12

I wanted to push on a remote git repository. I typed the wrong passphrase three times. I have created a new ssh key and registered the new public key on the repository server. But the ssh agent doesn't prompt for the passphrase. It just keeps telling me:

Permission denied (publickey). fatal: Could not read from remote repository.

Please make sure you have the correct access rights and the repository exists.

How can I solve this problem under ubuntu?

Edit

As it was suggested, I tried ssh-add

sadik@sadix:~$ cd .ssh/
sadik@sadix:~/.ssh$ ls
config  github_rsa  github_rsa.pub  id_rsa  id_rsa.pub  keys.zip  known_hosts
sadik@sadix:~/.ssh$ ssh-add 
Enter passphrase for /home/sadik/.ssh/id_rsa: 
Identity added: /home/sadik/.ssh/id_rsa (/home/sadik/.ssh/id_rsa)
sadik@sadix:~/.ssh$ 
sadik@sadix:~/.ssh$ cd
sadik@sadix:~$ cd some/git-repo/
sadik@sadix:~/some/git-repo/$ git push -u bitbucket master
Permission denied (publickey).
fatal: Could not read from remote repository.

Please make sure you have the correct access rights
and the repository exists.

I should add that this git repository has been cloned from github (not owned by me). I want to push it on my private repository on bitbucket. I don't know whether this can lead to permission problems, but my first problem is that ssh does not prompt for a passphrase. Even after reboot or log out.

Edit

As Jakuje kindly suggested I entered the command GIT_SSH_COMMAND="ssh -vvv" git push -u bitbucket master to get the client logs. This is the end of the output:

debug3: preferred gssapi-keyex,gssapi-with-mic,publickey,keyboard-interactive,password
debug3: authmethod_lookup publickey
debug3: remaining preferred: keyboard-interactive,password
debug3: authmethod_is_enabled publickey
debug1: Next authentication method: publickey
debug1: Offering RSA public key: /home/sadik/.ssh/id_rsa
debug3: send_pubkey_test
debug3: send packet: type 50
debug2: we sent a publickey packet, wait for reply
debug3: receive packet: type 51
debug1: Authentications that can continue: publickey
debug1: Trying private key: /home/sadik/.ssh/id_dsa
debug3: no such identity: /home/sadik/.ssh/id_dsa: No such file or directory
debug1: Trying private key: /home/sadik/.ssh/id_ecdsa
debug3: no such identity: /home/sadik/.ssh/id_ecdsa: No such file or directory
debug1: Trying private key: /home/sadik/.ssh/id_ed25519
debug3: no such identity: /home/sadik/.ssh/id_ed25519: No such file or directory
debug2: we did not send a packet, disable method
debug1: No more authentication methods to try.
Permission denied (publickey).
fatal: Could not read from remote repository.

Please make sure you have the correct access rights
and the repository exists.

For whatever reason it searches for a pubkey id_dsa, so I copied id_rsa to id_dsa and tried it again. Now it prompts for a passphrase! But ... when I enter the wrong passphrase, it asks me again. When I enter the correct one, it says permission denied.

$ git push -u bitbucket master
Enter passphrase for key '/home/sadik/.ssh/id_dsa': 
Enter passphrase for key '/home/sadik/.ssh/id_dsa': 
Enter passphrase for key '/home/sadik/.ssh/id_dsa': 
Permission denied (publickey).
fatal: Could not read from remote repository.

Please make sure you have the correct access rights
and the repository exists.
  1. What's wrong with the permissions?
  2. Why is it looking for id_dsa instead of id_rsa?
Sadık
  • 4,249
  • 7
  • 53
  • 89
  • Are your keys (public and private) in your `~/.ssh` directory? Did you `chmod 700 ~/.ssh`? – Jonathan.Brink Jun 08 '17 at 19:01
  • @Jonathan.Brink yes and yes. It worked perfectly well until I forgot the passphrase and guessed wrong for multiple times. So I created a new one. The only problem is, that it doesn't prompt for the passphrase. It just takes the wrong one I entered before – Sadık Jun 08 '17 at 22:34
  • It is using rsa few lines above and it is rejected. Make sure it is really the key you set up to bitbucket, restart you ssh-agent and try again. – Jakuje Jun 13 '17 at 10:27
  • have you looked through the documentation at '$git help credentials' ? Looks to me like you may have several old credentials cached and it is failing to find their keys under ~/.ssh/ – Doug Coburn Jun 16 '17 at 23:08
  • @DougCoburn Yes, I tried to reset credential.helper (like here https://stackoverflow.com/a/18542920/2013672) but that seemed to have no effect. – Sadık Jun 18 '17 at 07:55

2 Answers2

6

Things look complicated enough that it may be worth starting all over:

  1. Remove all the keys in ~/.ssh that you don't need (if there are keys that you want to keep, consider moving them to a different directory for now).
  2. If ~/.ssh/config exists, check that it doesn't have suspicious lines.
  3. If you are using ssh-agent, remove all keys using ssh-add -D. Check that there are no keys using ssh-add -l. If you see any output, you are suffering from this bug. Log out, log in, and verify that ssh-add -l produces no output.
  4. Run ls -al ~/.ssh and check that there are no keys there.
  5. Create a new key using ssh-keygen. Press enter when it asks for the output file to use the default, then type the passphrase twice.
  6. Run ls -al ~/.ssh and check that id_rsa and id_rsa.pub exist.
  7. Remove existing keys from Bitbucket.
  8. Add the contents of ~/.ssh/id_rsa.pub to Bitbucket.
  9. Test the connection using ssh -T git@bitbucket.org. If it fails, post the output of ssh -vvv git@bitbucket.org.
  10. Check that git commands works.

Why is it looking for id_dsa instead of id_rsa?

SSH tries several keys until it finds one that works. It tried id_rsa, the key was rejected, so it went on to try id_dsa.

Credit to @Leon for mentioning ssh-add.

tom
  • 21,844
  • 6
  • 43
  • 36
  • I didn't mention `ssh-agent` (only `ssh-add`). In any case, your answer is so much more elaborate and helpful that I am going to remove mine. – Leon Jun 16 '17 at 06:34
  • @Leon: Thank you! Please don't remove your answer though, it's good to have your personal experience on record. I've updated my answer regarding ssh-agent vs. ssh-add. – tom Jun 16 '17 at 08:12
  • Thank you. Still don't know what went wrong, but starting all over sometimes is a good idea. – Sadık Jun 18 '17 at 07:51
  • @Sadik: Thanks for the bounty. Is it working now though? – tom Jun 18 '17 at 09:11
  • @tom yes, thanks. In addition to your steps I also created a new directory and did a git init on it, and copied all the files except the git related ones into the new directory. – Sadık Jun 18 '17 at 11:25
4

I forgot the passphrase and guessed wrong for multiple times. So I created a new one.

I read that as you had a key that worked, you created a new one and you are wondering why it does not work.

You need to copy the public key to the server's authorized_keys.

Jakuje
  • 24,773
  • 12
  • 69
  • 75
  • that's what I meant when I wrote `"... and registered the new public key on the repository server"`. I wonder why the command line does not ask for a passphrase and assumes that I don't have access, based on the earlier tries. – Sadık Jun 09 '17 at 13:21
  • 1
    It does not assume anything. If you set it up correcly, it should work. Post the debug logs frpm server and client. – Jakuje Jun 11 '17 at 06:09
  • There is not much to do right or wrong. Server is on bitbucket.org. I don't see any logs there. I have created a new key pair and pasted the pubkey to bitbucket. That's all. – Sadık Jun 13 '17 at 09:07
  • I don't see any client log – Sadık Jun 13 '17 at 09:14
  • 1
    What is the new key that you put into the bitbucket? `GIT_SSH_COMMAND="ssh -vvv" git push -u bitbucket master` will generate your debug log. – Jakuje Jun 13 '17 at 09:18