Collectives™ on Stack Overflow

Find centralized, trusted content and collaborate around the technologies you use most.

Learn more about Collectives

Teams

Q&A for work

Connect and share knowledge within a single location that is structured and easy to search.

Learn more about Teams

My problem is that I can't push or fetch from GitLab. However, I can clone (via HTTP or via SSH). I get this error when I try to push :

Permission denied (publickey) fatal : Could not read from remote repository

From all the threads I've looked, here is what I have done :

  • Set up an SSH key on my computer and added the public key to GitLab
  • Done the config --global for username and email
  • Cloned via SSH and via HTTP to check if it would resolve the issue
  • Done the ssh -T git@gitlab.com command
  • If you have any insight about how to resolve my issue, it would be greatly appreciated.

    @ Nils Werner : I get a lot of lines when I do this command, but one of them is "Authentification succeeded (publickey)" Alexandre Fernandes Bartolomeu Nov 4, 2016 at 16:33 make sure you are not running sudo git clone git@gitlab.com:project/somethiing.git , otherwise ssh will look in /root/.ssh instead of the key you uploaded ~/.ssh/id_rsa rivanov Jun 21, 2017 at 20:18 I solved the same problem by adding a key to agent via "ssh-add ~/.ssh/the_key" followed by authorising they key by phrase. This is the private part of what I added to GitLab. Celdor Sep 24, 2019 at 12:23

    I found this after searching a lot. It will work perfectly fine for me.

  • Go to "Git Bash" just like cmd. Right click and "Run as Administrator".
  • Type ssh-keygen
  • Press enter.
  • It will ask you to save the key to the specific directory.
  • Press enter. It will prompt you to type password or enter without password.
  • The public key will be created to the specific directory.
  • Now go to the directory and open .ssh folder.
  • You'll see a file id_rsa.pub . Open it on notepad. Copy all text from it.
  • Go to https://gitlab.com/-/profile/keys or
  • Paste here in the "key" textfield.
  • Now click on the "Title" below. It will automatically get filled.
  • Then click "Add key".
  • Now give it a shot and it will work for sure.

    In case you're lost in copying the pub file into clipboard. try the following: type %userprofile%\.ssh\id_rsa.pub | clip jquijano May 28, 2018 at 18:59 in windows 10 if you do need to find .ssh\id_rsa.pub you can type this cat ~/.ssh/id_rsa.pub on git bash it will show you the "Key" , so you could copy and paste it to text field in gitlab.com/profile/keys Chutipong Roobklom Sep 10, 2018 at 3:41 Make sure to do this: ssh-add filename (with-path if not in the rsa dir) after following above steps Blasanka Dec 13, 2018 at 15:57 Referencing @Blasanka 's answer ssh-add filename where filename is the file WITHOUT .pub at the end. You'll be prompt the password you've generated during ssh key creation to add your identity Mattia Ducci Jun 2, 2020 at 22:59

    Step 2: Just clone the git repo WITHOUT sudo. Documentation: https://gitlab.com/help/ssh/README#working-with-non-default-ssh-key-pair-paths

    ** sometimes you have the config in your ~/.ssh/config , but, IdentityFile path is not correct. you can check the file name like this ls ~/.ssh/ . the file is normally is id_ed25519 for gitlab. thus the correct config is IdentityFile ~/.ssh/id_ed25519

    This is required if the key-file with the default name is already used for different purposes. If you are creating a key-file with non-default name, like id_rsa_gitlab in Fedo's example, you will need to supply a config-file. Gitlab's nice article about the matter: gitlab.com/help/ssh/… Dany Mar 9, 2019 at 10:31 The important part here is that IdentityFile is the private part; you should match this file with the *.pub public key which you've uploaded to Gitlab. Mixing one private key with another public key will fail, intentionally. Gitlab authenticates you because you have a matching pair of files. MSalters Jun 20, 2022 at 15:21

    I think the simple solution is to add private key to authentication agent (if your key is not ~/.ssh/id_rsa ),

    ssh-add ~/.ssh/<your private key>
    

    You basically let the ssh-agent take care of it.

    Additionally, you can add it permanently.

    Worked for me. I had the default config , so i typed : ~$ ssh-add ~/.ssh/id_ed25519 in console and It worked . @Hussain thanks – MSI Abu Zafar Newton Aug 21, 2022 at 9:43

    There is a very simple solution to this: instead of working with ssh - move to https. to do this: in your project folder you have a .git folder in there - you have a config file - open it in a text editor and change the line

    url =git@gitlab.com:yourname/yourproject.git

    url = https://gitlab.com/yourname/yourproject.git

    This worked, thanks. @UpAndAdam this sidesteps the issue, sure, but ssh is so problematic and frustrating on Windows that I would rather sidestep it. I'd rather get work done than wrestle with ssh. – Samaursa Jan 10, 2022 at 20:40 Your personal anecdote is meaningless. That doesn't make it an answer to the question asked. It is a workaround and does not answer the question. Furthermore windows is NOT tagged in the question and Ubuntu is. So your anecdote has no relevance – UpAndAdam Jan 18, 2022 at 22:45

    In my case it did not work in the WSL (Windows Subsystem for Linux).

    When I start the WSL, I must

  • start ssh-agent_ eval $(ssh-agent -s)
  • add the key to the ssh-agent: ssh-add ~/.ssh/id_rsa
  • if prompted, enter the password
  • Now the connection works.
    We can test this with ssh -T git@github.com

    notes:

  • weasel-pageant allows us to reuse the ssh keys that are loaded in PuTTY pageant inside the WSL
  • detailed explanation: Git via SSH from Windows returns Permission Denied
  • it must return your identity, so after retry to clone, it's must work

    NB: don't forget to add your ssh key in your profile gitlab

    thanks

    Thank u man. My company require the project em / folder. I had to gerenate ssh using sudo. That way, i can use sudo git clone. Your advice helped me a lot. – Jocsã Aug 10, 2020 at 14:41

    I know, I'm answering this very late and even StackOverflow confirmed if I really want to answer. I'm answering because no one actually described the actual problem so wanted to share the same.

    The Basics

    First, understand that what is the remote here. Remote is GitLab and your system is the local so when we talk about the remote origin, whatever URL is set in your git remote -v output is your remote URL.

    The Protocols

    Basically, Git clone/push/pull works on two different protocols majorly (there are others as well)-

  • HTTP protocol
  • SSH protocol
  • When you clone a repo (or change the remote URL) and use the HTTPs URL like https://gitlab.com/wizpanda/backend-app.git then it uses the first protocol i.e. HTTP protocol.

    While if you clone the repo (or change the remote URL) and uses the URL like git@gitlab.com:wizpanda/backend-app.git then it uses the SSH protocol.

    HTTP Protocol

    In this protocol, every remote operation i.e. clone, push & pull uses the simple authentication i.e. username & password of your remote (GitLab in this case) that means for every operation, you have to type-in your username & password which might be cumbersome.

    So when you push/pull/clone, GitLab/GitHub authenticate you with your username & password and it allows you to do the operation.

    If you want to try this, you can switch to HTTP URL by running the command git remote set-url origin <http-git-url>.

    To avoid that case, you can use the SSH protocol.

    SSH Protocol

    A simple SSH connection works on public-private key pairs. So in your case, GitLab can't authenticate you because you are using SSH URL to communicate. Now, GitLab must know you in some way. For that, you have to create a public-private key-pair and give the public key to GitLab.

    Now when you push/pull/clone with GitLab, GIT (SSH internally) will by default offer your private key to GitLab and confirms your identity and then GitLab will allow you to perform the operation.

    So I won't repeat the steps which are already given by Muhammad, I'll repeat them theoretically.

  • Generate a key pair `ssh-keygen -t rsa -b 2048 -C "My Common SSH Key"
  • The generated key pair will be by default in ~/.ssh named id_rsa.pub (public key) & id_rsa (private key).
  • You will store the public key to your GitLab account (the same key can be used in multiple or any server/accounts).
  • When you clone/push/pull, GIT offers your private key.
  • GitLab matches the private key with your public key and allows you to perform.
  • You should always create a strong rsa key with at least 2048 bytes. So the command can be ssh-keygen -t rsa -b 2048.

    https://gitlab.com/help/ssh/README#generating-a-new-ssh-key-pair

    General thought

    Both the approach have their pros & cons. After I typed the above text, I went to search more about this because I never read something about this.

    I found this official doc https://git-scm.com/book/en/v2/Git-on-the-Server-The-Protocols which tells more about this. My point here is that, by reading the error and giving a thought on the error, you can make your own theory or understanding and then can match with some Google results to fix the issue :)

    In my case, it wasn't a gitlab problem, but a sshd configuration one. The ssh server didn't allow connection except for a list of users. The user git, the one connecting remotely to gitlab, wasn't in that list. So, check this before anything else.

    You can check your ssh server configuration in /etc/ssh/sshd_config. If you have a line with the option AllowUsers, add git to it:

    AllowUsers user1 user2 user3 git
    

    Steps to be done, got same error but i fixed it. Gitlab wants ssh-rsa so below is the code to run ssh for rsa

  • ssh-keygen -o -t rsa -b 4096 -C "name@gmail.com"
  • name@gmail.com is your gitlab account email

  • It will prompt you to enter so just hit Enter after the below code is prompt,

    Enter file in which to save the key (/home/yourDesktopName/.ssh/id_rsa):

  • It will prompt again you to enter so just hit Enter after the below code is prompt,

    Enter passphrase (empty for no passphrase):

  • It will prompt again for the last you to enter so just hit Enter after the below code is prompt,

    Enter same passphrase again:

  • You will show your ssh-rsa generate.

  • Login to your Gitlab account and Go to the right navbar you will get setting and in the left sidebar you will get ssh key. Enter in it.

  • Look above the prompt asking you to enter, you will get the path of ssh-rsa.

  • Go to your SSH folder and get the id_rsa.pub

  • Open it and get the key and Copy Paste to the Gitlab and you are nearly to done.

  • Check by: ssh -T git@gitlab.com

  • You will get: Welcome to GitLab, @joy4!

  • Done.

  • I have gitlab running with docker, this is what I did to fix my problem.

    Found that inside docker /var/log/gitlab/sshd/current there were multiple occurences of a message:

    Authentication refused: bad ownership or modes for file /var/opt/gitlab/.ssh/authorized_keys

    After which I changed ownership of that file from 99:users to git:users with:

    chown git:users authorized_keys

    Thank you SO MUCH. I'm running Gitlab on Kubernetes and the /gitlab-data directory (which is also the mountpoint for authorized_keys) had permission problems. A simple chown was enough. – Dillen Meijboom Jul 13, 2017 at 6:47 @DillenMeijboom what was the chown permission that you needed to set? I'm suspecting a similar issue on mine but I'm not sure what to set the gitlab-data mount directory to. – falc0nit3 Sep 8, 2020 at 7:30

    When you have multiple git account and you want different ssh key

    You have to follow same step for generating the ssh key, but be sure

    ssh-keygen -t ed25519 -C "your-email-id@gmail.com" 
    

    Enter the path you want to save(Ex: my-pc/Desktop/.ssh/ed25519)

    Add the public key to your gitlab (How to adding ssh key to gitlab)

    You have to new ssh identity using the below comand

    ssh-add ~/my-pc/Desktop/.ssh/ed25519
    
    To create a new SSH key pair: 
     1. Open a terminal on Linux or macOS, or Git Bash / WSL on Windows.
     2. Generate a new ED25519 SSH key pair: ssh-keygen -t ed25519 -C "email@example.com"
     2.1 Or, if you want to use RSA: ssh-keygen -o -t rsa -b 4096 -C "email@example.com"
     3. Next, you will be prompted to input a file path to save your SSH key pair to... use the suggested path by pressing Enter
     4. Once the path is decided, you will be prompted to input a password to secure your new SSH key pair. It's a best practice to use a password, but it's not required and you can skip creating it by pressing Enter twice.
     5. Copy your public SSH key to the clipboard by using one of the commands below depending on your Operating System:
            macOS:        pbcopy < ~/.ssh/id_ed25519.pub
            WSL / GNU/Linux (requires the xclip package):      xclip -sel clip < ~/.ssh/id_ed25519.pub
            Git Bash on Windows:      cat ~/.ssh/id_ed25519.pub | clip
     6. Navigating to SSH Keys and pasting your public key in the Key field
     7. Click the Add key button
    

    I hope it can help some of you!

    Earlier it was very difficult for me but when I tried it became so easy to add ssh key in Mac and Linux. There are a few steps and command to do this as follows:

  • Open a terminal of your system and move inside your project directory by the command:
  • cd 'project directory name'
    
  • Run command ssh-keygen in that terminal and enter it until the key's randomart image appears there.

  • Then enter one more command in that terminal:

  • cat ~/.ssh/id_rsa.pub
    

    It will generate your ssh key. Key will start with ssh-rsa and end with .local.

  • Copy the key and go to your Gitlab profile section then ssh key section and paste it there. Click on the Add button this will work.
  • Go to project directory in terminal using cd path/to/project
  • Run ssh-keygen
  • Press enter for passphrase
  • Run cat ~/.ssh/id_rsa.pub in terminal
  • Copy the key that you get at the terminal
  • Go to Gitlab/Settings/SSH-KEYS
  • Paste the key and press Add Key button
  • This worked for me like a charm!

    For anyone using Windows 10 and nothing else working for him/her:

    In my case, I had to clone the repo with https instead of ssh and a window popped-up asking for my credentials. After that everything works fine.

  • ssh-keygen -t ed25519 -C "email@example.com"
  • Copy your public SSH key to the clipboard (xclip -sel clip < ~/.ssh/id_ed25519.pub in my case on Linux )
  • On gitlab, go to settings=>ssh keys and past the new key
  • You must have id_rsa.pub and id_rsa (private) keys in your .ssh folder ( which should be in your home folder.Create it if it isn't there put your keys ). It wouldn't work If you have named your key files differently

  • Change the permission of the id_rsa as chmod 400 ~/.ssh/id_rsa

  • Another issue that can cause this behaviour is when you have a setup with 2 possible %HOME%-locations.

    I'm using a PC where some of my documents are stored locally, and some of them are stored on a network drive. Some applications think C:\Users\<MyUserName>\ is my %home%, others think that U:\ is the home.

    Turns out ssh-keygen put my private key under C:\users\<MyUserName>\, and that ssh -T and ssh -v also look there.

    So everything seems to work fine, except that git clone, git push and others look for a key in U:\. Which fails, so I get the aforementioned error.

    It took me an hour to find out, but in the end the solution was simple: I copied everything from C:\Users\<MyUserName>\.ssh to U:\.ssh

    I spent many hours to fix this. Below solution worked for me.

    Follow these commands on your terminal.

    ssh-keygen -t rsa -C "<your email address>" -b 4096 -t ed25519
    

    Rename generated keys as this: id_rsa and id_rsa.pub the Add generated public key to your gitlab server.

    Then add ssh key to ssh agent as below.

  • Initiate ssh-agent

    eval "$(ssh-agent -s)"

  • If your key is generated with a different name, replace id_rsa in the command below

    ssh-add ~/.ssh/id_rsa

    To test the connection use this command.

    ssh -T git@<git lab server url>
    

    To troubleshoot use below commands.

    ssh -Tv git@<git lab server url>
    ssh -vvv git@<git lab server url>
    

    Now you can clone your project to your local environment.

    Generated a key for Windows using this command:

    ssh-keygen -t rsa -C "your.email@example.com" -b 4096
    

    but the problem was that after running this command, it popped a line: "Enter file in which to save the key (/c/Users/xxx/.ssh/id_rsa): " Here, I was giving only file name because of which my key was getting saved in my pwd and not in the given location. When I did "git clone ", it was assuming the key to be at "/c/Users/xxx/.ssh/id_rsa" location but it was not found, hence it was throwing error.

    At the time of key generation 2 files were generated say "file1" & "file1.pub". I renamed both these files as

    file1 -> id_rsa 
    
    file1.pub -> id_rsa.pub
    

    and placed both in the location "/c/Users/xxx/.ssh/"

    Go to the terminal and regenerate the ssh key again. Type ssh-keygen. It will ask you where you want to save it, type the path.

    Then copy the public key to gitlabs platform. It usually starts with ssh-rsa.

  • Open terminal in your project directory.
  • Type ‘ssh-keygen -o -t rsa -b 4096 -C "your gitlab email" ’ and hit enter
  • Type ‘vim /home/mnbtech/.ssh/id_rsa.pub’ and hit enter (or manually open your 'id_rsa.pub'from where you saved it)
  • SSH key will appear. Copy those and

  • Go to your gitlab account.

  • Click profile image And click setting
  • In left side select SSH-Keys
  • Then paste those key Click add key
  • SSH-Key will be added!

    (N.B if you have Generate Previews SSH Key and Getting permission denied (public key). You Delete Your Previews ssh key and Generate new one and add git user.name and email on your terminal )

    There seem to be differences between the two ways to access a git repository i.e. using either SSH or HTTPS. For me, I encountered the error because I was trying to push my local repository using SSH.

    The problem can simply be solved by clicking the clone button on the landing page of your project and the copying the HTTPS link and replacing it to the SSH link appearing with the format "git@gitlab...".

    I had the same problems, It has been fixed after I re-generate the ssh key inside .ssh folder without naming it (keep it as id_rsa.pub). Then add it again to gitlab ssh key. Everything working fine now.

    I solved git@gitlab.com: Permission denied (publickey) issue using following instructions

  • RUN cat ~/.ssh/id_rsa.pub
  • Copy id_rsa.pub (public key) to your getlab `Setting -> SSH Keys
  • RUN cat ~/.ssh/id_rsa
  • Copy id_rsa (private key) to `Code_repo->git_auth->id_rsa
  • NOTE: Take care of the machine user if you are using root user in your DockerFile or anywhere else then use sudo su before running the above commands to get root user public and private keys.

    Nothing worked for me on Windows 10 using Pageant as SSH agent, except adding a enviroment variable to windows (translated from german Windows 10, so the naming may differ):

  • Search for "variables"
  • Open System Enviroment Variables
  • Click Enviroment Variables button at the bottom
  • Add a new key named "GIT_SSH" and the value "C:\Program Files\PuTTY\plink.exe", to the top section "User Variables xxx"
  • And you're done.
  • All thanks go to Benjamin Bortels, source: https://bortels.io/blog/git-in-vs-code-unter-windows-richtig-einstellen

    In our case, it wasn't a problem on the user/client side, but on the Gitlab server side.

    We are running a local Gitlab CE 12.9 instance on CentOS 7.1.

    We found out that on the server, the .ssh/authorized_keys file was not updating properly. Users create their SSH keys (following the Gitlab guide) and add it to the Gitlab server, but the server does not update the authorized_keys, so it will always result to permission denied errors.

    A workaround was to rebuild the authorized_keys file by running:

    $ sudo gitlab-rake gitlab:shell:setup
    

    That would work for anyone who added their keys before running the rake task. For the next users who would add their keys, someone has to manually run the rake tasks again.

    A more permanent solution was to not use the authorized_keys file and use instead an indexed lookup on the Gitlab database:

    GitLab Shell provides a way to authorize SSH users via a fast, indexed lookup to the GitLab database. GitLab Shell uses the fingerprint of the SSH key to check whether the user is authorized to access GitLab.

    Add the following to your sshd_config file. This is usually located at /etc/ssh/sshd_config, but it will be /assets/sshd_config if you're using Omnibus Docker:

    Match User git    # Apply the AuthorizedKeysCommands to the git user only   
      AuthorizedKeysCommand /opt/gitlab/embedded/service/gitlab-shell/bin/gitlab-shell-authorized-keys-check git %u %k   
      AuthorizedKeysCommandUser git 
    Match all    # End match, settings apply to all users again 
      

    Reload OpenSSH:

    # Debian or Ubuntu installations   
    sudo service ssh reload
    # CentOS installations   
    sudo service sshd reload 
      

    Confirm that SSH is working by removing your user's SSH key in the UI, adding a new one, and attempting to pull a repo.

    By default (well the default on our installation), the Write to authorized_keys file was checked in the Admin Area > Performance Optimization settings. So we unchecked that and used the Gitlab database instead.

    After setting up indexed lookup and unchecking the Write to authorized_keys file, SSH access became OK.

    Thanks for contributing an answer to Stack Overflow!

    • Please be sure to answer the question. Provide details and share your research!

    But avoid

    • Asking for help, clarification, or responding to other answers.
    • Making statements based on opinion; back them up with references or personal experience.

    To learn more, see our tips on writing great answers.

  •