My problem is that I can't push or fetch from GitLab. However, I can clone (via HTTP or via SSH). I get this error when I try to push :

Permission denied (publickey) fatal : Could not read from remote repository

From all the threads I've looked, here is what I have done :

  • Set up an SSH key on my computer and added the public key to GitLab
  • Done the config --global for username and email
  • Cloned via SSH and via HTTP to check if it would resolve the issue
  • Done the ssh -T git@gitlab.com command

If you have any insight about how to resolve my issue, it would be greatly appreciated.

Ответы (39)

I found this after searching a lot. It will work perfectly fine for me.

  1. Go to "Git Bash" just like cmd. Right click and "Run as Administrator".
  2. Type ssh-keygen
  3. Press enter.
  4. It will ask you to save the key to the specific directory.
  5. Press enter. It will prompt you to type password or enter without password.
  6. The public key will be created to the specific directory.
  7. Now go to the directory and open .ssh folder.
  8. You'll see a file id_rsa.pub. Open it on notepad. Copy all text from it.
  9. Go to https://gitlab.com/-/profile/keys or
  10. Paste here in the "key" textfield.
  11. Now click on the "Title" below. It will automatically get filled.
  12. Then click "Add key".

Now give it a shot and it will work for sure.

I have gitlab running with docker, this is what I did to fix my problem.

Found that inside docker /var/log/gitlab/sshd/current there were multiple occurences of a message:

Authentication refused: bad ownership or modes for file /var/opt/gitlab/.ssh/authorized_keys

After which I changed ownership of that file from 99:users to git:users with:

chown git:users authorized_keys

Go to the terminal and regenerate the ssh key again. Type ssh-keygen. It will ask you where you want to save it, type the path.

Then copy the public key to gitlabs platform. It usually starts with ssh-rsa.

I solved like this..

Generated a key for Windows using this command:

ssh-keygen -t rsa -C "your.email@example.com" -b 4096

but the problem was that after running this command, it popped a line: "Enter file in which to save the key (/c/Users/xxx/.ssh/id_rsa): " Here, I was giving only file name because of which my key was getting saved in my pwd and not in the given location. When I did "git clone ", it was assuming the key to be at "/c/Users/xxx/.ssh/id_rsa" location but it was not found, hence it was throwing error.

At the time of key generation 2 files were generated say "file1" & "file1.pub". I renamed both these files as

file1 -> id_rsa 

and

file1.pub -> id_rsa.pub

and placed both in the location "/c/Users/xxx/.ssh/"

if you are in Linux or macox , just try this in terminal:

ssh-add -l

if it return nothing, try this:

ssh-add

it must create identity in ~/.ssh/id_rsa

after retry :

ssh-add -l

it must return your identity, so after retry to clone, it's must work

NB: don't forget to add your ssh key in your profile gitlab

thanks

Two things mainly

  1. You must have id_rsa.pub and id_rsa (private) keys in your .ssh folder ( which should be in your home folder.Create it if it isn't there put your keys ). It wouldn't work If you have named your key files differently

  2. Change the permission of the id_rsa as chmod 400 ~/.ssh/id_rsa

Another issue that can cause this behaviour is when you have a setup with 2 possible %HOME%-locations.

I'm using a PC where some of my documents are stored locally, and some of them are stored on a network drive. Some applications think C:\Users\\ is my %home%, others think that U:\ is the home.

Turns out ssh-keygen put my private key under C:\users\\, and that ssh -T and ssh -v also look there.

So everything seems to work fine, except that git clone, git push and others look for a key in U:\. Which fails, so I get the aforementioned error.

It took me an hour to find out, but in the end the solution was simple: I copied everything from C:\Users\\.ssh to U:\.ssh

Change permission :: chmod 400 ~/.ssh/id_rsa It helped for me.

I solved git@gitlab.com: Permission denied (publickey) issue using following instructions

  1. RUN cat ~/.ssh/id_rsa.pub
  2. Copy id_rsa.pub (public key) to your getlab `Setting -> SSH Keys
  3. RUN cat ~/.ssh/id_rsa
  4. Copy id_rsa (private key) to `Code_repo->git_auth->id_rsa

NOTE: Take care of the machine user if you are using root user in your DockerFile or anywhere else then use sudo su before running the above commands to get root user public and private keys.

There is a very simple solution to this: instead of working with ssh - move to https. to do this: in your project folder you have a .git folder in there - you have a config file - open it in a text editor and change the line

url =git@gitlab.com:yourname/yourproject.git

to

url = https://gitlab.com/yourname/yourproject.git

My issue was that I used a non-root user with sudo access. But even sudo git clone ... didn't work. The solution was to create the folder for the project, chown user projectfolder and then run the clone without sudo.

this way working for me.

  1. add ssh / rsa keys to gitlab
  2. ssh-add (type your terminal)
  3. for verified type - ssh -vT git@gitlab.com

Nothing worked for me on Windows 10 using Pageant as SSH agent, except adding a enviroment variable to windows (translated from german Windows 10, so the naming may differ):

  1. Search for "variables"
  2. Open System Enviroment Variables
  3. Click Enviroment Variables button at the bottom
  4. Add a new key named "GIT_SSH" and the value "C:\Program Files\PuTTY\plink.exe", to the top section "User Variables xxx"
  5. And you're done.

All thanks go to Benjamin Bortels, source: https://bortels.io/blog/git-in-vs-code-unter-windows-richtig-einstellen

I know, I'm answering this very late and even StackOverflow confirmed if I really want to answer. I'm answering because no one actually described the actual problem so wanted to share the same.

The Basics

First, understand that what is the remote here. Remote is GitLab and your system is the local so when we talk about the remote origin, whatever URL is set in your git remote -v output is your remote URL.

The Protocols

Basically, Git clone/push/pull works on two different protocols majorly (there are others as well)-

  1. HTTP protocol
  2. SSH protocol

When you clone a repo (or change the remote URL) and use the HTTPs URL like https://gitlab.com/wizpanda/backend-app.git then it uses the first protocol i.e. HTTP protocol.

While if you clone the repo (or change the remote URL) and uses the URL like git@gitlab.com:wizpanda/backend-app.git then it uses the SSH protocol.

HTTP Protocol

In this protocol, every remote operation i.e. clone, push & pull uses the simple authentication i.e. username & password of your remote (GitLab in this case) that means for every operation, you have to type-in your username & password which might be cumbersome.

So when you push/pull/clone, GitLab/GitHub authenticate you with your username & password and it allows you to do the operation.

If you want to try this, you can switch to HTTP URL by running the command git remote set-url origin .

To avoid that case, you can use the SSH protocol.

SSH Protocol

A simple SSH connection works on public-private key pairs. So in your case, GitLab can't authenticate you because you are using SSH URL to communicate. Now, GitLab must know you in some way. For that, you have to create a public-private key-pair and give the public key to GitLab.

Now when you push/pull/clone with GitLab, GIT (SSH internally) will by default offer your private key to GitLab and confirms your identity and then GitLab will allow you to perform the operation.

So I won't repeat the steps which are already given by Muhammad, I'll repeat them theoretically.

  1. Generate a key pair `ssh-keygen -t rsa -b 2048 -C "My Common SSH Key"
  2. The generated key pair will be by default in ~/.ssh named id_rsa.pub (public key) & id_rsa (private key).
  3. You will store the public key to your GitLab account (the same key can be used in multiple or any server/accounts).
  4. When you clone/push/pull, GIT offers your private key.
  5. GitLab matches the private key with your public key and allows you to perform.

Tips

You should always create a strong rsa key with at least 2048 bytes. So the command can be ssh-keygen -t rsa -b 2048.

https://gitlab.com/help/ssh/README#generating-a-new-ssh-key-pair

General thought

Both the approach have their pros & cons. After I typed the above text, I went to search more about this because I never read something about this.

I found this official doc https://git-scm.com/book/en/v2/Git-on-the-Server-The-Protocols which tells more about this. My point here is that, by reading the error and giving a thought on the error, you can make your own theory or understanding and then can match with some Google results to fix the issue :)

I use ubuntu 18.04, and it was actually permission issue in my local machine. The issue was gone when I set read/write permission to my .git folder.

I added my ~/.ssh/id_rsa.pub to the list of known SSH Keys in my GitLab settings https://gitlab.com/profile/keys. That solved the problem for me. :-)

Please use git config credential.helper store if your site is using TLS/SSL. Hope this works

I had the same problems, It has been fixed after I re-generate the ssh key inside .ssh folder without naming it (keep it as id_rsa.pub). Then add it again to gitlab ssh key. Everything working fine now.

make sure you are not running sudo git clone git@gitlab.com:project/somethiing.git, otherwise ssh will look in /root/.ssh instead of the key you uploaded ~/.ssh/id_rsa

The problem for me was, that I switched UsePAM from yes to no in the SSH configuration file under /etc/ssh/sshd_config. With UsePAM yes everything works perfectly.

I had the same issue, I resolved it by adding a new ssh key:

  1. ssh-keygen -t ed25519 -C "email@example.com"
  2. Copy your public SSH key to the clipboard (xclip -sel clip < ~/.ssh/id_ed25519.pub in my case on Linux )
  3. On gitlab, go to settings=>ssh keys and past the new key
  1. Go to project directory in terminal using cd path/to/project
  2. Run ssh-keygen
  3. Press enter for passphrase
  4. Run cat ~/.ssh/id_rsa.pub in terminal
  5. Copy the key that you get at the terminal
  6. Go to Gitlab/Settings/SSH-KEYS
  7. Paste the key and press Add Key button

This worked for me like a charm!

There seem to be differences between the two ways to access a git repository i.e. using either SSH or HTTPS. For me, I encountered the error because I was trying to push my local repository using SSH.

The problem can simply be solved by clicking the clone button on the landing page of your project and the copying the HTTPS link and replacing it to the SSH link appearing with the format "git@gitlab...".

In my case, it wasn't a gitlab problem, but a sshd configuration one. The ssh server didn't allow connection except for a list of users. The user git, the one connecting remotely to gitlab, wasn't in that list. So, check this before anything else.

You can check your ssh server configuration in /etc/ssh/sshd_config. If you have a line with the option AllowUsers, add git to it:

AllowUsers user1 user2 user3 git

Well I had this same problem and after trying the answer @Khan proposed. However, I was only able to make it work by just changing the origin url in the .git/config file to the https address : https://gitlab.com/mygitlabusername/mygitproject.git

Since access via ssh is denied, I figured out using https shouldn't be a problem. It will however ask for your username and password for each push to the at repository

Try to use git clone XXX if you'd see LibreSSL SSL_connect: SSL_ERROR_SYSCALL in connection to XXX it might be the case that just updated your OS, installed some dev tools, e.g. Xcode with its tools on Mac, VPN, Antivirus (especially Kaspersky Antivirus) or something between/other.

In my case simply restarting my OS (macOS Catalina) fixed this issue.

I found the solution in gitlab help.

To create a new SSH key pair: 
 1. Open a terminal on Linux or macOS, or Git Bash / WSL on Windows.
 2. Generate a new ED25519 SSH key pair: ssh-keygen -t ed25519 -C "email@example.com"
 2.1 Or, if you want to use RSA: ssh-keygen -o -t rsa -b 4096 -C "email@example.com"
 3. Next, you will be prompted to input a file path to save your SSH key pair to... use the suggested path by pressing Enter
 4. Once the path is decided, you will be prompted to input a password to secure your new SSH key pair. It's a best practice to use a password, but it's not required and you can skip creating it by pressing Enter twice.
 5. Copy your public SSH key to the clipboard by using one of the commands below depending on your Operating System:
        macOS:        pbcopy < ~/.ssh/id_ed25519.pub
        WSL / GNU/Linux (requires the xclip package):      xclip -sel clip < ~/.ssh/id_ed25519.pub
        Git Bash on Windows:      cat ~/.ssh/id_ed25519.pub | clip
 6. Navigating to SSH Keys and pasting your public key in the Key field
 7. Click the Add key button

I hope it can help some of you!

For anyone using Windows 10 and nothing else working for him/her:

In my case, I had to clone the repo with https instead of ssh and a window popped-up asking for my credentials. After that everything works fine.

I think the simple solution is to add private key to authentication agent (if your key is not ~/.ssh/id_rsa),

ssh-add ~/.ssh/

You basically let the ssh-agent take care of it.

Additionally, you can add it permanently.

Step 1: Added a config file in ~/.ssh/config file which looks like

   User git
   Hostname gitlab.com
   IdentityFile ~/.ssh/id_rsa_gitlab
   TCPKeepAlive yes
   IdentitiesOnly yes

Step 2: Just clone the git repo WITHOUT sudo.
Documentation: https://gitlab.com/help/ssh/README#working-with-non-default-ssh-key-pair-paths

** sometimes you have the config in your ~/.ssh/config, but, IdentityFile path is not correct. you can check the file name like this ls ~/.ssh/. the file is normally is id_ed25519 for gitlab. thus the correct config is IdentityFile ~/.ssh/id_ed25519

I was facing this issue because of ssh-agent conflicts on Windows-10. If you are using Windows-10 as well then please go through my detailed solution to this here

If you are not on windows-10 then please check if:

  1. your ssh-agent is running
  2. correct private key is added to your ssh-agent
  3. correct public key is added to your github account (You are able to clone, so this step should be fine)

Steps to be done, got same error but i fixed it. Gitlab wants ssh-rsa so below is the code to run ssh for rsa

  1. ssh-keygen -o -t rsa -b 4096 -C "name@gmail.com"

name@gmail.com is your gitlab account email

  1. It will prompt you to enter so just hit Enter after the below code is prompt,

    Enter file in which to save the key (/home/yourDesktopName/.ssh/id_rsa):

  2. It will prompt again you to enter so just hit Enter after the below code is prompt,

    Enter passphrase (empty for no passphrase):

  3. It will prompt again for the last you to enter so just hit Enter after the below code is prompt,

    Enter same passphrase again:

  4. You will show your ssh-rsa generate.

  5. Login to your Gitlab account and Go to the right navbar you will get setting and in the left sidebar you will get ssh key. Enter in it.

  6. Look above the prompt asking you to enter, you will get the path of ssh-rsa.

  7. Go to your SSH folder and get the id_rsa.pub

  8. Open it and get the key and Copy Paste to the Gitlab and you are nearly to done.

  9. Check by: ssh -T git@gitlab.com

  10. You will get: Welcome to GitLab, @joy4!

  11. Done.

How to add SSH key to gitlab account in ubuntu?

  1. Open terminal in your project directory.
  2. Type ‘ssh-keygen -o -t rsa -b 4096 -C "your gitlab email" ’ and hit enter
  3. Type ‘vim /home/mnbtech/.ssh/id_rsa.pub’ and hit enter (or manually open your 'id_rsa.pub'from where you saved it)
  4. SSH key will appear. Copy those and

  5. Go to your gitlab account.

  6. Click profile image And click setting
  7. In left side select SSH-Keys
  8. Then paste those key Click add key

SSH-Key will be added!

(N.B if you have Generate Previews SSH Key and Getting permission denied (public key). You Delete Your Previews ssh key and Generate new one and add git user.name and email on your terminal )

When you have multiple git account and you want different ssh key

You have to follow same step for generating the ssh key, but be sure you

ssh-keygen -t ed25519 -C "your-email-id@gmail.com" 

Enter the path you want to save(Ex: my-pc/Desktop/.ssh/ed25519)

Add the public key to your gitlab (How to adding ssh key to gitlab)

You have to new ssh identity using the below comand

ssh-add ~/my-pc/Desktop/.ssh/ed25519

In my case,I use Ubuntu there are two users, one is admin user and other is me,I created "id_rsa" and "id_rsa.pub" file while logged in as me(normal user), these files get created in your ".ssh" folder inside your home folder, it might not be found cause it is hidden, so make it visible, to check if the files are in it.

So the files got created in "home/.ssh" in my user profile, but while pushing the code into gitlab I logged in as admin in the terminal, using command: su - adminName (it prompts to enter password after this)

so ssh private key is not found in "adminhome/.ssh" folder . So to solve this you can:

  1. create "id_rsa" and "id_rsa.pub" in the admin profile (or)
  2. Push the code into gitlab using your profile instead of Admin profile.

After creating your SSH keys, you simply need to add the Public key which is usually named as:

id_rsa.pub

OR

id_ed25519.pub

by using the latest working URL of GitLab which is:

https://gitlab.com/-/profile/keys/

In my case it did not work in the WSL (Windows Subsystem for Linux).

When I start the WSL, I must

  • start ssh-agent_ eval $(ssh-agent -s)
  • add the key to the ssh-agent: ssh-add ~/.ssh/id_rsa
  • if prompted, enter the password

Now the connection works.
We can test this with ssh -T git@github.com

notes:

Earlier it was very difficult for me but when I tried it became so easy to add ssh key in Mac and Linux. There are a few steps and command to do this as follows:

  1. Open a terminal of your system and move inside your project directory by the command:
cd 'project directory name'
  1. Run command ssh-keygen in that terminal and enter it until the key's randomart image appears there.

  2. Then enter one more command in that terminal:

cat ~/.ssh/id_rsa.pub

It will generate your ssh key. Key will start with ssh-rsa and end with .local.

  1. Copy the key and go to your Gitlab profile section then ssh key section and paste it there. Click on the Add button this will work.

In our case, it wasn't a problem on the user/client side, but on the Gitlab server side.

We are running a local Gitlab CE 12.9 instance on CentOS 7.1.

We found out that on the server, the .ssh/authorized_keys file was not updating properly. Users create their SSH keys (following the Gitlab guide) and add it to the Gitlab server, but the server does not update the authorized_keys, so it will always result to permission denied errors.

A workaround was to rebuild the authorized_keys file by running:

$ sudo gitlab-rake gitlab:shell:setup

That would work for anyone who added their keys before running the rake task. For the next users who would add their keys, someone has to manually run the rake tasks again.

A more permanent solution was to not use the authorized_keys file and use instead an indexed lookup on the Gitlab database:

GitLab Shell provides a way to authorize SSH users via a fast, indexed lookup to the GitLab database. GitLab Shell uses the fingerprint of the SSH key to check whether the user is authorized to access GitLab.

Add the following to your sshd_config file. This is usually located at /etc/ssh/sshd_config, but it will be /assets/sshd_config if you're using Omnibus Docker:

Match User git    # Apply the AuthorizedKeysCommands to the git user only   
  AuthorizedKeysCommand /opt/gitlab/embedded/service/gitlab-shell/bin/gitlab-shell-authorized-keys-check git %u %k   
  AuthorizedKeysCommandUser git 
Match all    # End match, settings apply to all users again 

Reload OpenSSH:

# Debian or Ubuntu installations   
sudo service ssh reload

# CentOS installations   
sudo service sshd reload 

Confirm that SSH is working by removing your user's SSH key in the UI, adding a new one, and attempting to pull a repo.

By default (well the default on our installation), the Write to authorized_keys file was checked in the Admin Area > Performance Optimization settings. So we unchecked that and used the Gitlab database instead.

enter image description here

After setting up indexed lookup and unchecking the Write to authorized_keys file, SSH access became OK.

2022 WebDevInsider