2

I know this is a replica of the question Git push permission denied (publickey) but successfully authenticated

But the real issue is not solved.

I have been using https connection for the past year on my prod Linux server and as you all know git removed the HTTPS ability to pull and push. Now it is all done though the SSH.

So i went through github guide how to set up the ssh. Generating ssh keys with "ssh-keygen -t ed25519 -C "your_email@example.com"" Adding it to the ssh agent and all of that done correctly 100 times checked through.

So this is what I have:

ssh-add -l

or

ssh-add -l -E sha256

returns me this:

256 SHA256 BLAH BLAH BLAH (which is matching to my github account key)

another command

ssh -vT git@github.com

returns big list (dont think there is a need to show it all) of the commands ran through but as the outcome it connects and returns my username:

debug1: Reading configuration data /home/[userName]/.ssh/config
debug1: /home/[userName]/.ssh/config line 1: Applying options for github.com
debug1: Reading configuration data /etc/ssh/ssh_config
debug1: /etc/ssh/ssh_config line 19: Applying options for *
debug1: Connecting to github.com [140.82.121.4] port 22.
debug1: Connection established.
debug1: identity file /home/[userName]/.ssh/id_ed25519 type 3
debug1: key_load_public: No such file or directory
debug1: identity file /home/[userName]/.ssh/id_ed25519-cert type -1
debug1: Local version string SSH-2.0-OpenSSH_7.6p1 Ubuntu-4ubuntu0.3
debug1: Remote protocol version 2.0, remote software version babeld-d410d4f8
debug1: no match: babeld-d410d4f8
debug1: Authenticating to github.com:22 as 'git'
...........
debug1: Authentication succeeded (publickey).
Authenticated to github.com ([140.82.121.4]:22).
debug1: channel 0: new [client-session]
debug1: Entering interactive session.
debug1: pledge: network
debug1: Sending environment.
debug1: Sending env LANG = ru_RU.UTF-8
debug1: client_input_channel_req: channel 0 rtype exit-status reply 0
Hi GitHubUserName! You've successfully authenticated, but GitHub does not provide shell access.
debug1: channel 0: free: client-session, nchannels 1
Transferred: sent 2012, received 2388 bytes, in 0.2 seconds
Bytes per second: sent 8477.3, received 10061.5
debug1: Exit status 1

another one:

ssh -T git@github.com

return this:

Hi GitHubUserName! You've successfully authenticated, but GitHub does not provide shell access.

I know many of you going to think i might use HTTPS remote url but no. It is ssh remote. And also to another question that was asked to this replica question: My project is existed one, and on my prod server i have only been pulling for the past year. So the project is existing in my repo, I only need to pull. With existing branch too (JUST TO MAKE SURE IF SOMEONE tries to say something FUNNY :D )

git remote -v

returns:

origin  git@github.com:[myUserName]/[myRepo].git (fetch)
origin  git@github.com:[myUserName]/[myRepo].git (push)

another one to make sure i have the .ssh/config file which previously i didnt have it. But also tried to create it and set it up just incase it will fix my issue (but it didnt resolve the permission issue) so the content of the config file is:

Host github.com
User git
Port 22
Hostname github.com
IdentityFile ~/.ssh/id_ed25519
TCPKeepAlive yes
IdentitiesOnly yes

The ssh/id_ed25519 is the default ssh generation name by the Github SSH guide. Only thin I have added the Passphrase. I was thinking that the issue is in the Passphrase, but i was wrong. After i deleted the keys and created ssh key again with the default settings without Passphrase gave me the same result. In fact when I had Passphrase set, and running the pull command it never asked me for the Passphrase to be entered, it was throwing the Permission connection error straight away, which i found very strange on this part.

So when I run command

sudo git pull

even if I try to do it with origin and branch name still the same result:

git@github.com: Permission denied (publickey).
fatal: Could not read from remote repository.

Please make sure you have the correct access rights
and the repository exists.

Please guys help me out. I am stacked on this for over 5 hours already. Tried every single stackoverflow & github suggestion. No idea why it doesnt work for prod web server.

On my local I use only ssh git connection and it is working like a clock. The same setups.

At some point I think maybe it is some admin linux restrictions or something like it. But not sure.

Please suggest me something. In advance, big thanks for your help!

George Shevchenko
  • 111
  • 2
  • 12
  • 6
    When you run with sudo you are root, so it will try to use the ssh key in roots home folder. – fredrik Jun 06 '21 at 18:54
  • @fredrik it wont let me run any commands that modify something in the server without sudo prefix to it. What should i do in this case? Maybe that it is the actual issue why i cant pull. – George Shevchenko Jun 06 '21 at 18:58
  • 5
    You should probably fix the permissions so you don't need to use `sudo` before your `git` commands. – Stephen Newell Jun 06 '21 at 19:27
  • 1
    The crux is that commands with sudo and without are different users. The quickest fix is to setup root git/keys as “you”, or using [deploy keys](https://docs.github.com/en/developers/overview/managing-deploy-keys#deploy-keys) – AD7six Jun 06 '21 at 21:25
  • It's not a duplicate of the linked question *because* what happens with `sudo` is that you say "stop being me, start being root" and root is a *different user* (as AD7six said). It's best to run all the Git operations as a *non-privileged* user (i.e., not as root at all), prepare the installation, and only then do as little as possible that requires special privileges. – torek Jun 06 '21 at 22:12

2 Answers2

1

I prefer, when using a ~/.ssh/config entry, to:

  • name that entry with a distinct name (like 'gh'), as opposed to github.com, in order be sure when I use a ssh/config-defined URL (and not a regular SSH URL based on github.com)
  • include (as you did) the User git in it, in order to not have to repeat it

So:

Host gh
User git
Port 22
Hostname github.com
IdentityFile ~/.ssh/id_ed25519
TCPKeepAlive yes
IdentitiesOnly yes

That way, your remote becomes:

cd /path/to/repo
git remote set-url origin gh:[myUserName]/[myRepo].git

Not need for git@.

As commented, you then need to git pull using the same account (instead of /root) if you want to actually use said config.

VonC
  • 1,262,500
  • 529
  • 4,410
  • 5,250
1

For anyone who experience the same issue. The solution is: @Stephen Newell and @fredrik gave me the idea what could be actually wrong with my environment instead of actual GIT issue. So technically when in /var/www/ and youre doing any actions that mutate the files in any directory /var you will get permission issue. And you require run the commands with sudo. So the fact that I had the key generated in the ~/.ssh folder. When you run the sudo command this ~/.ssh is completely different to the one when in side the "sudo su". See it yourself. Check in normal dir ~/.ssh is different to the one when you log in into "sudo su". If you see that your key is missing inside the "sudo su" and then in dir "~/.ssh" that would be the reason why you get the permission error, coz you do not have the key inside the SUDO.

Solution is simple: login into "sudo su" and then generate the ssh key. After copy paste that key in the git as the github guide tells you.

I hope it will solve the issue for you.

Thanks for reading it. Happy hacking :D

George Shevchenko
  • 111
  • 2
  • 12
  • Any chance the solution could avoid using sudo at all? – VonC Jun 08 '21 at 22:08
  • @VonC unless in your directory you give root permissions to git commands – George Shevchenko Jun 13 '21 at 20:04
  • Sure, but why? The recommended best practice would be to avoid root (except for system tasks only) – VonC Jun 13 '21 at 20:14
  • @VonC in all honesty I am not a OS expert. But from my understanding anything to do with /var directory, where you want to make a change to the file or directories you will need to run sudo command. Event if you have some file in the /var dir and you want to modify it with ```nano``` you will need to run ```sudo``` unless you want only to view it – George Shevchenko Jun 13 '21 at 20:48
  • I agree, you are correct. Except would wouldn't manage any Git repo in there. Only symlinks to the actual repos, as in https://askubuntu.com/q/537032/5470. Or symlink www itself: https://askubuntu.com/a/516349/5470. – VonC Jun 13 '21 at 20:53