Cloning into 'MyPrivateRepo'...
remote: Repository not found.
fatal: Authentication failed for 'https://github.com/giuliohome/MyPrivateRepo.git/'

I've tried to create a personal access token via github web settings and use it instead of the password but it also fails like above on the problematic machine (again, it works on another machine).

I've also tried to remove/change/add the git credentials through windows credential manager.

Edit Sorry guys, my original problem was

certificate problem: unable to get local issuer certificate

(The problem originated yesterday after an update of tortoisegit killed an explorer process and messed up something in my pc...)

I tried the quick workaround sslVerify = false and I got the above error, but returning to true I see the certificate problem back

Here the requested details

MYDOMAIN+MYDOMAINUSER@MYMACHINE MINGW64 /c/sviluppi/.../code/git/test2
$ git config -l --show-origin
file:C:/Program Files/Git/etc/gitconfig diff.astextplain.textconv=astextplain
file:C:/Program Files/Git/etc/gitconfig filter.lfs.clean=git-lfs clean -- %f
file:C:/Program Files/Git/etc/gitconfig filter.lfs.smudge=git-lfs smudge -- %f
file:C:/Program Files/Git/etc/gitconfig filter.lfs.process=git-lfs filter-process
file:C:/Program Files/Git/etc/gitconfig filter.lfs.required=true
file:C:/Program Files/Git/etc/gitconfig http.sslbackend=openssl
file:C:/Program Files/Git/etc/gitconfig http.sslcainfo=C:/Program Files/Git/mingw64/ssl/certs/ca-bundle.crt
file:C:/Program Files/Git/etc/gitconfig core.autocrlf=true
file:C:/Program Files/Git/etc/gitconfig core.fscache=true
file:C:/Program Files/Git/etc/gitconfig core.symlinks=false
file:C:/Program Files/Git/etc/gitconfig core.editor="C:\\Program Files\\Notepad++\\notepad++.exe" -multiInst -notabbar -nosession -noPlugin
file:C:/Program Files/Git/etc/gitconfig credential.helper=manager
file:C:/Users/mydomainuser/.gitconfig        user.name=Giulio
file:C:/Users/mydomainuser/.gitconfig        user.email=giuliohome@xxxx.com
file:C:/Users/mydomainuser/.gitconfig        http.sslverify=true
file:C:/Users/mydomainuser/.gitconfig        credential.https://github.com.helper=manager
file:C:/Users/mydomainuser/.gitconfig        credential.https://github.com.username=giuliohome

I'm on Windows 10 Enterprise, I wish to use tortoisegit in the end but at the moment I'm blocked at git bash level. So now I'm using the pure git and I want to solve the issue there, then I guess I will be able to return to tortoisegit (again, I'm speaking about git https, because git ssh works as already said)

This is my c:\users\mydomainuser\.gitconfig now

[user]
    name = Giulio
    email = giuliohome@xxxx.com
[http]
    sslVerify = true
    sslbackend = openssl
    sslcainfo = C:/Program Files/Git/mingw64/ssl/certs/ca-bundle.crt
[credential "https://github.com"]
    helper = manager
    username = giuliohome

after replacing sslbackend=schannel with openssl I get unable to get local issuer certificate

Finally, let me add that McAfee Endpoint Security is active on this machine and also the Blue Coat Unified Agent.


回答1:


The problem here is you are using your git client is using global git config stored in your home directory (C:/Users/mydomainuser/.gitconfig), this git config does not have ssl-backend and ssl-cainfo values set. You need to add these two lines in C:/Users/mydomainuser/.gitconfig

http.sslbackend=openssl
http.sslcainfo=C:/Program Files/Git/mingw64/ssl/certs/ca-bundle.crt



回答2:


I suspect that the https connection is actually blocked, based on the IP address of the machine, by some security mechanism.

I've derived this because if I change the ip of the machine and I produce a new personal access token, it seems to work for just a single time, one shot, hence I'd guess that it is a security firewall on the network is silently blocking the connection. They also told me that, by looking at McAfee logs, the issue is not there. I've done a test by cloning a bitbucket private repo on the same machine but the authorization fails, so github looks not at fault either...

So finally I'd say it could be Blue Coat Unified Agent as described in this answer.

Yes, this is confirmed, I have momentarily disconnected the Blue Coat Unified Agent and git clone is now working as expected also via https. To definitely fix it they noticed from git verbose the error 401 and maybe entrusted github certificate.

As far as the description of the original problem is concerned, see also the following sentence reported in the steps to reproduce this github issue about the context of "Multiple issues related to SSL Interception (environs with proxy, enterprise MITM, etc)"

Recommend setting up a lab and configuring an Enterprise grade security product such as BlueCoat or similar that does MITM, then using internal certificates for the pass-back.



来源:https://stackoverflow.com/questions/61115733/authentication-failed-on-a-specific-machine-via-https-with-git-bash-follow-up

易学教程内所有资源均来自网络或用户发布的内容,如有违反法律规定的内容欢迎反馈
该文章没有解决你所遇到的问题?点击提问,说说你的问题,让更多的人一起探讨吧!