"stderr: Permission denied (publickey)" GitHub Deploy

While it would seem obvious that their is simply an issue with the public key, what is quite odd is that 6 days ago I was able to succesfully create the server using trellis and used “./deploy.sh production example.com” to push to the server. I then went to a conference and came back and after adding an additional image to a wordpress page, tried doing deploy again but now getting the following error:

PLAY [Deploy WP site] ********************************************************* 

GATHERING FACTS *************************************************************** 
ok: [DO IP]

TASK: [deploy | Initialize] *************************************************** 
ok: [DO IP]

TASK: [deploy | Check whether project source path is a git repo] ************** 
ok: [DO IP]

TASK: [deploy | Get current git remote URL] *********************************** 
ok: [DO IP]

TASK: [deploy | Update git remote URL] **************************************** 
skipping: [DO IP]

TASK: [deploy | Clone project files] ****************************************** 
failed: [DO IP] => {"cmd": "/usr/bin/git ls-remote origin -h refs/heads/master", "failed": true, "rc": 128}
stderr: Permission denied (publickey).
fatal: Could not read from remote repository.

Please make sure you have the correct access rights
and the repository exists.

msg: Permission denied (publickey).
fatal: Could not read from remote repository.

Please make sure you have the correct access rights
and the repository exists.

I found other discourse posts such as, Fatal: [192.168.50.5] => SSH Error: Permission denied (publickey) and SSH Error: Permission denied (publickey,password) - DigitalOcean however those are ssh connection errors to the server. As the above shows I can ssh into the server fine, it’s when the droplet tries to get the latest files from github that it fails apparently. My local machine still has my pub and private ssh file and the server still has my pub ssh file in admin/.ssh folder and my github still has the same pub ssh file as well. Since none of that has changed since last week, I’m at a lost on why it has stopped working but assume I must have inadvertently changed something.

Is there anything I should check out first as I continue to investigate this issue? Thanks!

1 Like

Seems likely that your SSH forward agent stopped working. This can happen occasionally and also on reboots.

More info on troubleshooting it here: Redirecting...

On Mac OS X, ssh-agent will “forget” this key, once it gets restarted during reboots. But you can import your SSH keys into Keychain using this command

Follow their steps from this section: https://developer.github.com/guides/using-ssh-agent-forwarding/#your-local-ssh-agent-must-be-running

3 Likes

To add, this article seemed the closest next step to testing everything: https://developer.github.com/guides/using-ssh-agent-forwarding/. Running ssh -T git@github.com locally is successful. The doc recommends I add:

Host example.com
  ForwardAgent yes

To my local machine’s ssh config, which I can do, however as noted I was able to deploy the site previously once without doing that, so not sure why it would be needed now.

When logging into server and running ssh -T git@github.com it asked to verify I said yes, and then said:
The authenticity of host ‘github.com (IPADDRESS)’ can’t be established.
RSA key fingerprint is 00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00.
Are you sure you want to continue connecting (yes/no)? yes
Warning: Permanently added ‘github.com,IPADDRESS’ (RSA) to the list of known hosts.
Permission denied (publickey).

Running echo "$SSH_AUTH_SOCK"outputs/tmp/ssh-AAAAAAAAAA/agent.##### (letters concealed of course)

Thanks, was just writing an additional follow up about where I think the issue lies, which seems to be the same page you have just suggested as well. While I did import the ssh keys into Keychain I believe, I’ll try that again as it would seem the most likely culprit since the computer may have restarted since the last succesful deploy. I’ll keep looking through that webpage as well and see what I come up with. I’ll let you know if I can’t figure it out. Thank you!

Update - I scrolled to the bottom of the page and tried ssh-add -L and it does say no identities exist which would explain why it’s not working as you suggest.

So I simply need to do, /usr/bin/ssh-add -K .ssh/id_rsa

Now running ssh-add -L works. I’ll try restarting and making sure it still works and then try deploying and see if all is good. Sounds like I must have previously not imported into the keychain as I thought I had. Thank you boss!

UPDATE - WORKED!

4 Likes

ssh-add -K ~/.ssh/id_rsa worked for me

1 Like