I have done the following steps to setup ssh deployment keys with our git repo for it to be able to git pull without a username and password:
Note: I am on AWS EC2 / Ubuntu 14.04.3
Run ssh-keygen -t rsa -b 4096 -C "ownersEmail#gmail.com" these are then saved as id_rsa and id_rsa.pub in ~/.ssh/
The deployment public key (id_rsa.pub) is added on the GitHub online UI in the deployment keys section
The directory is already cloned in /var/www/ directory, this is working all good via HTTPS for pulling
Try sudo git pull git#github.com:ownersUsername/OurRepo.git and get the following error
Permission denied (publickey).
fatal: Could not read from remote repository.
Please make sure you have the correct access rights
and the repository exists.
Another Note: This repository is private under another users account.
Also, when I try ssh git#github.com I get:
Hi userName/Repo! You've successfully authenticated, but GitHub does not provide shell access.
Connection to github.com closed.
And the deployment key comes up as being used. Have been on this issue for greater than 4 hours now and any would would be very much appreciated, thanks.
The problem is you're using sudo, which runs the command as root, and it will try to use the root's keys not your user's keys.
What you want to do is:
give your user/group write access to /var/www
run the pull/clone as the user, not the root user.
When you do a git pull you don't need the link.
git pull <remote> <branch>
You need the full url for the clone command
sudo git clone git#github.com:ownersUsername/OurRepo.git
To test if your ssh key is good use this:
git fetch --all --prune
Related
Please note: I first log in into my ec2 server with ssh.
Then I created a new ssh key. Generating it gave me these files:
id_ed25519.pub
id_ed25519
I opened the setting page at github and added a new ssh-key.
I entered the content of "id_ed25519.pub".
I go back to my ec2 instance and run this command:
git clone git#github.com:myusername/myrepo.git
What I get is this error:
Permission denied (publickey).
If I run this:
ssh -Tv git#github.com
then I get this message:
Hello username. You've successfully authenticated, but GitHub does not provide shell access.
Why am I not able to clone the repo?
Assuming you are running ssh -Tv git#github.com from the same ECS environment you are attempting your clone, said clone should work.
You can compare the ssh -Tv git#github.com output (which works) with your git clone by doing:
export GIT_SSH_COMMAND='ssh -Tv'
git clone git#github.com:myusername/myrepo.git
You will see if the git clone use attempting to use the same keys as your ssh did.
I have a repo at GitHub. When cloning it in Linux using ssh it works fine:
> git clone git#github.com:henrikppersson74/frokenjennnie.git
Cloning into 'frokenjennnie'...
Enter passphrase for key '/home/----/.ssh/id_rsa':
.
.
Reinitialized existing Git repository in /home/*
When doing the same thing in Windows PowerShell it doesn't work:
> git clone git#github.com:henrikppersson74/frokenjennnie.git
Cloning into 'frokenjennnie'...
git#github.com: Permission denied (publickey).
fatal: Could not read from remote repository.
Please make sure you have the correct access rights
and the repository exists.
I have copied my private and public SSH keys from Linux to my Windows machine and they are stored in my ~/.ssh/ as id_rsa and id_rsa.pub.
It seems to work when I try to access github.com with ssh from PowerShell:
> ssh git#github.com
Enter passphrase for key 'C:\Users\-----/\.ssh\id_rsa':
PTY allocation request failed on channel 0
Hi henrikppersson74! You've successfully authenticated, but GitHub does not provide shell access.
Connection to github.com closed.
This is the same answer I get when doing this in Linux. I guess this means the my SSH-key par is ok?
When working in Eclipse in Windows, using the "Git Repositories" view it works fine to clone the same repo.
Previously I created new SSH keys in the PowerShell and copied the public one to GitHub, but with the same result.
My ~/.ssh/config file lookes like this:
Host github.com
HostName github.com
IdentityFile ~\.ssh\id_rsa
User git
ForwardAgent yes
I am using Git version:
> git --version
git version 2.28.0.windows.1
Unfortunately I get no extra information from using the --verbose flag:
> git clone git#github.com:henrikppersson74/frokenjennnie.git --verbose
Cloning into 'frokenjennnie'...
git#github.com: Permission denied (publickey).
fatal: Could not read from remote repository.
Please make sure you have the correct access rights
and the repository exists.
It doesn't help to add the key to the ssh-agent:
> ssh-add C:\Users\-----\.ssh\id_rsa
Enter passphrase for C:\Users\-----\.ssh\id_rsa:
Identity added: C:\Users\------\.ssh\id_rsa (C:\Users\-----\.ssh\id_rsa)
> git clone git#github.com:henrikppersson74/frokenjennnie.git --verbose
Cloning into 'frokenjennnie'...
git#github.com: Permission denied (publickey).
fatal: Could not read from remote repository.
Please make sure you have the correct access rights
and the repository exists.
Could my old keys be cashed somewhere?
Does anyone have any idea about why I am not able to clone my repo in Windows PowerShell? I would be so grateful for some help.
The problem was that my %HOME% environment variable was set to the wrong location. When I changed it back to C:\Users\<userid> it worked like charm. Apparently SSH first looks for a key in %HOME%\.ssh\, then for en entry in %HOME%\.ssh\config\ and last it uses the keys added to the ssh-agent.
I am using macOS Catalina. I already have a repository on GitLab and an SSH-key assigned. Now I want to create another repository from the terminal. I do the following:
git config user.name my_name
git config user.email my_email
git init
Then I get this:
Initialized empty Git repository in directory
So far so good.
git remote add origin git#gitlab.com:my_name/repo.git
git add .
git commit -m 'commit'
git push -u origin master
Then I get the following error:
git#gitlab.com: Permission denied (publickey).
fatal: Could not read from remote repository.
Please make sure you have the correct access rights
and the repository exists.
Then I go to the repository I already had and try to push there, everything works so I guess I don't have a problem with SSH-key. I know this is a very common question on the internet but none of the answers solved my problem.
First, you should get "Initialized empty Git repository in directory" only after a git init ., not after a git remote add origin ...
Second, with GitLab, you can push to create a new project, as illustrated in this MR, starting with GitLab 10.5 (Q1 2018)
Third, if the error persists, then the key is somehow at fault.
Test it with:
ssh -Tv git#gitlab.com
Also
git -c core.sshCommand="ssh -v" push -u origin master
To generate a valid key:
ssh-keygen -t rsa -P "" -m PEM
And register your new id_rsa.pub to your GitLab profile.
I tried all the above mentioned solutions but none of it worked. I then read the logs and found that it is looking for the key in a specific folder and I created the key and added it to my Gitlab profile too. Then it started working.
Git authentication issue can be solved by reading the logs of the git and creating appropriate SSH keys under appropriate folders.
Steps
Run the following command and it will try to push the code and if it not successful then it will display where the error is
git -c core.sshCommand="ssh -v" push -u origin master
Now, we can generate a new SSH key and the following command will generate a key in the working folder.
ssh-keygen -t rsa -P "" -m PEM
It will ask for key name, you can give id_rsa as the key name or any name which the Bash displays as "Trying private key: c:/Users/Dell/.ssh/".
Once the key is generated in bash, your working directory will have the key.
While running the command in step1, you will see that the folder in which it is looking for a private key. In my case it is "c:/Users/Dell/.ssh/id_rsa"
We should put the generated keys from the working folder into this folder
We should also make sure that we add our SSH Key to the Gitlab account.
Click on your Gitlab account MyProfile and select preferences.
Click to see how to add SSH to your Gitlab account
Click the SSH keys menu, open the generated key file using notepad and copy the content of the key from notepad and paste it in the SSH key text editor and save it .
Click to see how to add SSH Key to your Gitlab account
Again, run the following command and check now. The code will be pushed.
git -c core.sshCommand="ssh -v" push -u origin master
the code will be pushed.
The same issue happened.
I used HTTPS instead of SSH
(I followed the instruction steps after creating repo in GitLab but that cause a Permission issue. It's is because of ssh pub key to upload)
These steps work without using SSH
Create a repository/project in GitLab
I removed .git (that caused permission issue in previous. For to start with fresh)
git config --global user.name "user_name"
git config --global user.email "user.email#gmail.com"
git init .
git remote add origin https://gitlab.com/user.account/user_project.git
git add . and git commit -m "initial commit"
git push -u origin master
It will ask username and password. Then fixed.
I have configured Jenkins on a Linux machine and my git repo is on an another Linux server. But when I try to give the URL of the repo to Jenkins I get the following error.
Failed to connect to repository : Command "git -c core.askpass=true ls-remote -h ssh://user#ip/~/export1 HEAD" returned status code 128:
stdout:
stderr: Permission denied, please try again.
Permission denied, please try again.
Permission denied (publickey,gssapi-keyex,gssapi-with-mic,password).
fatal: Could not read from remote repository.
Please make sure you have the correct access rights
and the repository exists.
What could be the cause for this?
I have seen that both the systems' rsa key is present in each other's .ssh/known_hosts folder.
I am able to pull or clone code from the repo to a folder in Jenkins system as well. So why is Jenkins not able to take it?
I have also tried the URL user#ip:/fullpath/to/repo
You need to make sure Jenkins is running as the right user (the one who has the keys in ~/.ssh/id_rsa(.pub)
That user might not be the same as the one used in the ssh url: user#ip means you are connecting to ip using an account which has your public key in ~user/.ssh/authorized_key.
So the Jenkins process must be run by an account which has the private and public key, whose public key is in ~user/.ssh/authorized_key on the git server side.
And that account should have done (only once) an ssh-keyscan -H ip >> ~account/.ssh/known_hosts before any ssh attempt, in order to record the git server ip as a known host.
Does it being a bare repo make any difference or change in the URL?
No. The .git at the end of the bare repo folder is optional when used as an url.
Further to #VonC's reply, you can also use the Credentials plugin to define a set of credentials on your Jenkins master that your Jenkins job uses to access your Git repo. This allows you to run Jenkins itself as a different user from there one that has access to the Git repo.
The main problem was the security of the systems. I hadnt checked the authentication mechanisms on my server. The password authentication to the git server was causing the problem because the jenkins machine tries to directly fire a ls-remote to the path. When you do the same thing on the terminal you will be prompted for a password and then itl accept. When I set the password authentication and UsePAM to no and enabled the RSA authentication, pubkey authentication and authorised key setting to yes in the sshd_config file, and restarted, it was able to access the repo and I dint get this error.
I have created a new GIT repository in my server at /home/myuser/.git/project.git.
I found ssh key for git from C:\Users\Toshiba\.ssh\github_rsa.pub & appended with server's authorized_keys file.
when i try to do git clone using ssh it fails as below.
$ git clone ssh://myuser#mysite.net:2888/home/myuser/.git/project.git
Cloning into 'project'...
Permission denied (publickey,gssapi-keyex,gssapi-with-mic).
fatal: Could not read from remote repository.
Please make sure you have the correct access rights
and the repository exists.
Could you please help me in resolving this issue.
If your public/private key doesn't have the standard name C:\Users\Toshiba\.ssh\id_rsa(.pub), but C:\Users\Toshiba\.ssh\github_rsa.pub, then you need an ssh config file
Host mysite
Hostname mysite.net
User myuser
Port 2888
IdentityFile C:\Users\Toshiba\.ssh\github_rsa.pub
That would allow you to do
git clone mysite:/home/myuser/.git/project.git
Test it first wih ssh -Tvvv mysite, and then ssh mysite ls.
Make sure the environment variable %HOME% is defined to C:\Users\Toshiba
You have another example in "SSH error on push to an existing project Permission denied (publickey)"