Reputation: 605
permission denied (publickey) when cloning from remote git repo
I have looked all over and cannot find the solution to this. It worked once...a while back.
I am trying to clone a remote repo using git to my local windows 10 workstation. I've tried in VSC, git bash and no luck. I have regenerated ssh keys several times and made sure they are on my account in bitbucket. I also had the admin verify I had permissions in bitbucket. I can clone with https, but I need ssh as well due to the module dependencies for terraform init, because it uses ssh.
This is the error I'm getting
Cloning into 'terraform'...
[email protected]: Permission denied (publickey).
fatal: Could not read from remote repository.
Please make sure you have the correct access rights
and the repository exists.
Any ideas on how to get ssh connection to work? I also verified the openssh ssh-agent service was running.
UPDATE with output...i still dont get it
forcing private key
PS C:\Users\me> ssh -i c:\users\me\.ssh\id_rsa -Tv [email protected] -p 7999
OpenSSH_for_Windows_7.6p1, LibreSSL 2.6.4
debug1: Connecting to something.com [1.1.1.1] port 7999.
debug1: Connection established.
debug1: identity file c:\\users\\me\\.ssh\\id_rsa type 0
debug1: key_load_public: No such file or directory
debug1: identity file c:\\users\\me\\.ssh\\id_rsa-cert type -1
debug1: Local version string SSH-2.0-OpenSSH_for_Windows_7.6
debug1: Remote protocol version 2.0, remote software version APACHE-SSHD-2.4.0
debug1: no match: APACHE-SSHD-2.4.0
debug1: Authenticating to something.com:7999 as 'git'
debug1: SSH2_MSG_KEXINIT sent
debug1: SSH2_MSG_KEXINIT received
debug1: kex: algorithm: ecdh-sha2-nistp256
debug1: kex: host key algorithm: rsa-sha2-512
debug1: kex: server->client cipher: aes128-ctr MAC: [email protected] compression: none
debug1: kex: client->server cipher: aes128-ctr MAC: [email protected] compression: none
debug1: sending SSH2_MSG_KEX_ECDH_INIT
debug1: expecting SSH2_MSG_KEX_ECDH_REPLY
debug1: Server host key: ssh-rsa SHA256:tbUbYIJrt+P7aWKYsn09IsD+iouWjGiR6am8BaXXXXX
debug1: Host '[something.com]:7999' is known and matches the RSA host key.
debug1: Found key in C:\\Users\\me/.ssh/known_hosts:1
debug1: rekey after 4294967296 blocks
debug1: SSH2_MSG_NEWKEYS sent
debug1: expecting SSH2_MSG_NEWKEYS
debug1: SSH2_MSG_NEWKEYS received
debug1: rekey after 4294967296 blocks
debug1: SSH2_MSG_SERVICE_ACCEPT received
debug1: Authentications that can continue: publickey
debug1: Next authentication method: publickey
debug1: Offering public key: RSA SHA256:bvs3ECFl7m4r8SN404IIeuiFG6AoNqfdMCFp+AYXXXX c:\\users\\me\\.ssh\\id_rsa
debug1: Server accepts key: pkalg ssh-rsa blen 535
debug1: read_passphrase: can't open /dev/tty: No such file or directory
Enter passphrase for key 'c:\users\me\.ssh\id_rsa':
debug1: Authentication succeeded (publickey).
Authenticated to something.com ([1.1.1.1]:7999).
debug1: channel 0: new [client-session]
debug1: Entering interactive session.
debug1: pledge: network
shell request failed on channel 0
forcing public key
PS C:\Users\aedle> ssh -i c:\users\me\.ssh\id_rsa.pub -Tv [email protected] -p 7999
OpenSSH_for_Windows_7.6p1, LibreSSL 2.6.4
debug1: Connecting to something.com [1.1.1.1] port 7999.
debug1: Connection established.
debug1: identity file c:\\users\\me\\.ssh\\id_rsa.pub type 0
debug1: key_load_public: No such file or directory
debug1: identity file c:\\users\\me\\.ssh\\id_rsa.pub-cert type -1
debug1: Local version string SSH-2.0-OpenSSH_for_Windows_7.6
debug1: Remote protocol version 2.0, remote software version APACHE-SSHD-2.4.0
debug1: no match: APACHE-SSHD-2.4.0
debug1: Authenticating to something.com:7999 as 'git'
debug1: SSH2_MSG_KEXINIT sent
debug1: SSH2_MSG_KEXINIT received
debug1: kex: algorithm: ecdh-sha2-nistp256
debug1: kex: host key algorithm: rsa-sha2-512
debug1: kex: server->client cipher: aes128-ctr MAC: [email protected] compression: none
debug1: kex: client->server cipher: aes128-ctr MAC: [email protected] compression: none
debug1: sending SSH2_MSG_KEX_ECDH_INIT
debug1: expecting SSH2_MSG_KEX_ECDH_REPLY
debug1: Server host key: ssh-rsa SHA256:tbUbYIJrt+P7aWKYsn09IsD+iouWjGiR6am8Ba9XXXX
debug1: Host '[something.com]:7999' is known and matches the RSA host key.
debug1: Found key in C:\\Users\\me/.ssh/known_hosts:1
debug1: rekey after 4294967296 blocks
debug1: SSH2_MSG_NEWKEYS sent
debug1: expecting SSH2_MSG_NEWKEYS
debug1: SSH2_MSG_NEWKEYS received
debug1: rekey after 4294967296 blocks
debug1: SSH2_MSG_SERVICE_ACCEPT received
debug1: Authentications that can continue: publickey
debug1: Next authentication method: publickey
debug1: Offering public key: RSA SHA256:bvs3ECFl7m4r8SN404IIeuiFG6AoNqfdMCFp+AXXXXX c:\\users\\me\\.ssh\\id_rsa.pub
debug1: Server accepts key: pkalg ssh-rsa blen 535
Load key "c:\\users\\me\\.ssh\\id_rsa.pub": invalid format
debug1: No more authentication methods to try.
[email protected]: Permission denied (publickey).
I am still completely lost, because when i go back and try to clone, i get this:
git clone ssh://something.com:7999/ter/terraform.git
Cloning into 'terraform'...
[email protected]: Permission denied (publickey).
fatal: Could not read from remote repository.
Please make sure you have the correct access rights
and the repository exists.
The overall issue was that the ssh_config for git could not see my private key at ~/.ssh/id_rsa....so I had to specify exactly where on the C: it was...and not my git config looks like this after changing this and uncommenting the line
Host *
# ForwardAgent no
# ForwardX11 no
# PasswordAuthentication yes
# HostbasedAuthentication no
# GSSAPIAuthentication no
# GSSAPIDelegateCredentials no
# BatchMode no
# CheckHostIP yes
# AddressFamily any
# ConnectTimeout 0
# StrictHostKeyChecking ask
IdentityFile c:\users\me\.ssh\id_rsa
# IdentityFile ~/.ssh/id_dsa
# IdentityFile ~/.ssh/id_ecdsa
# IdentityFile ~/.ssh/id_ed25519
# Port 7999
# Ciphers aes128-ctr,aes192-ctr,aes256-ctr,aes128-cbc,3des-cbc
# MACs hmac-md5,hmac-sha1,[email protected]
# EscapeChar ~
# Tunnel no
# TunnelDevice any:any
# PermitLocalCommand no
# VisualHostKey no
# ProxyCommand ssh -q -W %h:%p gateway.example.com
# RekeyLimit 1G 1h
# UserKnownHostsFile ~/.ssh/known_hosts.d/%k
# Added by git-extra
Upvotes: 2
Views: 3829
Answers (1)
Reputation: 1329582
Is there any way to force and guarantee that any git command uses a specific ssh key?
Start with testing authentication access with:
ssh -i C:\path\to\specific\key -Tv [email protected]
Once you get a "Welcome" message, you can start checking your GIT_SSH_COMMAND or your ~/.ssh/config file to make that key use persistent.
First, create a ssh key without passphrase, for testing, in order to not have to deal with ssh-agent (again, for testing)
Second ssh -i references always the private key, never the public key (.pub)
Third: a git clone ssh would always use port 22, not 7999: it is therefore not surprising that git command fails.
So: create a config file in c:\users\me\.ssh\ with:
Host bb
Hostname something.com
Port 7999
User git
IdentityFile c:\users\me\.ssh\id_rsa
Then use that Host bb entry it for your clone:
git clone bb:ter/terraform.git
Upvotes: 2
Related Questions
- Bitbucket Permission denied (publickey). but works with ssh
- Can pull into a newly cloned repo with SSH key but not existing one on same machine
- Permission denied (publickey) when clone git repo from bitbucket
- Git Permission denied (publickey)
- Bitbucket ssh clone Permission denied (publickey)
- Git clone with SSH shows error permission denied (publickey)
- Git Clone : Permission denied (publickey). fatal: Could not read from remote repository
- Permission denied (publickey) when trying to Git Clone
- BitBucket - Git - Permission denied (publickey)
- Git clone "permisssion denied (publickey)"