2

I've been using ssh keys with github for a while now. Suddenly i can't push and I'm getting a Permission denied (publickey) error. Here's what I've tried so far:

  • Checked the ssh key is in the correct directory (~/.ssh)
  • Tried reuploading my public key to github (I get a message that the key already exists)
  • Double checked that the output of ssh-add -l -E sha256 on my system agrees with the string in my ssh settings on my github account
  • Followed all the steps in the "Troubleshooting ssh" section of the github docs. (Everything seems gucci)
  • Banged my head against the wall for an hour

So far nothing has helped. This is my last resort. I'll greatly appreciate any and all suggestions. Here's the output of my ssh -vT git@github.com

OpenSSH_7.2p2 Ubuntu-4ubuntu2.10, OpenSSL 1.0.2g  1 Mar 2016
debug1: Reading configuration data /home/MY_USER_NAME/.ssh/config
debug1: Reading configuration data /etc/ssh/ssh_config
debug1: /etc/ssh/ssh_config line 19: Applying options for *
debug1: Connecting to github.com [140.82.114.3] port 22.
debug1: Connection established.
debug1: identity file /home/MY_USER_NAME/.ssh/id_rsa type 1
debug1: key_load_public: No such file or directory
debug1: identity file /home/MY_USER_NAME/.ssh/id_rsa-cert type -1
debug1: key_load_public: No such file or directory
debug1: identity file /home/MY_USER_NAME/.ssh/id_dsa type -1
debug1: key_load_public: No such file or directory
debug1: identity file /home/MY_USER_NAME/.ssh/id_dsa-cert type -1
debug1: key_load_public: No such file or directory
debug1: identity file /home/MY_USER_NAME/.ssh/id_ecdsa type -1
debug1: key_load_public: No such file or directory
debug1: identity file /home/MY_USER_NAME/.ssh/id_ecdsa-cert type -1
debug1: key_load_public: No such file or directory
debug1: identity file /home/MY_USER_NAME/.ssh/id_ed25519 type -1
debug1: key_load_public: No such file or directory
debug1: identity file /home/MY_USER_NAME/.ssh/id_ed25519-cert type -1
debug1: Enabling compatibility mode for protocol 2.0
debug1: Local version string SSH-2.0-OpenSSH_7.2p2 Ubuntu-4ubuntu2.10
debug1: Remote protocol version 2.0, remote software version babeld-fb957b4d
debug1: no match: babeld-fb957b4d
debug1: Authenticating to github.com:22 as 'git'
debug1: SSH2_MSG_KEXINIT sent
debug1: SSH2_MSG_KEXINIT received
debug1: kex: algorithm: curve25519-sha256@libssh.org
debug1: kex: host key algorithm: rsa-sha2-512
debug1: kex: server->client cipher: chacha20-poly1305@openssh.com MAC: <implicit> compression: none
debug1: kex: client->server cipher: chacha20-poly1305@openssh.com MAC: <implicit> compression: none
debug1: expecting SSH2_MSG_KEX_ECDH_REPLY
debug1: Server host key: ssh-rsa SHA256:nThbg6kXUpJWGl7E1IGOCspRomTxdCARLviKw6E5SY8
debug1: Host 'github.com' is known and matches the RSA host key.
debug1: Found key in /home/MY_USER_NAME/.ssh/known_hosts:4
debug1: rekey after 134217728 blocks
debug1: SSH2_MSG_NEWKEYS sent
debug1: expecting SSH2_MSG_NEWKEYS
debug1: SSH2_MSG_NEWKEYS received
debug1: rekey after 134217728 blocks
debug1: SSH2_MSG_EXT_INFO received
debug1: kex_input_ext_info: server-sig-algs=<ssh-ed25519-cert-v01@openssh.com,ecdsa-sha2-nistp521-cert-v01@openssh.com,ecdsa-sha2-nistp384-cert-v01@openssh.com,ecdsa-sha2-nistp256-cert-v01@openssh.com,sk-ssh-ed25519-cert-v01@openssh.com,sk-ecdsa-sha2-nistp256-cert-v01@openssh.com,rsa-sha2-512-cert-v01@openssh.com,rsa-sha2-256-cert-v01@openssh.com,ssh-rsa-cert-v01@openssh.com,ssh-dss-cert-v01@openssh.com,sk-ssh-ed25519@openssh.com,sk-ecdsa-sha2-nistp256@openssh.com,ssh-ed25519,ecdsa-sha2-nistp521,ecdsa-sha2-nistp384,ecdsa-sha2-nistp256,rsa-sha2-512,rsa-sha2-256,ssh-rsa,ssh-dss>
debug1: SSH2_MSG_SERVICE_ACCEPT received
debug1: Authentications that can continue: publickey
debug1: Next authentication method: publickey
debug1: Offering RSA public key: /home/MY_USER_NAME/.ssh/id_rsa
debug1: Server accepts key: pkalg rsa-sha2-512 blen 279
debug1: Authentications that can continue: publickey
debug1: Trying private key: /home/MY_USER_NAME/.ssh/id_dsa
debug1: Trying private key: /home/MY_USER_NAME/.ssh/id_ecdsa
debug1: Trying private key: /home/MY_USER_NAME/.ssh/id_ed25519
debug1: No more authentication methods to try.
Permission denied (publickey).

Update: I'm having the same problem with a different github account that has a different set of keys. Same computer.

ratchek
  • 166
  • 1
  • 8
  • Hope this link will help you to overcome this issue. https://stackoverflow.com/questions/9960897/why-doesnt-my-ssh-key-work-for-connecting-to-github – Rainas Dec 10 '21 at 04:28
  • 2
    SSH is telling you that it couldn't find the public key corresponding to `id_rsa`: ```debug1: identity file /home/MY_USER_NAME/.ssh/id_rsa type 1 debug1: key_load_public: No such file or directory```. Also, the ssh server isn't responding with "authentication success" after being offered the id_rsa key. Are you absolutely, positively, 100% sure that you uploaded the correct corresponding public key to github? – kalatabe Dec 10 '21 at 07:39
  • 1
    As @kalatabe said: `debug1: identity file /home/MY_USER_NAME/.ssh/id_rsa type 1` means ssh found `.ssh/id_rsa`. But `debug1: key_load_public: No such file or directory` means ssh *didn't* find `.ssh/id_rsa.pub` - the public key that would go with this private key. It's not clear why it didn't find it, since `ssh-keygen` generates them in pairs, but I'd suspect something is going wrong with the agent setup. – torek Dec 10 '21 at 08:06
  • 1
    @kalatabe The "key_load_public" error refers to the next key in the list, not the previous key. ssh found id_rsa, but not id_rsa-cert etc. – Kenster Dec 10 '21 at 14:03
  • @kalatabe I double checked and the public key is there. Also, I'm a bit of a newbie, so please correct me if I'm wrong, but I was under the impression that you don't need the public key to authenticate. As long as your server has the public key (which github does), it's the private key that authenticates. – ratchek Dec 10 '21 at 15:28
  • Sorry, I may have worded that poorly. You're correct that logging in doesn't require a public key. My question was actually - are you __positive__ that the public key you uploaded to github is a public key derived from the private key you're attempting to authenticate with. To verify, run this command: `ssh-keygen -y -f ~/.ssh/id_rsa` - the output (minus comments) must exactly match your pubkey in github – kalatabe Dec 10 '21 at 15:41

4 Answers4

2

Note that if you have an old DSA key, you'll see "Server accepts key:", but will still ultimately fail. GH is phasing out DSA keys, so it may have been 'accepted', but not allowed to proceed.

Guest
  • 21
  • 2
1

So, I eventually figured it out. Turns out my computer just didn't like the fact that I had multiple ssh keys (possibly because one of them was password protected and others weren't?) Moving all but one of the ssh keys out from the ~/.ssh directory and restarting the computer solved my problem. I previously have tried removing all but one of the ssh keys but apparently a reboot was also needed.

ratchek
  • 166
  • 1
  • 8
0

My answer might not help or sound silly. But in my situation, I'm just deleting the know_hosts file and pull/push again, then everything works as expected.

felixlovecode
  • 11
  • 1
  • 2
    Deleting `known_hosts` is a potential security risk and should be avoided at all costs unless you're completely aware of the implications. Also, the log includes `Host 'github.com' is known and matches the RSA host key.` so a changed host key wouldn't be the issue here, and manipulating `known_hosts` is unlikely to help. – kalatabe Dec 10 '21 at 07:31
0

One possible root cause is the Host or HostName can't intercept your target FQDN or IP address in the SSH connection. Try to modify Host or HostName to match with your target server.

Also enable debug mode for git command.

git -c core.sshCommand="ssh -vvv" clone
Jeremy Caney
  • 7,102
  • 69
  • 48
  • 77
marsteel
  • 1
  • 1