Public key for bitbucket cloning works but not in Trellis

When I do git clone from the bash, the clone is done successfully after ssh-adding that key, but when I try to ./deploy.sh to my staging site it chokes with this (I should also mention that I made a switch from Github to Bitbucket earlier today for my Bedrock repo):

failed: [46.101.238.23] => {“cmd”: “/usr/bin/git ls-remote origin -h refs/heads/master”, “failed”: true, “rc”: 128}
stderr: Permission denied (publickey).
fatal: Could not read from remote repository.

Please make sure you have the correct access rights
and the repository exists.

msg: Permission denied (publickey).
fatal: Could not read from remote repository.

Please make sure you have the correct access rights
and the repository exists.

This is the error. It’s been discussed quite a few times in other threads here on Discourse. Generally it’s that the public key on the Trellis provisioned server does not match one that has been added to your GitHub/Bitbucket repository.

But when I try to add the keys in group_vars/all i get this “msg: invalid key specified” when i run ansible-playbook -i hosts/staging server.yml

This is my users section in all:

users:
  - name: "{{ web_user }}"
    groups:
      - "{{ web_group }}"
    keys:
      - "{{ lookup('file', '~/.ssh/dokey.pub') }}"
      - "{{ lookup('file', '~/.ssh/crnakava-bitbucket.public') }}"
      # - https://github.com/username.keys
  - name: "{{ admin_user }}"
    groups:
      - sudo
    keys:
      - "{{ lookup('file', '~/.ssh/dokey.pub') }}"
      - "{{ lookup('file', '~/.ssh/crnakava-bitbucket.public') }}"
      # - https://github.com/username.keys
  1. What version of Ansible?
  2. Those files exist locally on your computer right?
  3. What are the contents of the files? (they are public so it’s ok to paste them in here).

I cloned the Trellis repo yesterday and started from scratch, so I guess it’s the latest Ansible inside Vagrant box.
The keys are in Vagrant box ~/.ssh folder which also acts as an Ansible control box (the VM’s host is Windows PC).
This is the error dump, it contains the key files contents:

failed: [46.101.240.80] => (item=({‘name’: u’web’, ‘groups’: [u’www-data’]}, u’AAAAB3NzaC1yc2EAAAABJQAAAQEA1T1eLdAVdw0/muKRpxWWBreWNYMbVi5P1CVO\na0Nx578dtJijoSBtZuAATlws1+ZurM/r9CD+p6AXDIbV6gqgisflhBM1eXMj53ta\n9u9ghPMkMtCZj47+WeA0yN58OvvjJtmGg1my0luzrfIdSPd6A809Q57J7BtyHxaU\nkBcWa1KWYVRRCzshy6RZ+6DlV+bPefmttmbyYJMIABU672IpuVtLGzeeFr2lF63J\n9rGPWvQe7r+O3rxFSA2zM5xwpPkH5LwEcBjlioH84pWjYpqmtByL+iCHa3Qjj3A0\no2GKdwHAFNR4lxF0u3fwUB8M9p7c6TIpRf9CNmhcKtj/fcCG0w==’)) => {“failed”: true, “item”: [{“groups”: [“www-data”], “name”: “web”}, “AAAAB3NzaC1yc2EAAAABJQAAAQEA1T1eLdAVdw0/muKRpxWWBreWNYMbVi5P1CVO\na0Nx578dtJijoSBtZuAATlws1+ZurM/r9CD+p6AXDIbV6gqgisflhBM1eXMj53ta\n9u9ghPMkMtCZj47+WeA0yN58OvvjJtmGg1my0luzrfIdSPd6A809Q57J7BtyHxaU\nkBcWa1KWYVRRCzshy6RZ+6DlV+bPefmttmbyYJMIABU672IpuVtLGzeeFr2lF63J\n9rGPWvQe7r+O3rxFSA2zM5xwpPkH5LwEcBjlioH84pWjYpqmtByL+iCHa3Qjj3A0\no2GKdwHAFNR4lxF0u3fwUB8M9p7c6TIpRf9CNmhcKtj/fcCG0w==”]}
msg: invalid key specified: AAAAB3NzaC1yc2EAAAABJQAAAQEA1T1eLdAVdw0/muKRpxWWBreWNYMbVi5P1CVO
failed: [46.101.240.80] => (item=({‘name’: u’admin’, ‘groups’: [‘sudo’]}, u’AAAAB3NzaC1yc2EAAAABJQAAAQEA1T1eLdAVdw0/muKRpxWWBreWNYMbVi5P1CVO\na0Nx578dtJijoSBtZuAATlws1+ZurM/r9CD+p6AXDIbV6gqgisflhBM1eXMj53ta\n9u9ghPMkMtCZj47+WeA0yN58OvvjJtmGg1my0luzrfIdSPd6A809Q57J7BtyHxaU\nkBcWa1KWYVRRCzshy6RZ+6DlV+bPefmttmbyYJMIABU672IpuVtLGzeeFr2lF63J\n9rGPWvQe7r+O3rxFSA2zM5xwpPkH5LwEcBjlioH84pWjYpqmtByL+iCHa3Qjj3A0\no2GKdwHAFNR4lxF0u3fwUB8M9p7c6TIpRf9CNmhcKtj/fcCG0w==’)) => {“failed”: true, “item”: [{“groups”: [“sudo”], “name”: “admin”}, “AAAAB3NzaC1yc2EAAAABJQAAAQEA1T1eLdAVdw0/muKRpxWWBreWNYMbVi5P1CVO\na0Nx578dtJijoSBtZuAATlws1+ZurM/r9CD+p6AXDIbV6gqgisflhBM1eXMj53ta\n9u9ghPMkMtCZj47+WeA0yN58OvvjJtmGg1my0luzrfIdSPd6A809Q57J7BtyHxaU\nkBcWa1KWYVRRCzshy6RZ+6DlV+bPefmttmbyYJMIABU672IpuVtLGzeeFr2lF63J\n9rGPWvQe7r+O3rxFSA2zM5xwpPkH5LwEcBjlioH84pWjYpqmtByL+iCHa3Qjj3A0\no2GKdwHAFNR4lxF0u3fwUB8M9p7c6TIpRf9CNmhcKtj/fcCG0w==”]}
msg: invalid key specified: AAAAB3NzaC1yc2EAAAABJQAAAQEA1T1eLdAVdw0/muKRpxWWBreWNYMbVi5P1CVO

Also, I’ll repeat that my ssh connection to the staging box is working fine as is my connection to Bitbucket

It seems that pub key generated by puttygen creates newlines in Windows format, also pub keys require a prologue of "ssh-rsa " before the actual key, so this is the right format that goes by ansible:

ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEA1T1eLdAVdw0/muKRpxWWBreWNYMbVi5P1CVOa0Nx578dtJijoSBtZuAATlws1+ZurM/r9CD+p6AXDIbV6gqgisflhBM1eXMj53ta9u9ghPMkMtCZj47+WeA0yN58OvvjJtmGg1my0luzrfIdSPd6A809Q57J7BtyHxaUkBcWa1KWYVRRCzshy6RZ+6DlV+bPefmttmbyYJMIABU672IpuVtLGzeeFr2lF63J9rGPWvQe7r+O3rxFSA2zM5xwpPkH5LwEcBjlioH84pWjYpqmtByL+iCHa3Qjj3A0o2GKdwHAFNR4lxF0u3fwUB8M9p7c6TIpRf9CNmhcKtj/fcCG0w==

1 Like

Good debugging! I was about to suggest it might be something Windows specific.