Permission denied error when using Github deploy keys

Question

So I have a project (private repo) that has multiple submodules (also private). I have a server hosted on Amazon EC2 that will house the project, and I want to use our private Github repo.

I generated an ssh key for the main project and added it to the projects deploy keys. I also generated additional ssh keys for each submodule and added it to their deploy keys.

When I try and clone the project (using git@github), it doesn't work:

Permission denied (publickey). fatal: The remote end hung up unexpectedly

I have double checked each repo and their deploy keys and everything seems correct. Is there some other small step I am missing?

Answer 1

Short answer: there is no easy way to use deploy keys with private submodules. In my experience you have two options:

1. Keep using submodules but stop using deploy keys and instead use a single account-level SSH key that grants access to all your private repositories (easier, less secure)
2. Stop using submodules, keep using deploy keys, and manually git clone each repository passing in the SSH private key that matches the deploy key (trickier, more secure)

The reason for this is git clone triggers an SSH connection that can only use a single SSH private key at a time (e.g. ~/.ssh/id_rsa). The SSH private key being used must match the repository's deploy key -- and deploy keys must be unique per project. In the case of a submodule clone, you're only using a single private key. That key may match your top-level project, but will surely fail on the child projects with the error you provided.

Hope this is helpful..