Github permission denied: ssh add agent has no identities

Question

This is my first time accessing GitHub and I'm not experienced using a console. I am on a MacBook using Bash. When I try to access GitHub, I get this:

git clone git@github.com:dhulihan/league-of-legends-data-scraper.git
Cloning into 'league-of-legends-data-scraper'...
Permission denied (publickey).
fatal: Could not read from remote repository.

Please make sure you have the correct access rights
and the repository exists.

I've tried following the instructions on Github page about permission being denied.

When I use ssh -vT git@github.com, I get the following:

OpenSSH_6.2p2, OSSLShim 0.9.8r 8 Dec 2011
debug1: Reading configuration data /etc/ssh_config
debug1: /etc/ssh_config line 20: Applying options for *
debug1: Connecting to github.com [192.30.252.129] port 22.
debug1: Connection established.
debug1: identity file /Users/XXXX/.ssh/id_rsa type -1
debug1: identity file /Users/XXXX/.ssh/id_rsa-cert type -1
debug1: identity file /Users/XXXX/.ssh/id_dsa type -1
debug1: identity file /Users/XXXX/.ssh/id_dsa-cert type -1
debug1: Enabling compatibility mode for protocol 2.0
debug1: Local version string SSH-2.0-OpenSSH_6.2
debug1: Remote protocol version 2.0, remote software version libssh-0.6.0
debug1: no match: libssh-0.6.0
debug1: SSH2_MSG_KEXINIT sent
debug1: SSH2_MSG_KEXINIT received
debug1: kex: server->client aes128-ctr hmac-sha1 none
debug1: kex: client->server aes128-ctr hmac-sha1 none
debug1: sending SSH2_MSG_KEXDH_INIT
debug1: expecting SSH2_MSG_KEXDH_REPLY
debug1: Server host key: RSA 16:27:ac:a5:76:28:2d:36:63:1b:56:4d:eb:df:a6:48
debug1: Host 'github.com' is known and matches the RSA host key.
debug1: Found key in /Users/XXXX/.ssh/known_hosts:1
debug1: ssh_rsa_verify: signature correct
debug1: SSH2_MSG_NEWKEYS sent
debug1: expecting SSH2_MSG_NEWKEYS
debug1: SSH2_MSG_NEWKEYS received
debug1: Roaming not allowed by server
debug1: SSH2_MSG_SERVICE_REQUEST sent
debug1: SSH2_MSG_SERVICE_ACCEPT received
debug1: Authentications that can continue: publickey
debug1: Next authentication method: publickey
debug1: Trying private key: /Users/XXXX/.ssh/id_rsa
debug1: Trying private key: /Users/XXXX/.ssh/id_dsa
debug1: No more authentication methods to try.
Permission denied (publickey).

Next, eval "$(ssh-agent -s)" returns "Agent pid 2314", however ssh-add -l returns "The agent has no identities."

And that is where I am stuck.

Do you *have* an SSH key created? Do you have it listed with your github account? Do you have the key on your mac? — Etan Reisner, Oct 22 '14 at 11:26
I was looking for the answer to that question (not being familiar with this whole system), and found this: https://mac.github.com/ It solved all my problems. I highly recommend it. Thanks for the push in the right direction, Etan! — Dark, Oct 22 '14 at 13:20
You might want to add that an an answer to this question (with further details about how it solved your problem) and accept your answer. — Etan Reisner, Oct 22 '14 at 15:45
Okay, I've submitted the answer. SO is telling me I can only accept it in 2 hours. — Dark, Oct 24 '14 at 08:58

score 323 · Answer 1 · edited Dec 31 '19 at 06:55

323

Full details in this answer.

In summary, when ssh-add -l returns “The agent has no identities”, it means that keys used by ssh (stored in files such as ~/.ssh/id_rsa, ~/.ssh/id_dsa, etc.) are either missing, they are not known to ssh-agent, which is the authentication agent, or that their permissions are set incorrectly (for example, world writable).

If your keys are missing or if you have not generated any, use ssh-keygen -t rsa, then ssh-add to add them.

If keys exist but are not known to ssh-agent (like if they are in a non-standard folder), use ssh-add /path/to/my-non-standard-ssh-folder/id_rsa to add them.

See this answer if you are having trouble with ssh-add or ssh-agent.

edited Dec 31 '19 at 06:55

Lucas

523
2
10
20

answered Feb 11 '15 at 00:43

John Doedoe

3,423
1
12
8

6

Thank you @Doedoe for a link to a nice and short answer. And for those who have keyS (ie multiple Git accounts), you might have to use `ssh-add /path/to/keyX` for each, especialy if they have non-standard names. Details here: https://stackoverflow.com/questions/3225862/multiple-github-accounts-ssh-config/17158985#17158985 (a nice answer) – tuk0z Mar 31 '15 at 20:30
Thanks for this. I got stuck here.. but I realized that I need to run `ssh-add` *again* after resolving the permissions part of the issue. After this, `ssh -vT git@github.com` did not work. I did need to add the *absolute* path like the commenter above mentioned. Then, it was all gravy. – jungledev Nov 22 '16 at 22:05
3

In second case I forgot my passphrase and I've recovered it using https://help.github.com/articles/how-do-i-recover-my-ssh-key-passphrase/ – Kiryl Bielašeŭski Dec 15 '16 at 12:51
I am facing the same problem where the keys exist but I need to re-add them frequently while signing commits. Is there a way to add them permanently? – Rafs Oct 17 '22 at 10:57
this is the best explanation, I read so far. – Caffeine Coder Jan 25 '23 at 15:34

score 182 · Answer 2 · answered Apr 13 '16 at 11:36

182

try this:

ssh-add ~/.ssh/id_rsa

worked for me

answered Apr 13 '16 at 11:36

Boltun Oreh

1,845
1
9
2

16

Hi, welcome to SO. Please explain your code, so your fellow users can understand what's going on. Cheers. – Cthulhu Apr 13 '16 at 11:59
9

When you reboot your keys are gone and you have to 'ssh-add' them again. – Louwki Oct 11 '16 at 07:43
@Louwki Yeah... that's super annoying. Do you know a way around that? – Chris Cirefice Aug 18 '17 at 17:03
7

@ChrisCirefice just do the ssh-add with a parameter to add them to your keychain permanently. ssh-add -K ~/.ssh/[your-private-key] – Louwki Aug 20 '17 at 09:35
3

In my case, file permissions was wrong for private key. Fixed by `chmod 600 ~/.ssh/id_rsa`, then `ssh-add ~/.ssh/id_rsa` – Morteza Jul 03 '19 at 04:51
gotta know the paraphrase or else you'll be creating another private key – lasec0203 Oct 04 '20 at 05:53
`ssh-add -l` doesn't work, but `ssh-add` works. Why? – Hai Feng Kao Apr 18 '21 at 18:12
I also had to run `ssh-add ~/.ssh/id_rsa` after – Jeff Spicoli Feb 05 '22 at 01:44

magicgregz · Answer 3 · 2019-07-16T21:34:25.163

56

THE 2019 ANSWER for macOS Sierra & High Sierra & Catalina:

PS: most of the other answers will have you to create a new ssh key ... but you don't need to do that :)

As described in detail on https://openradar.appspot.com/27348363, macOS/OS X till Yosemite used to remember SSH keys added by command ssh-add -K <key>

So here are the 4 steps i had to take in order for it to work:

1: ssh-add ~/.ssh/PATH_TO_YOUR_SSH_PRIVATE_KEY (e.g. ~/.ssh/id_rsa)

2: Add the following in ~/.ssh/config

Host * 
  AddKeysToAgent yes
  UseKeychain yes
  IdentityFile PATH_TO_YOUR_SSH_PRIVATE_KEY (e.g. ~/.ssh/id_rsa)

3: make sure to remove any gitconfig entry that use osxkeychain helper:

 https://github.com/gregory/dotfiles/commit/e38000527fb1a82b577f2dcf685aeefd3b78a609#diff-6cb0f77b38346e0fed47293bdc6430c6L48

4: restart your terminal for it to take effect.

edited Jul 16 '19 at 21:34

answered Jul 18 '17 at 20:59

magicgregz

7,471
3
35
27

6

Great answer, I was going to mention this myself! Apparently, [OS X 10.12.2 and later doesn't automatically load identities into ssh-agent](https://help.github.com/articles/generating-a-new-ssh-key-and-adding-it-to-the-ssh-agent/#adding-your-ssh-key-to-the-ssh-agent) (which I personally think is a really stupid usability decision, but I understand the security implications). So, you need to modify the SSH configuration to load them manually. I just wish the error output would better lead to a solution, rather than an hour of searching the internet. – Chris Cirefice Aug 08 '17 at 18:14
I tried this answer but it seems like a step where the key is added again using `ssh-add -K ` is needed after 2. @ChrisCirefice 's [link](https://docs.github.com/en/github/authenticating-to-github/generating-a-new-ssh-key-and-adding-it-to-the-ssh-agent#adding-your-ssh-key-to-the-ssh-agent) seems to indicate so. – cooltea Jan 27 '21 at 20:39
1

This works with Amazon Linux server as well – Mher Feb 25 '22 at 14:25

Fed Zee · Answer 4 · 2016-09-22T22:12:48.493

I have been stucked a while on the same problem, which I eventually resolved.

My problem: I could not execute any push. I could check & see my remote (using git remote -v), but when I executed git push origin master, it returned : Permission denied (publickey). fatal: Could not read from remote repository. and so.

How I solved it :

I generated a key using ssh-keygen -t rsa. Entering a name for the key file (when asked) was useless.
I could then add the key (to git): ssh-add /Users/federico/.ssh/id_rsa , which successfully returned Identity added: /Users/myname/.ssh/id_rsa (/Users/myname/.ssh/id_rsa)
I added the SSH key to github using this help page.
Having tried all the commands in Github's 'Permission denied publickey' help page, only the ssh-add -l command worked / seemed useful (after having ran the previous steps), it successfully returned my key. The last step shows you where to check your public key on your GitHub page. And this command will help you check all your keys : ls -al ~/.ssh.

Then the push command eventually worked !

I hope this will help ! Best luck to all.

score 15 · Answer 5 · edited Oct 27 '17 at 20:56

15

Run the following commands:

ssh-keygen -t rsa
ssh-add /Users/*yourUserNameHere*/.ssh/id_rsa** 
pbcopy < ~/.ssh/id_rsa.pub**

Go to your Github account : https://github.com/settings/profile

1) Click : SSH and GPG keys

2) New SSH Key and Past it there

3) Add SSH Key

Done!

edited Oct 27 '17 at 20:56

Joao Vitorino

2,976
3
26
55

answered Oct 27 '17 at 18:43

zouhair khallaf

151
1
2

Yup - if you've gone through the other steps of creating the id_rsa.pub file, copy and paste that pbcopy line, which copies the key to your clipboard and follow @zouhair instructions - github needs to know your key. Particularly if you're using 2FA. – davidrynn Feb 28 '19 at 19:17
I'm slightly confused because the current docs say git creates github_rsa / github_rsa.pub. I have both in my /.ssh directory and yet I can't seem to "get permission." I've created copies in the same directory using the id_rsa to no avail. – Mark Löwe Apr 25 '19 at 10:24
thank you! i'd been re-trying this and for whatever reason this worked for me, thanks so much. very easy to read and understand and execute. – Sara Inés Calderón Jan 28 '21 at 02:37
easiest way to handle git ssh issue – Viplav Soni Mar 19 '23 at 17:57

Timo · Answer 6 · 2022-02-03T16:18:48.337

tl;dr

ssh-add # no parameter
# Identity added: /home/<user>/.ssh/id_rsa (user@host)

Further readings

two files necessary in the ssh - user - folder:

ls ~/.ssh
id_rsa id_rsa.pub

If the files are not there, enter command ssh-keygen

Now start the ssh-agent:

eval `ssh-agent -s`

Verify

ssh-add -l
# voila:
2048 SHA256:<key one> user@host (RSA)

Bonus

check the local SHA256 from above with the Github SHA256 from your user settings -> SSH Keys. If they are equal you should be able to push/pull to/from Github using your keys.

score 6 · Answer 7 · answered Dec 03 '17 at 16:32

first of all you need to go in your ssh directory
for this type following command in your terminal in mac or whatever you use in window

cd ~/.ssh

now it is in the ssh
here you can find all you ssh key/files related to your all projects. now, type the following command to show you if any ssh key available

ls

this will show you all available ssh, in my case there were two
now, you will need to start an agent to add a ssh in it. For this type following command

eval "$(ssh-agent -s)"

now last but not least you will add a ssh in this agent type following command

ssh-add ~/.ssh/your-ssh

replace

replace your-ssh with your ssh file name which you got a list form second step ls command

Nacho Cornejo · Answer 8 · 2019-01-27T22:44:45.007

6

This worked for me:
chmod 700 .ssh chmod 600 .ssh/id_rsa chmod 644 .ssh/id_rsa.pub

Then, type this: ssh-add ~/.ssh/id_rsa

edited Jan 27 '19 at 22:44

answered Jan 27 '19 at 21:22

Nacho Cornejo

69
1
3

I don't think the question is about `~/.ssh` permissions. Still, you could greatly improve your answer by adding the full command (here `chmod`) and explaining what this does and why it's needed. – Robert Jan 27 '19 at 21:57

score 5 · Answer 9 · edited Jan 22 '18 at 21:20

5

This could cause for any new terminal, the agent id is different. You need to add the Private key for the agent

$ ssh-add <path to your private key>

edited Jan 22 '18 at 21:20

Paul Roub

36,322
27
84
93

answered Jan 22 '18 at 21:10

user9253738

51
1
1

score 5 · Answer 10 · answered Jan 18 '21 at 07:19

For my mac Big Sur, with gist from answers above, following steps work for me.

$ ssh-keygen -q -t rsa -N 'password' -f ~/.ssh/id_rsa
$ ssh-add ~/.ssh/id_rsa

And added ssh public key to git hub by following instruction;

https://docs.github.com/en/github/authenticating-to-github/adding-a-new-ssh-key-to-your-github-account

If all gone well, you should be able to get the following result;

$ ssh -T git@github.com
Hi user_name! You've successfully authenticated,...

score 1 · Answer 11 · answered Feb 21 '18 at 03:51

One additional element that I realized is that typically .ssh folder is created in your root folder in Mac OS X /Users/. If you try to use ssh -vT git@github.com from another folder it will give you an error even if you had added the correct key.

You need to add the key again (ssh-add 'correct path to id_rsa') from the current folder to authenticate successfully (assuming that you have already uploaded the key to your profile in Git)

score 1 · Answer 12 · answered Sep 13 '19 at 18:09

I had this issue after restoring a hard drive from a backup.

My problem: I could check & see my remote (using git remote -v), but when I executed git push origin master, it returned : Permission denied (publickey). fatal: Could not read from remote repository.

I already had an SSH folder and SSH keys, and adding them via Terminal (ssh-add /path/to/my-ssh-folder/id_rsa) successfully added my identity, but I still couldn't push and still got the same error. Generating a new key was a bad idea for me, because it was tied to other very secure permissions on AWS.

It turned out the link between the key and my Github profile had broken.

Solution: Re-adding the key to Github in Profile > Settings > SSH and GPG keys resolved the issue.

Also: My account had 2-factor authentication set up. When this is the case, if Terminal requests credentials, use your username - but NOT your Github password. For 2-factor authentication, you need to use your authentication code (for me, this was generated by Authy on my phone, and I had to copy it into Terminal for the pw).

score 1 · Answer 13 · answered Nov 04 '22 at 15:22

If you are using Linux or Windows open terminal or cmd in directory you want your keys in. Create a pair of private-public key

 $ ssh-keygen -t ed25519 -C "your_email@example.com"

If you are using a legacy system that doesn't support the Ed25519 algorithm, use:

 $ ssh-keygen -t rsa -b 4096 -C "your_email@example.com"

Generating public/private ALGORITHM key pair. Enter a file in which to save the key (/c/Users/YOU/.ssh/id_ALGORITHM):[Press enter any name you like your private public keys file to be]

Enter passphrase (empty for no passphrase): [Type a passphrase or enter for without it]

Enter same passphrase again: [Type a passphrase or enter for without it]

Now, in Linux

$ sudo cp <filename without .pub ending>  ~/.ssh

In Windows simply copy the <filename without .pub ending> file in this C:\Users\your_username\.ssh directory

And then

$ ssh-add ~/.ssh/<filename without .pub ending>

It may work now!

score 0 · Answer 14 · edited Mar 11 '18 at 10:11

0

After struggling for long I was finally able to resolve this issue on Windows, For me the User env variable GIT_SSH was set to point to

"C:\Program Files(x86)\WinScp\PuTTY\plink.exe"

which was installed along with WinScp. I changed the pointing to use default ssh.exe which comes with git-scm "C:\Program Files\Git\usr\bin\ssh.exe"

edited Mar 11 '18 at 10:11

Ali

3,346
4
21
56

answered Mar 11 '18 at 07:58

Santan Pereira

75
3
12

score 0 · Answer 15 · answered Dec 12 '18 at 10:30

0

Steps for BitBucket:

if you dont want to generate new key, SKIP ssh-keygen

ssh-keygen -t rsa

Copy the public key to clipboard:

clip < ~/.ssh/id_rsa.pub

Login to Bit Bucket: Go to View Profile -> Settings -> SSH Keys (In Security tab) Click Add Key, Paste the key in the box, add a descriptive title

Go back to Git Bash :

ssh-add -l

You should get :

2048 SHA256:5zabdekjjjaalajafjLIa3Gl/k832A /c/Users/username/.ssh/id_rsa (RSA)

Now: git pull should work

answered Dec 12 '18 at 10:30

ForeverLearner

1,901
2
28
51

`if you dont want to generate new keySKIP ssh-keygen` is misleading better: `step needed if no ssh rsa key created`. I would add the necessary `ssh-agent` command to start the agent, otherwise `ssh-add` will error with `Could not open a connection to your authentication agent.`. – Timo Dec 24 '21 at 08:48

score 0 · Answer 16 · answered Feb 02 '22 at 08:32

0

This worked for me also: chmod 700 .ssh chmod 600 .ssh/id_rsa chmod 644 .ssh/id_rsa.pub

Then, type this: ssh-add ~/.ssh/id_rsa

answered Feb 02 '22 at 08:32

OM GUPTA G

1

score 0 · Answer 17 · answered May 13 '22 at 09:11

0

Sometimes it could be useful to check ~/.ssh/config

it should look like this

Host github.com
 IdentityFile ~/.ssh/id_rsa

id_rsa can be different if you linked a different key.

answered May 13 '22 at 09:11

DaveR

1,696
18
24