Git, GIT_SSH, and SSH

As part of a project at work, a web application running in Tomcat must periodically pull files form Git. No, it’s not Jenkins. Usually it work a treat but getting it all working on Windows proved to be tricky, and I post the solution here in hopes of saving someone’s mental health.

Tomcat was running under a service account, user svcacct. In order to present the right identity and host keys, I wrote a simple wrapper to execute ssh with specific keys.

ssh -o PreferredAuthentications=publickey -o IdentityFile=C:\Users\svcacct\.ssh\service_acct_pk -o UserKnownHostsFile=C:\Users\scvacct\.ssh\known_hosts %*

For Git to use this wrapper, the GIT_SSH environment variable must be set to point to it. Also, the host key was added manually to known_hosts. Tomcat had to be restarted for the new environment variable to take effect.

But it didn’t work. Git was coughing this into the logs:

fatal: protocol error: bad line length character:
c:

After much wailing and gnashing of teeth, and setting GIT_TRACE to 1, the problem was determined to be caused by Windows echoing the full path the the ssh executable. Git was trying to parse the output of ls-remote and gagging on the “C:\Program Files\” prefix.

Turning off the echo in the batch file did the trick:

@echo off
ssh -o PreferredAuthentications=publickey -o IdentityFile=C:\Users\wpsadmin\.ssh\id_rsa-transformation_svc -o UserKnownHostsFile=C:\Users\wpsadmin\.ssh\known_hosts %*

Lessons learned: GIT_TRACE is your friend, and we’re still farting around with batch files in 2015.

More info here.