1

I have been trying to debug this problem I am facing since 2 days now. I noticed this problem when I was trying to pull something from bitbucket. It says

git@code.pruconnect.net: Permission denied (publickey).
fatal: Could not read from remote repository.

Please make sure you have the correct access rights
and the repository exists.

I have tried every solution form deleting old ssh keys and adding new ones to adding the existing keys to the ssh-agent. Also, ssh -T git@bitbucket.org command again throws git@bitbucket.org: Permission denied (publickey) as the error and ssh -vT git@bitbucket.org throws the following as the error:

OpenSSH_9.0p1, LibreSSL 3.3.6
debug1: Reading configuration data /Users/amijeetthakur/.ssh/config
debug1: /Users/amijeetthakur/.ssh/config line 1: Applying options for *bitbucket.org
debug1: Reading configuration data /etc/ssh/ssh_config
debug1: /etc/ssh/ssh_config line 21: include /etc/ssh/ssh_config.d/* matched no files
debug1: /etc/ssh/ssh_config line 54: Applying options for *
debug1: Authenticator provider $SSH_SK_PROVIDER did not resolve; disabling
debug1: Connecting to bitbucket.org port 22.
debug1: Connection established.
debug1: identity file /Users/amijeetthakur/.ssh/id_rsa type 0
debug1: identity file /Users/amijeetthakur/.ssh/id_rsa-cert type -1
debug1: Local version string SSH-2.0-OpenSSH_9.0
debug1: Remote protocol version 2.0, remote software version conker_44eee6a33e b7cd6ff70e1a
debug1: compat_banner: no match: conker_44eee6a33e b7cd6ff70e1a
debug1: Authenticating to bitbucket.org:22 as 'git'
debug1: load_hostkeys: fopen /Users/amijeetthakur/.ssh/known_hosts2: No such file or directory
debug1: load_hostkeys: fopen /etc/ssh/ssh_known_hosts: No such file or directory
debug1: load_hostkeys: fopen /etc/ssh/ssh_known_hosts2: No such file or directory
debug1: SSH2_MSG_KEXINIT sent
debug1: SSH2_MSG_KEXINIT received
debug1: kex: algorithm: curve25519-sha256@libssh.org
debug1: kex: host key algorithm: rsa-sha2-512
debug1: kex: server->client cipher: chacha20-poly1305@openssh.com MAC: <implicit> compression: none
debug1: kex: client->server cipher: chacha20-poly1305@openssh.com MAC: <implicit> compression: none
debug1: expecting SSH2_MSG_KEX_ECDH_REPLY
debug1: SSH2_MSG_KEX_ECDH_REPLY received
debug1: Server host key: ssh-rsa SHA256:zzXQOXSRBEiUtuE8AikJYKwbHaxvSc0ojez9YXaGp1A
debug1: load_hostkeys: fopen /Users/amijeetthakur/.ssh/known_hosts2: No such file or directory
debug1: load_hostkeys: fopen /etc/ssh/ssh_known_hosts: No such file or directory
debug1: load_hostkeys: fopen /etc/ssh/ssh_known_hosts2: No such file or directory
debug1: Host 'bitbucket.org' is known and matches the RSA host key.
debug1: Found key in /Users/amijeetthakur/.ssh/known_hosts:1
debug1: rekey out after 134217728 blocks
debug1: SSH2_MSG_NEWKEYS sent
debug1: expecting SSH2_MSG_NEWKEYS
debug1: SSH2_MSG_NEWKEYS received
debug1: rekey in after 134217728 blocks
debug1: get_agent_identities: bound agent to hostkey
debug1: get_agent_identities: agent returned 2 keys
debug1: Will attempt key: /Users/amijeetthakur/.ssh/id_rsa RSA SHA256:nux65XHIgoNnct40pwEJWQ+kLrA2W2r0oqm9PHGvH1Q explicit agent
debug1: Will attempt key: amijeet.thakur@wedopulse.co.in RSA SHA256:1YofMNkb/JQpdGd8OZlyyjaX9RQR0h9c6ZWzZMDlWes agent
debug1: SSH2_MSG_EXT_INFO received
debug1: kex_input_ext_info: server-sig-algs=<ecdsa-sha2-nistp384,ecdsa-sha2-nistp521,ssh-rsa-cert-v01@openssh.com,ecdsa-sha2-nistp384-cert-v01@openssh.com,ecdsa-sha2-nistp521-cert-v01@openssh.com,ssh-dss-cert-v01@openssh.com,ecdsa-sha2-nistp256-cert-v01@openssh.com,ssh-rsa,rsa-sha2-256,rsa-sha2-512,ssh-dss,ecdsa-sha2-nistp256>
debug1: SSH2_MSG_SERVICE_ACCEPT received
debug1: Authentications that can continue: publickey
debug1: Next authentication method: publickey
debug1: Offering public key: /Users/amijeetthakur/.ssh/id_rsa RSA SHA256:nux65XHIgoNnct40pwEJWQ+kLrA2W2r0oqm9PHGvH1Q explicit agent
debug1: Authentications that can continue: publickey
debug1: Offering public key: amijeet.thakur@wedopulse.co.in RSA SHA256:1YofMNkb/JQpdGd8OZlyyjaX9RQR0h9c6ZWzZMDlWes agent
debug1: Authentications that can continue: publickey
debug1: No more authentication methods to try.
git@bitbucket.org: Permission denied (publickey).

Note: I observed this error to come after updating my Mac to MacOs Ventura.

Amijeet Thakur
  • 77
  • 1
  • 8

4 Answers4

1

If you have already added SSH key then try setting URL

get the SSH URL from bit-bucket then,

git remote set-url origin "SSHURL"

paste URL without quotes.

dsastrusmploy
  • 21
  • 4
  • Hi! Thank you so much for answering. Tried this solution, but sadly the problem persists. Could you please suggest something else that might have gone wrong? – Amijeet Thakur Nov 09 '22 at 10:20
1

Make sure that the ~/.ssh folder and the keys have the correct permissions set.

$ chmod 700 ~/.ssh
$ chmod 400 ~/.ssh/id_rsa
$ chmod 400 ~/.ssh/id_rsa.pub

Remember that you can specify which key to use, in case you got more than one key-pair. Specify the private key, not the public key:

$ ssh -i ~/.ssh/id_rsa user@host

When dealing with several key-pairs, the ssh client needs to know which key to use. Add the following lines in ~/.ssh/config:

Host bitbucket.org
    PreferredAuthentications publickey
    IdentityFile ~/.ssh/another_private_key
psq
  • 367
  • 5
  • 12
  • Hi @psq, thank you so much for answering. I tried the first solution you suggested, but the problem persists. Could you please tell me what should I add as the host in the second solution, if I am using bitbucket? – Amijeet Thakur Nov 09 '22 at 10:18
  • @AmijeetThakur I have edited my answer to add more info. If you only have keys with the default names, I doubt it'll help. In that case, I would need more info about your environment. Is it ok to share the output of `git remote -v` (in your repo), `ls -al ~ | grep '\.ssh'` and `ls -al ~/.ssh`. That will allow us to see the permissions of files, and whether you're hitting the SSH or HTTPS url of your repo on bitbucket. You have probably already visited this page, but I'll share just in case: https://confluence.atlassian.com/bitbucket/set-up-ssh-for-git-728138079.html – psq Nov 09 '22 at 17:59
  • Hi @psq, here are the results to the commands you asked for. `$ git remote -v` origin ssh://git@code.pruconnect.net:7999/pbuilddpas/dpas-portal-frontend.git (fetch) origin ssh://git@code.pruconnect.net:7999/pbuilddpas/dpas-portal-frontend.git (push) `$ ls -al ~ | grep '\.ssh'` drwx------ 7 amijeetthakur staff 224 9 Nov 13:35 .ssh – Amijeet Thakur Nov 10 '22 at 05:19
  • `$ ls -al ~/.ssh` total 48 drwx------ 7 amijeetthakur staff 224 9 Nov 13:35 . drwxr-xr-x+ 66 amijeetthakur staff 2112 9 Nov 15:24 .. -rw-r--r--@ 1 amijeetthakur staff 6148 9 Nov 13:16 .DS_Store -rw-r--r--@ 1 amijeetthakur staff 87 9 Nov 13:39 config -r-------- 1 amijeetthakur staff 2622 9 Nov 15:41 id_rsa -r-------- 1 amijeetthakur staff 584 9 Nov 15:41 id_rsa.pub -rw-r--r-- 1 amijeetthakur staff 1001 7 Nov 17:03 known_hosts – Amijeet Thakur Nov 10 '22 at 05:22
  • @AmijeetThakur I have run out of ideas. What does `ssh -T git@bitbucket.org` report? Please see https://stackoverflow.com/questions/4565700/how-to-specify-the-private-ssh-key-to-use-when-executing-shell-command-on-git – psq Nov 10 '22 at 13:16
1

You can fix it by adding these two lines to the end of your /etc/ssh/ssh_config file:

HostkeyAlgorithms +ssh-rsa
PubkeyAcceptedAlgorithms +ssh-rsa

Alternatively you can add them to your ~/.ssh/config file either for all hosts or only to a specific one (change * to desired host):

Host *
  HostkeyAlgorithms +ssh-rsa
  PubkeyAcceptedAlgorithms +ssh-rsa
Renan Tomazoni Pinzon
  • 11
  • 2
0

I had the same issue recently and finally found that MacOS update was the cause. The latest release disables SHA-1 hash algorithm which broke SSH.

I used below solution:

  1. Locate into your /ssh/config file

     sudo nano ~/.ssh/config

  2. Add below code in:

     HostkeyAlgorithms +ssh-rsa
 PubkeyAcceptedAlgorithms +ssh-rsa
 KexAlgorithms +diffie-hellman-group1-sha1

  3. Type 'Control + X' to save your change, click 'y' to confirm your changes.

LilLi
  • 1
  • 2