Issue
I develop locally then push to my AWS server
I did this successfully for many years, but am now coming back to it after a break.
I have defined a specific, isolated 'git' user on my server to ensure that anyone needing to push code updates can do that without having access to anything else
I have created a barebones repository for this git user (/home/git/repo.git)
I have used PuTTYgen to create a private key for the git user
I have copied the resulting public key text into the /home/git/.ssh/authorized_keys file
I have set up a new git remote for this repository (ssh://[email protected]:22/home/git/repo.git)
Prior to attempting a push I run Pageant and make sure that the relevant private key for the git user is loaded, then go ahead and try to push
I get the error:
[email protected]: Permission denied (publickey).
fatal: Could not read from remote repository.
I can log in to the server fine using PuTTy via SSH with this user, which suggests that authorized_keys is correctly populated
However I do get the same "Permission denied (publickey)" error (without the fatal addition) if I try to do a direct SSH login to the server from the command line (i.e. ssh [email protected])
After a pretty intensive search of existing questions/answers I have tried all of the following:
- edited sshd_config: (PubkeyAuthentication yes, and UsePAM yes)
- triple checked all file directory permissions, even at full 777 for /home, /home/git, /home/git/.ssh, /home/git/.ssh/authorized_keys AND /home/git/repo.git
- attempted ssh-add
In trying ssh-add, I have encountered the following errors:
- ssh-add -l (The agent has no identities)
- ssh-add /home/git/.ssh/authorized_keys (Error loading key: error in libcrypto)
However, my best understanding from research to date is that ssh-add is for adding private keys, not public keys (which would explain why it can't load a public key). If so, that would not fix this problem as my private keys are obviously held on my local machine, not the remote one.
What am I missing? Thanks v much in advance!
Solution
So it turns out that I was getting confused by 4(!) different ssh environments
Like most things this is obvious if you know, but may not be if you don't so hopefully this could help someone else ...
Remote server: ssh-add is not relevant on the target server as you don't want to upload your private keys there
PuTTy: PuTTy uses Pageant to load in private key files. These are not accessible to git, hence I could login using ssh key via PuTTy but still got publickey permission error for git and for Command ssh connection attempts
Windows: Having realised I needed to run ssh-add locally, I found out how to do this via Windows Powershell, and was then able to login from Windows Command prompt. However, git bash shell still can't access them!
git Bash: Finally, worked out how to add keys via ssh-add inside the Bash environment, and NOW can connect via git.
There are some gotchas along the way
Powershell:
not as easy as it could be to start ssh-agent to do ssh-add:
See steps from learn.microsoft.com
Bash:
need to use eval to open ssh-agent inside bash, as per this answer
Answered By - user3600150 Answer Checked By - Timothy Miller (WPSolving Admin)
