I have created a Github repo to where I push my local changes using Git Bash, without any problems. I can also use Git Bash to connect to my remote web server (shared hosting) and navigate to the folder where I want to clone my Laravel site.
This is where the problems begin. When I do
$ git clone git#github.com:myusername/mylaravelsite.git
I get the error message:
Permission denied (publickey)
After some searching for a solution I found that I should make sure that I have a key by doing this:
$ eval "$(ssh-agent -s)"
Which gave this answer:
Agent pid 122372
Then according to the instructions I should do this
$ ssh-add -l
Which gave me this message:
The agent has no identities
Reading up a bit more I try to add the key again by doing
$ssh-keygen -t rsa
...which generated a key pair that I added with ssh-add, I was prompted for a passphrase which I entered twice.
Now, I still get Permission denied (publickey) when I try to access my github repo with ssh. I should also mention that I have created a new SSH key at the github account where I pasted the key I created (I opened .ssh/id_rsa-pub with notepad and copied the content).
What more can I try?
Finally found the answer in case anyone else has the same problem. It turns out that the public key also must exist in the remote web server (in the .ssh folder I uploaded the same rsa_id and rsa_id.pub files, that I created locally), not only locally and in the Github account.
Once I had figured that out and uploaded those files to the webserver, it worked to clone my github repo :-).
Related
This question already has answers here:
Git error: "Host Key Verification Failed" when connecting to remote repository
(30 answers)
Closed 1 year ago.
I'd like to pip install a library from a private GitHub repository in a GitHub Actions job. I can install it on my computer just fine because I've configured GitHub to accept the SSH key. But how do I give an SSH key to a GitHub Actions runner?
On my computer, this works fine:
python -m pip install "git+ssh://git#github.com/ORG/LIBRARY.git#main#egg=SOMETHING&subdirectory=SOMETHING"
Collecting LIBRARY
Cloning ssh://****#github.com/ORG/LIBRARY.git (to revision main) to /tmp/pip-install-_kw52ce5/LIBRARY_35c4fb5cf6a64e30914beaec4a768bd1
Installing build dependencies ... done
...
Successfully built LIBRARY-0.1.1
I changed the name of the library, organization, and directories for privacy. Documentation for pip installations from GitHub repos are here.
I have tried this guide with this GitHub action with no luck. In GitHub Actions, I get this error message:
Step 15/20 : RUN pip install -r requirements.txt
---> Running in 5ece3eb6572e
Collecting LIBRARY# git+ssh://git#github.com/ORG/LIBRARY.git#main#egg=SOMETHING&subdirectory=SOMETHING
Cloning ssh://****#github.com/ORG/LIBRARY.git (to revision main) to /tmp/pip-install-ohx86p2h/LIBRARY_2972ab1296ce45afa73bbb3c5a036bd1
Running command git clone -q 'ssh://****#github.com/ORG/LIBRARY.git' /tmp/pip-install-ohx86p2h/LIBRARY_2972ab1296ce45afa73bbb3c5a036bd1
Host key verification failed.
fatal: Could not read from remote repository.
Please make sure you have the correct access rights
and the repository exists.
How do I give an SSH key to a GitHub Actions runner?
I think the "Host key verification failed" points to an issue with the ~/.ssh/known_hosts file. Typically, the first time you connect to a host via ssh you are prompted with something similar to:
The authenticity of host 'domain.com (a.b.c.d)' can't be established.
RSA key fingerprint is XX:XX:...:XX.
Are you sure you want to continue connecting (yes/no)?
When you answer yes, the host key is automatically added to the known_hosts file. You can manually add the host key to the known_hosts file of the user that is running your Github Actions:
Get the host key directly from a github admin or once logged into github.com (more secure - highly suggest).
use ssh-keyscan -H github.com >> ~/.ssh/known_hosts
I have a school and a personal Github, so I made an SSH key for my personal account and linked it up. It always works only once, then gives me
Push Failed
Git#github.com: Permission denied (publickey). Could not read from remote repository. Please make sure you have the correct access rights and the repository exists.
It works fine again after I delete the old SSH and make a new one, but this is obviously a huge hassle. I am on Windows 10, using Git Bash, and IDE is IntelliJ.
Any ideas? Thanks.
I solved this problem in the following way:
1.Create a file named config in the path $USER_HOME/.ssh/, then add following content.
# For school account
Host school_github
HostName github.com
PreferredAuthentications publickey
IdentityFile ~/.ssh/id_rsa_school
# For personal account
Host personal_github
HostName github.com
PreferredAuthentications publickey
IdentityFile ~/.ssh/id_rsa_personal
2.Run following command using git bash:
Change your school github repository configuration
git remote rm origin
git remote add origin git#school_github:your_github_username/your_repo_name.git
You can hava a try.
You don't need to create SSH keys for each git service just upload the same public key to both personal and school accounts and it will work.
SSH public key is tied to you local account you have generate SSH keys only if you are using different local(machine) account or different machine
Seems to me like when you try to authenticate, you are probably not using your keys.
If you run the command
ssh-add -l
You (should) see a list of all your keys. Each time you start a new session, make sure to start up the agent and add your keys.
eval `ssh-agent`
ssh-add ~/.ssh/id_rsa
I'd like to install the c++ sdk on my ec2 instance. The bash command to do this is given on this page: https://docs.aws.amazon.com/sdk-for-cpp/v1/developer-guide/setup.html
"To build the SDK from source"
...
"Clone with Git: git clone git#github.com:aws/aws-sdk-cpp.git"
I downloaded git on my instance and tried this command and get these errors:
"The authenticity of host 'github.com (192.30.253.112)' can't be established.
RSA key fingerprint is SHA256:nThbg6kXUpJWGl7E1IGOCspRomTxdCARLviKw6E5SY8.
RSA key fingerprint is MD5:16:27:ac:a5:76:28:2d:36:63:1b:56:4d:eb:df:a6:48.
Warning: Permanently added 'github.com,192.30.253.112' (RSA) to the list of known hosts.
Permission denied (publickey).
fatal: Could not read from remote repository.
Please make sure you have the correct access rights and the repository exists."
If I can't resolve this, then I need to do a direct download. Can I do a Direct download via curl? I'd like to be able to get a fresh download every time I launch a new instance so that I pick up all the new code updates.
The given download(checkout)instruction is based on the assumption that you are using ssh to access Github. You should set up ssh key on Github to make that work.
Otherwise, you can use Https to check it out: git clone https://github.com/aws/aws-sdk-cpp.git
With GitHub command I have:
ssh -T git#github.com
Hi (MyName)! You've successfully authenticated, but GitHub does not provide shell access.
My connection with GitHub is ok (no problem), but with Jenkins I have this error:
ERROR: Error cloning remote repo 'origin' : Could not clone git#github.com:Name-MysRepo/MyRepo.git
hudson.plugins.git.GitException: Could not clone git#github.com:Name-MysRepo/MyRepo.git
at org.jenkinsci.plugins.gitclient.CliGitAPIImpl.clone(CliGitAPIImpl.java:219)
at hudson.plugins.git.GitSCM$2.invoke(GitSCM.java:1001)
at hudson.plugins.git.GitSCM$2.invoke(GitSCM.java:942)
at hudson.FilePath.act(FilePath.java:904)
at hudson.FilePath.act(FilePath.java:877)
at hudson.plugins.git.GitSCM.determineRevisionToBuild(GitSCM.java:942)
at hudson.plugins.git.GitSCM.checkout(GitSCM.java:1101)
at hudson.model.AbstractProject.checkout(AbstractProject.java:1369)
at hudson.model.AbstractBuild$AbstractBuildExecution.defaultCheckout(AbstractBuild.java:676)
at jenkins.scm.SCMCheckoutStrategy.checkout(SCMCheckoutStrategy.java:88)
at hudson.model.AbstractBuild$AbstractBuildExecution.run(AbstractBuild.java:581)
at hudson.model.Run.execute(Run.java:1575)
at hudson.maven.MavenModuleSetBuild.run(MavenModuleSetBuild.java:477)
at hudson.model.ResourceController.execute(ResourceController.java:88)
at hudson.model.Executor.run(Executor.java:241)
Caused by: hudson.plugins.git.GitException: Command "git clone --progress -o origin git#github.com:Name-MysRepo/MyRepo.git /root/.jenkins/jobs/TestKRGDAOV01/workspace" returned status code 128:
stdout: Cloning into '/root/.jenkins/jobs/TestKRGDAOV01/workspace'...
stderr: Permission denied (publickey).
fatal: The remote end hung up unexpectedly
Is this problem with public key?
I use Jenkins under Tomcat 7 / Ubuntu 12.
This error:
stderr: Permission denied (publickey). fatal: The remote end hung up unexpectedly
indicates that Jenkins is trying to connect to github with the wrong ssh key.
You should:
Determine the user that jenkins runs as, eg. 'build' or 'jenkins'
Login on the jenkins host that is trying to do the clone - that is, do not login to the master if a node is actually doing the build.
Try you ssh to github - if it fails, then you need to add the proper key to <jenkins user home>/.ssh
To check are the following:
if the right public key (id_rsa.pub) is uploaded to the git-server.
if the right private key (id_rsa) is copied to /var/lib/jenkins/.ssh/
if the known_hosts file is created inside ~/.ssh folder. Try ssh -vvv git#github.com to see debug logs. If thing goes well, github.com will be added to known_hosts.
if the permission of id_rsa is set to 700 (chmod 700 id_rsa)
After all checks, try ssh -vvv git#github.com.
Also make sure you using the ssh github url and not the https
In my case I had to add the public key to my repo (at Bitbucket) AND use git clone once via ssh to answer yes to the "known host" question the first time.
i had sometime ago the same issue.
make sure that your ssh key doesn't have password and use not common user account (e.g. better to user account called jenkins or so).
check following article http://fourkitchens.com/blog/2011/09/20/trigger-jenkins-builds-pushing-github
When I got a similar status code 128 error from Jenkins:
status code 128:
stdout:
stderr: fatal: Couldn't find remote ref refs/heads/jenkins
at org.jenkinsci.plugins.gitclient.CliGitAPIImpl.launchCommandIn(CliGitAPIImpl.java:2172)
at org.jenkinsci.plugins.gitclient.CliGitAPIImpl.launchCommandWithCredentials(CliGitAPIImpl.java:1864)
at org.jenkinsci.plugins.gitclient.CliGitAPIImpl.access$500(CliGitAPIImpl.java:78)
at org.jenkinsci.plugins.gitclient.CliGitAPIImpl$1.execute(CliGitAPIImpl.java:545)
at jenkins.plugins.git.GitSCMFileSystem$BuilderImpl.build(GitSCMFileSystem.java:358)
at jenkins.scm.api.SCMFileSystem.of(SCMFileSystem.java:197)
at jenkins.scm.api.SCMFileSystem.of(SCMFileSystem.java:173)
at org.jenkinsci.plugins.workflow.cps.CpsScmFlowDefinition.create(CpsScmFlowDefinition.java:113)
at org.jenkinsci.plugins.workflow.cps.CpsScmFlowDefinition.create(CpsScmFlowDefinition.java:67)
at org.jenkinsci.plugins.workflow.job.WorkflowRun.run(WorkflowRun.java:299)
at hudson.model.ResourceController.execute(ResourceController.java:97)
at hudson.model.Executor.run(Executor.java:429)
Finished: FAILURE
It was because I hadn't pushed my new branch "jenkins" that had my Jenkinsfile. So the solution was to just push my changes
I deleted my project (root folder) and created it again. It was the fastest and simplest way in my case.
Do not forget to save all you changes, before you delete you project!
I first had another credential, then when i deleted that, and created a new one, i had the same error. I had to go to every project, and select the new Credential.
I changed the permission of my .ssh/id_rsa (private key) to 604.
chmod 700 id_rsa
Here is my setup:
Jenkins is running on my linux machine as 'jenkins' user.
I have generated a ssh key-pair as described in Linux - Setup Git, for the 'jenkins' user.
When I sudo su jenkins and try ssh -vT git#github.com, I am always asked my passphrase, but I am always eventually authenicated. (the verbose option shows which key is used, among others).
I could clone my repo from GitHub using jenkins:
Thusly:
jenkins#alpm:~/jobs/test git/workspace$ git pull
Enter passphrase for key '/var/lib/jenkins/.ssh/id*_rsa':
Already up-to-date.
Up to this point I have followed the instructions to the letter. The problem is that the Jenkins job fails with the following error:
status code 128:
stdout:
stderr: Permission denied (publickey).
fatal: The remote end hung up unexpectedly
This is same error as I get when I typo the passphrase (but of course, Jenkins does not ask me for the passphrase). The following pages:
GitHub - SSH Issues
Using SSH Agent Forwarding
indicate to me that ssh-agent could help remember the passphrase, which it does when I am using my own user, but not the jenkins id. Note that while running as my normal user yields:
echo "$SSH_AUTH_SOCK"
/tmp/keyring-nQlwf9/ssh
While running the same command as my 'jenkins' yields nothing (not even permission denied)
My understanding of the problem is that the passphrase is not remembered.
Do you have any idea?
Shall I start a ssh-agent or key ring manager for the jenkins user? How?
Or is ssh forwarding suitable when forwarding to the same machine?
Any brighter idea?
ps: I never sudo gitted, I always used jenkins or my user account (as mentioned in this SO post - Ubuntu/GitHub SSH Key Issue)
Since nobody wrote the answer from the comments for several months, I will quickly do so.
There are 2 possible problems/solutions:
id_rsa created with wrong user
Create id_rsa as the jenkins user (see hudson cannot fetch from git repository)
Leave passphrase empty
To summarise what must be done on the Jenkins server:
# 1. Create the folder containing the SSH keys if necessary
if [ ! -e ~jenkins/.ssh ]; then mkdir ~jenkins/.ssh; fi
cd ~jenkins/.ssh/
# 2. Create the SSH pair of keys
# The comment will help to identify the SSH key on target systems
ssh-keygen -C "jenkins" -f ~jenkins/.ssh/id_rsa -P ""
# 3. Assign the proper access rights
chown -R jenkins ~jenkins/.ssh/
chmod 700 ~jenkins/.ssh
chmod 600 ~jenkins/.ssh/*
Remember:
Please keep the default "id_rsa" name when generating the keys, as other such as "id_rsa_jenkins" won't work, even if correctly set up.
Do not use a passphrase for your key
Check that the public key (id_rsa.pub) has been uploaded on the git server (GitHub, Bitbucket, etc). Once done, test your SSH key by running: ssh -vvv git#github.com (change address according to your git server)
I got around this problem by simply leaving the passphrase empty when creating the keys.
I would add that if you created the keys by hand, they might still be owned by you and not readable by jenkins, try:
sudo chown jenkins -R /var/lib/jenkins/.ssh/*
To check are the following:
if the right public key (id_rsa.pub) is uploaded to the git-server.
jenkins user will access to github -> to CHECK if the right private key (id_rsa) is copied to /var/lib/jenkins/.ssh/
if the known_hosts file is created inside ~/.ssh folder. Try ssh -vvv git#github.com to see debug logs. If thing goes well, github.com will be added to known_hosts.
if the permission of id_rsa is set to 755 (chmod 755 id_rsa)
After all checks -> try ssh -vvv git#github.com
Dont try to do config in jenkins until ssh works!
If you are running jenkins as a service in windows, you need to verify the user running the service. If you created the keys using the user "MACHINENAME\user", change the service so the user running it can match
For Mac users, the issue can be solved by removing the existing keys and creating new Private and Public Keys by following these steps:
1.Remove all Public and Private keys located at /Users/Username/.ssh
2.Remove all the credentials saved under the Credentials tab in Jenkins.
3.Remove the existing Public SSH keys defined in the Github Repository Settings.
4.Create new SSH keys (private and public: id_rsa and id_rsa.pub) by following the steps from https://confluence.atlassian.com/bitbucketserver/creating-ssh-keys-776639788.html#CreatingSSHkeys-CreatinganSSHkeyonLinux&MacOSX
5.Set the newly created public SSH key (id_rsa.pub) in Github or an equivalent Repository Settings.
6.In Jenkins,create new credentials by adding the private SSH key(id_rsa) for your Github username.
7.The Error should be removed now.
keys need to generated from jenkins user.
sudo su jenkins
ssh-keygen
once the key is generated, it should be added as ssh key in bitbucket or github.