131

I am new to Rails, and I was trying to deploy a very simple app to Heroku. This is the second app that I deploy, and the first one I was able to do it just fine. However I am having some issues with this one. Whenever I "git push heroku master", I get this error:

! Your key with fingerprint xx:xx:xx:xx:xx:xx:xx:xx:xx:xx:xx:xx:xx:xx:xx:xx is not authorized to >access my_heroku_app.

fatal: The remote end hung up unexpectedly

I have tried to manage my keys after logging in heroku. If I type in my console "heroku keys", then I get:

No keys for myemailaddress.

However, If I run the comand "heroku keys:add" I get

Found existing public key: /Users/michele/.ssh/id_rsa.pub Uploading ssh public key /Users/michele/.ssh/id_rsa.pub ! Fingerprint already exists. Please use one ssh key per Heroku account

Please help me! This is soo frustating, I have no idea what's wrong! Thank you

Community
  • 1
  • 1
mre
  • 1,393
  • 2
  • 10
  • 7

10 Answers10

287

I had to add my new rsa identity in my machine!

So, first of all I created a new rsa key:

ssh-keygen -t rsa -C "giordano.scalzo[at]gmail.com" -f  ~/.ssh/id_rsa_heroku

then added it to my machine

ssh-add ~/.ssh/id_rsa_heroku

and, finally, to Heroku

heroku keys:add ~/.ssh/id_rsa_heroku.pub

After that,

git push heroku master
starball
  • 20,030
  • 7
  • 43
  • 238
Giordano Scalzo
  • 6,312
  • 3
  • 31
  • 31
  • 47
    This was really close for me. But there was one more thing. I had two heroku accounts. The first one had added my default SSH key for my machine. No matter what I did trying to fix my second account, it would not take until I removed my default key from the first account. SSH-AGENT will send the first key by default, causing this problem. The fix is to create specific keys for heroku (not the default) for each account – Tom Carchrae Mar 06 '12 at 12:15
  • 13
    I had the same problem as @TomCarchrae. I logged out of the account that seemed permanently busted with `heroku logout`, logged in to the other account, and deleted the default RSA key from that account. After that I was able to push with this newly-generated key. – Ross Allen Apr 25 '12 at 07:22
  • 14
    For me personally, I did the equivalent of `ssh-add ~/.ssh/id_rsa_heroku` though mine was `ssh-add ~/.ssh/identity.heroku.foo` because I'm also using [https://github.com/ddollar/heroku-accounts](https://github.com/ddollar/heroku-accounts) (a multiple accounts manager for Heroku). – user664833 Apr 25 '12 at 20:14
  • user664833 was the most concise approach for me – noli Apr 26 '12 at 02:46
  • 1
    one other thing to keep in mind - if you have too many SSH keys, it won't be able to log in because it tries the keys in order (and then you get kicked out of the login too many failures). this seems to be a flaw with the ssh-agent (in ubuntu anyway, but i presume other implementations too). so, if you're pulling your hair out, try moving your ~/.ssh directory and starting a new one (you can then pull in keys one by one). – Tom Carchrae Apr 27 '12 at 14:01
  • 1
    I also had to (on OSX Lion) run `ssh-add -d` http://stackoverflow.com/questions/8917956/deploying-rails-to-heroku-unauthorized-public-key-access – jwarzech Jun 05 '12 at 20:59
  • 7
    You can influence which key is sent by adding a host entry in ~/.ssh/config for heroku.com pointing to the key you want. This was a quick fix for me since it kept trying to use my default key and failing. This probably won't help in the case of multiple accounts though. – dnewcome Jun 14 '12 at 06:49
  • 1
    Tom Carchrae's comment is great but does not quite make it work for me: see here for details please :) http://stackoverflow.com/q/12004401/142409 – Andrea Aug 17 '12 at 11:12
  • this approach worked best for me - http://stackoverflow.com/questions/7927750/specify-an-ssh-key-for-git-push-without-using-ssh-config - create your remote and specify the host from your ssh config, also I am using heroku:accounts – house9 Sep 23 '12 at 16:21
  • See my answer about handling multiple heroku accounts on the same computer for different projects. – Daniel X Moore Nov 22 '12 at 19:30
  • @tom-carchrae nailed it for me. Here's what I did (account A was working and account B wasn't): 1) logout of account B both locally and on the Heroku site, 2) login account A on heroku and remove the existing ssh key, 3) create new heroku-specific ssh key, 4) ssh-add that key, 5) login to account A locally (heroku auth:login), 6) it asks which key you want to use so select the one you just created, 7) logout of account A locally, 8) log back in to account B locally, 9) magic (what wasn't working started working). – Dary Mar 01 '13 at 02:30
  • Make sure to try restarting your terminal. This fixed the problem for me. – corbin Jun 06 '13 at 21:10
  • For me the most important thing was tying my git --config email address to the new ssh key. I was using the default (never entered email) when i created a new key and the system was getting confused when i was trying to push – cnp Aug 31 '14 at 21:12
  • It's now 2015 and this worked. Out of nowhere I got the error and this worked. I had to remove all keys then re-add the key. Thanks. – Sylar Nov 01 '15 at 09:04
60

I, too have multiple keys and multiple heroku accounts, so I come across this problem every few months. As mentioned Giordano Scalzo, Tom Carchrae, and user664833, the main problem is ssh-agent, which you control using the ssh-add command. The man page (man ssh-add) is actually pretty clear and concise, so check it out.

You can list all the keys that ssh-agent knows about with:

ssh-add -l

You can delete all the keys that ssh-agent knows about with:

ssh-add -D

Or delete a specific key with

ssh-add -d ~/.ssh/id_rsa_example_key_file_use_your_own

Don't worry! You aren't actually deleting the keys, only changing which ones ssh-agent automatically tries to use, for example, when you try to push to heroku. It's easy to add and delete keys as needed, so for me, when I get frustrated by this problem, the easiest way to fix it is to delete all the keys and add back in only the one I want to use at the moment.

ssh-add -D
ssh-add ~/.ssh/id_rsa_example_use_this_one_i_mean_it
towynlin
  • 710
  • 5
  • 13
  • 1
    this worked well for me, however trying to add back my default ssh key kept prompting for passphrase (on Mtn Lion), don't think I have one? Rebooted and was back to my default ssh all ok - also found this http://stackoverflow.com/questions/7927750/specify-an-ssh-key-for-git-push-without-using-ssh-config which works great – house9 Sep 23 '12 at 16:19
  • bashing my head against a wall for a good while over this one, and this was the final step required - thanks! – griswoldbar Feb 04 '13 at 11:27
  • If you tried the first method then this one, (and are getting a Permission Denied(publickey) error when you try to push to your Heroku remote) you've probably forgotten to re-run the heroku keys:add command. Anyways, thank you so much! This did it for me. – Hairgami_Master Jun 23 '13 at 12:15
38

Your computer has an SSH key, but that SSH key is associated with another Heroku account.

If you need to use both accounts for different applications on the same computer you should make a new SSH key on your machine and upload it to Heroku:

$ ssh-keygen

Make sure to save it as '/Users/User/.ssh/new_id_rsa.pub' when the prompt asks you.

$ heroku keys:add /Users/User/.ssh/new_id_rsa.pub

You then need to add an alternate host for heroku.com to your ~/.ssh/config:

Host heroku-alt
HostName heroku.com
IdentityFile ~/.ssh/new_id_rsa

And then update the .git/config in your project to use the host alias:

[remote "heroku"]
  url = git@heroku-alt:myapp.git
  fetch = +refs/heads/*:refs/remotes/heroku/*

By choosing between heroku and heroku-alt in the remote of the .git/config files of specific projects you can manage which projects use which credentials.

Daniel X Moore
  • 14,637
  • 17
  • 80
  • 92
  • 1
    Yes, that also was the problem for me. Accessing two Heroku accounts from the same client. Thanks. – Bernard May 10 '13 at 03:04
  • I'm trying to do this method, but "Host heroku-alt" gives me the error: `Host heroku-alt not found: 3(NXDOMAIN)`. I'm putting this in terminal on Mountain Lion. `~/.ssh/config` doesn't exist either, just a bunch of `.pub` files and one called `known_hosts`. And ideas? – JVG Jul 27 '13 at 12:09
  • @Jascination You will need to create ~/.ssh/config and put in the contents listed in the answer. When you are done save the file and it will contain the `Host`, `HostName`, and the `IdentityFile` lines. It should then work fine. – Daniel X Moore Aug 02 '13 at 00:13
  • 3
    Excellent! This technique is so elegant! – kinopyo Aug 11 '13 at 00:28
  • Man! You're awesome. Executing step-by-step finally make me relief. Thank You !! – softvar Feb 24 '14 at 21:49
  • The .git/config step is what's missing everywhere else – RaphKomjat Dec 01 '14 at 22:58
14

Here's a very clear explanation that is lacking from ther Heroku documentation or other answers to the question. At least all the info doesn't seem to appear in any one place. It also let's you understand the problem in a way that the accounts tool doesn't.

Heroku identifies you in 2 ways:

The first is in .git/config

[heroku]
    account = acccount_name

This seems to let you perform basic operations using heroku

The second way heroku identifies you is by any operation that uses ssh (git push). Heroku will identify you by your ssh key, as stated here: https://devcenter.heroku.com/articles/keys

This keypair is used for the strong cryptography and that uniquely identifies you as a developer when pushing code changes.

So each heroku account that you work on will have to send a different key to heroku when using ssh. Follow any tutorial to create your ssh keys.

The key is getting SSH to use different keys for each Heroku account. How do you do configure this? You'll need to do 2 things:

1) You'll need to make a 'dummy' domain that your .ssh/config will intercept and reconfigure. This will tell ssh the 'actual' domain you want, and which special ssh key to use. 

Host heroku.my_unique_key
  HostName heroku.com
  IdentityFile ~/.ssh/identity.heroku.my_unique_key
  IdentitiesOnly yes

2) Change your .git/config to use that when using git push. Instead of heroku.com, use the dummy domain you set in your .ssh/config

[remote "heroku"]
    url = git@heroku.com.git


[remote "heroku"]
    url = git@heroku.my_unique_key:myapp.git

That's it :) A bit complicated and a bit simple at the same time. It has taken me 3 years of banging my head against the wall and trial and error to discover this info. It should be clearly documented somewhere, but at least it's a start.

pixelearth
  • 13,674
  • 10
  • 62
  • 110
9

youn will need to create new keys and add those

specify a new file name after running

ssh-keygen

then (in my case)

heroku keys:add /home/alex/.ssh/alex_heroku_rsa.pub
akmur
  • 1,465
  • 2
  • 24
  • 37
3

In my case, heroku keys already had the correct key listed. So, all I had to do was run ssh-add /path/to/that/key and then everything started working fine.

M. Scott Ford
  • 2,859
  • 1
  • 23
  • 24
3

I have the same issue last week. This linked helped me out. I hope it helps you out a little. http://devcenter.heroku.com/articles/keys

Benjamin
  • 2,108
  • 2
  • 26
  • 46
2

I also have two Heorku accounts and as a work-around I "invited" my main account (the one whose key is used automatically by Heroku) as a collaborator to my project.

Fabio CR
  • 91
  • 1
  • 4
1

Just wan´t to add the solution for Windows users.

  1. First download "Putty Key generator"

  2. Create a key with it OBS you need to move your mouse ower the blank area to generate randomness.

  3. Save your keys, just remeber to rename your key to [name].pub

  4. Run heroku keys:add in terminal!

Rails beginner
  • 14,321
  • 35
  • 137
  • 257
0

In my case the problem was the ssh version I was using. I just set the GIT_SSH environment variable to another ("GIT_SSH=/usr/bin/ssh") and everything worked OK for me.

gfhuertac
  • 356
  • 3
  • 7