Force ssh batch mode to avoid hidden auth prompts during fetch#310
Merged
Conversation
fischeti
force-pushed
the
fischeti/fix-git-terminal-input
branch
from
04e3e36 to
5be339e
Compare
Member
|
This looks useful to avoid issues! I'm wondering if we can keep the prompts (both for git and ssh) when progress bars are disabled, as well as adding a help message if a prompt would have been required, pointing to the non-progress flag, such that users can still move forward even if things don't work as expected. |
GIT_TERMINAL_PROMPT=0 only suppresses git's own credential prompts. When fetching over SSH, the authentication prompts (host key confirmation, password, key passphrase) are emitted by `ssh` directly to the controlling terminal, bypassing the piped stderr that we parse for progress. With the progress bars drawn on that same terminal, the prompt is hidden behind them and the fetch appears to hang indefinitely -- typically for users without a configured SSH key. Set GIT_SSH_COMMAND to append `-o BatchMode=yes` so ssh refuses to prompt and fails fast with a clear error instead, mirroring the GIT_TERMINAL_PROMPT treatment for git. Any user-provided GIT_SSH_COMMAND is preserved, and since ssh honors the first value seen for an option, an explicit BatchMode set by the user still takes precedence. Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>
fischeti
force-pushed
the
fischeti/fix-git-terminal-input
branch
2 times, most recently
from
51759d0 to
d9939eb
Compare
…erations Following review feedback that fully disabling input is too restrictive, soften the SSH handling and make failures actionable instead of silent: - Add `-o StrictHostKeyChecking=accept-new` so the common first-connection host-key prompt no longer blocks (changed keys are still rejected). This removes the most frequent prompt without compromising on key changes. - Detect authentication failures in git's stderr and emit a targeted help message (configure ssh-agent / a passphrase-less key, check repo access) rather than just dumping the raw stderr. Interactive credential prompts remain suppressed because they cannot be shown safely while fetching in parallel behind progress bars. Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com> Allow interactive auth with --no-progress instead of auto-accepting Per review feedback, drop the auto-accept of unknown host keys and instead make interactive authentication possible by turning progress bars off. Prompts from git and ssh are written directly to the controlling terminal, so they only collide with the progress bars visually; with the bars off the prompt is visible and answerable. Suppression of prompts is now conditional: - progress bars active, or no terminal at all (e.g. CI): suppress prompts (GIT_TERMINAL_PROMPT=0 + ssh BatchMode=yes) so the command fails fast instead of hanging on input nobody can see or provide. - interactive terminal with --no-progress: leave prompting untouched, so credentials and host keys can be entered normally. The auth-failure help message now tells the user to re-run with --no-progress to authenticate interactively (or to configure ssh-agent). Adds Diagnostics::progress_active() to expose whether bars are rendering. Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com> Recommend --git-throttle 1 alongside --no-progress in auth hint When authenticating interactively via --no-progress, concurrent fetches can still interleave their prompts on the shared terminal. Extend the auth-failure help to suggest `--git-throttle 1` so only one git operation prompts at a time. Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>
fischeti
force-pushed
the
fischeti/fix-git-terminal-input
branch
from
d9939eb to
42874a8
Compare
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
2 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
GIT_TERMINAL_PROMPT=0only suppresses git's own prompts. Over SSH, auth prompts (host key, password, passphrase) come fromsshitself and go straight to the terminal, where they hide behind the progress bars — so the fetch looks like it hangs (typically when no SSH key is configured).Fix: append
-o BatchMode=yestoGIT_SSH_COMMANDso ssh fails fast with a clear error instead of prompting. An existing userGIT_SSH_COMMANDis preserved, and a user-setBatchModestill wins.