Git ssh clone fails with error Permission denied (publickey) in Bitbucket Server
Platform notice: Server and Data Center only. This article only applies to Atlassian products on the server and data center platforms .
Summary
Ssh git clone fails with the following error.
In order to get a more detailed output, you can try the command, GIT_SSH_COMMAND= «ssh -vvvv» git clone ssh://git@<repository_url> and this will give you the output similar to the below one.
Environment
Bitbucket Server/Data Center 7.17.0 or above installed on Ubuntu 14.x LTS or Ubuntu 16.x
Diagnosis
Run ssh localhost from the same machine and retry the clone. It will get successful and you can see the below line in the success output.
Cause
When running the clone directly from the client machine, the key is being accessed from the ssh agent gnome-keyring in the Operating system. This is a feature that collects all of your passwords in a secure application (gnome-keyring) and will use these stored passwords to automatically log you in to various services. But it is possible that the passwords stored in the keyring could get outdated and this could cause authentication failures.
To confirm this, you can run the below command twice. Once directly on the machine, then after executing » ssh localhost «.
You can see similar output.
The SSH_AUTH_SOCK path variable has been cleared once you run ssh localhost and the key is being taken from the default ssh configuration.
Solution
Please work with your system admin and disable the gnome-keyring: ssh agent in your system(not the server) or you can manually unset the SSH_AUTH_SOCK environment variable.
git gh-pages deployment permissions error “Permission denied (publickey). fatal: Could not read from remote repository”
/.ssh/id_rsa . This seems to work for me any time I need to get passed this error!
I’m very very new to using git and I’ve never deployed to gh-pages before, so I’m not sure what I’m doing wrong. I put in the homepage, dependencies, and scripts in my package.json file and when I run $ yarn run deploy everything works until the very end. It tells me it’s ready to be deployed to the page I want, and then it gives me this error:
I’ve followed the GitHub instructions for this specific error, which led me to this page about checking for an SSH key. I’ve been successfully pushing to this repo the entire time I’ve worked on the application, so I know it’s authenticated and it works, but for some reason deployment doesn’t work.
This is my output when I run $ ssh -vT git@github.com
So it seems to connect just fine, so when I do $ eval "$(ssh-agent -s)" it returns > Agent pid 59566 as it should, but when I run $ ssh-add -l -E md5 , it tells me The agent has no identities. Does this mean it’s not actually authenticated?
Also, step 2 of this page says something about automatically loading keys into the ssh agent, but I’ve never done this before and I’m not sure how to modify my
/.ssh/config file but I don’t even seem to have one? How do I modify this file if it doesn’t exist? 🙁
Name already in use
gitlabhq / doc / topics / git / troubleshooting_git.md
- Go to file T
- Go to line L
- Copy path
- Copy permalink
- Open with Desktop
- View raw
- Copy raw contents Copy raw contents
Copy raw contents
Copy raw contents
Troubleshooting Git (FREE)
Sometimes things don’t work the way they should or as you might expect when you’re using Git. Here are some tips on troubleshooting and resolving issues with Git.
Broken pipe errors on git push
‘Broken pipe’ errors can occur when attempting to push to a remote repository. When pushing you usually see:
To fix this issue, here are some possible solutions.
Increase the POST buffer size in Git
If you’re using Git over HTTP instead of SSH, you can try increasing the POST buffer size in Git configuration.
Example of an error during a clone: fatal: pack has bad object at offset XXXXXXXXX: inflate returned -5
Open a terminal and enter:
The value is specified in bytes, so in the above case the buffer size has been set to 50 MB. The default is 1 MB.
RPC failed; curl 92 HTTP/2 stream 0 was not closed cleanly: INTERNAL_ERROR (err 2)
This problem may be caused by a slow internet connection. If you use Git over HTTP instead of SSH, try one of these fixes:
- Increase the POST buffer size in the Git configuration with git config http.postBuffer 52428800 .
- Switch to the HTTP/1.1 protocol with git config http.version HTTP/1.1 .
If neither approach fixes the error, you may need a different internet service provider.
Check your SSH configuration
If pushing over SSH, first check your SSH configuration as ‘Broken pipe’ errors can sometimes be caused by underlying issues with SSH (such as authentication). Make sure that SSH is correctly configured by following the instructions in the SSH troubleshooting documentation.
If you’re a GitLab administrator with server access, you can also prevent session timeouts by configuring SSH keep-alive on the client or the server.
NOTE: Configuring both the client and the server is unnecessary.
To configure SSH on the client side:
/.ssh/config (create the file if it doesn’t exist) and add or edit:
On Windows, if you are using PuTTY, go to your session properties, then go to «Connection» and under «Sending of null packets to keep session active», set Seconds between keepalives (0 to turn off) to 60 .
To configure SSH on the server side, edit /etc/ssh/sshd_config and add:
Running a git repack
If ‘pack-objects’ type errors are also being displayed, you can try to run a git repack before attempting to push to the remote repository again:
Upgrade your Git client
In case you’re running an older version of Git (< 2.9), consider upgrading to >= 2.9 (see Broken pipe when pushing to Git repository).
Users may experience the following error when attempting to push or pull using Git over SSH:
This error usually indicates that SSH daemon’s MaxStartups value is throttling SSH connections. This setting specifies the maximum number of concurrent, unauthenticated connections to the SSH daemon. This affects users with proper authentication credentials (SSH keys) because every connection is ‘unauthenticated’ in the beginning. The default value is 10 .
Increase MaxStartups on the GitLab server by adding or modifying the value in /etc/ssh/sshd_config :
100:30:200 means up to 100 SSH sessions are allowed without restriction, after which 30% of connections are dropped until reaching an absolute maximum of 200.
After you modify the value of MaxStartups , check for any errors in the configuration.
If the configuration check runs without errors, it should be safe to restart the SSH daemon for the change to take effect.
Timeout during git push / git pull
If pulling/pushing from/to your repository ends up taking more than 50 seconds, a timeout is issued. It contains a log of the number of operations performed and their respective timings, like the example below:
This could be used to further investigate what operation is performing poorly and provide GitLab with more information on how to improve the service.
git clone over HTTP fails with transfer closed with outstanding read data remaining error
Sometimes, when cloning old or large repositories, the following error is thrown:
This problem is common in Git itself, due to its inability to handle large files or large quantities of files. Git LFS was created to work around this problem; however, even it has limitations. It’s usually due to one of these reasons:
- The number of files in the repository.
- The number of revisions in the history.
- The existence of large files in the repository.
The root causes vary, so multiple potential solutions exist, and you may need to apply more than one:
If this error occurs when cloning a large repository, you can decrease the cloning depth to a value of 1 . For example:
You can increase the http.postBuffer value in your local Git configuration from the default 1 MB value to a value greater than the repository size. For example, if git clone fails when cloning a 500 MB repository, you should set http.postBuffer to 524288000 :
You can increase the http.postBuffer on the server side:
Modify the GitLab instance’s gitlab.rb file:
After applying this change, apply the configuration change:
For example, if a repository has a very long history and no large files, changing the depth should fix the problem. However, if a repository has very large files, even a depth of 1 may be too large, thus requiring the postBuffer change. If you increase your local postBuffer but the NGINX value on the backend is still too small, the error persists.
Modifying the server is not always an option, and introduces more potential risk. Attempt local changes first.
Password expired error on Git fetch via SSH for LDAP user
If git fetch returns this HTTP 403 Forbidden error on a self-managed instance of GitLab, the password expiration date ( users.password_expires_at ) for this user in the GitLab database is a date in the past:
Requests made with a SSO account and where password_expires_at is not null return this error:
To resolve this issue, you can update the password expiration by either:
Using the gitlab-rails console :
The bug was reported in this issue.
Error on Git fetch: «HTTP Basic: Access Denied»
If you receive an HTTP Basic: Access denied error when using Git over HTTP(S), refer to the two-factor authentication troubleshooting guide.
401 errors logged during successful git clone
When cloning a repository via HTTP, the production_json.log file may show an initial status of 401 (unauthorized), quickly followed by a 200 .
You should expect this initial 401 log entry for each Git operation performed over HTTP, due to how HTTP Basic authentication works.
When the Git client initiates a clone, the initial request sent to GitLab does not provide any authentication details. GitLab returns a 401 Unauthorized result for that request. A few milliseconds later, the Git client sends a follow-up request containing authentication details. This second request should succeed, and result in a 200 OK log entry.
If a 401 log entry lacks a corresponding 200 log entry, the Git client is likely using either:
- An incorrect password.
- An expired or revoked token.an incorrect
If not rectified, you could encounter 403 (Forbidden) errors instead.
403 error when performing Git operations over HTTP
When performing Git operations over HTTP, a 403 (Forbidden) error indicates that your IP address has been blocked by the failed-authentication ban:
How to fix ” Permission denied (publickey) ” issue in Gitlab
When you try to clone private repositories for the first time from an account, you may get following error.
This article helps you on fixing this issue. The root cause here is that the remote repository don’t trust you. In order to gain access to the repo, you have to create an SSH key and register that key in your git repository.
Steps to add SSH key in Gitlab
-
- Run CMD/Powershell/Terminal with administrative (sudo) privilege. (In windows run cmd as administrator. In linux execute ‘sudo su’ to get root privilege).
- Type ssh-keygen.
You will see the following. Here you will be asked for the location where the SSH key will be saved. Press enter to accept default or enter your custom location.
And that’s all. Now you will be able to access the repo without any issues.