Trouble authenticating with git for windows

Gabor L March 26, 2023

I was using Bitbucket successfully with SmartGit, but after they changed their licensing requirements I tried to change to git for windows.  I installed git for windows and then checked that OpenSSH was successfully installed by running

 

ssh -V

 

getting

 

OpenSSH_9.2p1, OpenSSL 1.1.1t  7 Feb 2023

 

Then I started the ssh-agent with

 

eval $(ssh-agent)

 

and got

 

Agent pid 629

 

Then I tried adding my existing SSH key to the agent with

 

ssh-add ~/my_key_name

 

but that didn’t work, so I generated a new key with

 

ssh-keygen -t ed25519 -b 4096 -C "{username@emaildomain.com}" -f {ssh-key-name}

 

and then added the public key to my Bitbucket account.  I added the key to the agent with

 

ssh-add ~/my_new_key_name

 

which resulted in

 

Identity added: /c/Users/me/my_new_key_name (myaddress@email.com)

 

I ran

 

ssh -T git@bitbucket.org

 

to confirm that the SSH key was successfully added, getting

 

authenticated via ssh key.

 

You can use git to connect to Bitbucket. Shell access is disabled

 

But when I then run git pull or git fetch I get

 

git@bitbucket.org: Permission denied (publickey).

fatal: Could not read from remote repository.

 

Please make sure you have the correct access rights

and the repository exists.

 

If I run

 

ssh -T git@bitbucket.org

 

again I’m refused, getting

 

git@bitbucket.org: Permission denied (publickey).

 

I’ve run out of ideas, please help.

2 answers

2 accepted

0 votes
Answer accepted
Gabor L March 27, 2023

I ended up solving this by doing the following:

 

I generated a new key named id_rsa, not something custom like I had been doing

 

I added the key with

 

ssh-add ~/{ssh-key-name}

 

but then the key step was adding a config file (~/.ssh/config) since there had been none telling Bitbucket which key to use, i.e.

 

Host bitbucket.org

  AddKeysToAgent yes

  IdentityFile ~/.ssh/{ssh-key-name}

 

Of course these directions are listed plain as day here

 

https://support.atlassian.com/bitbucket-cloud/docs/set-up-personal-ssh-keys-on-windows/

 

but since my previous key had been working and there was no config file I didn’t think that was the problem.  It was.

0 votes
Answer accepted
Erez Maadani
Rising Star
Rising Star
Rising Stars are recognized for providing high-quality answers to other users. Rising Stars receive a certificate of achievement and are on the path to becoming Community Leaders.
March 26, 2023

Hey @Gabor L 

Here is a link that help troubleshooting: https://confluence.atlassian.com/bbkb/permission-denied-publickey-302811860.html

If the link doesn't help, try checking your remote url using: "git remote -v". It should be aligned with one of the formats from this link: https://support.atlassian.com/bitbucket-cloud/docs/change-the-remote-url-to-your-repository/. Do try both formats.

Gabor L March 26, 2023

Hi Erez,

 

Thanks for that.  I realized I was missing an authorized_keys file in my .ssh directory, so when I added the file including a line for my key and ran

 

ssh -T git@bitbucket.org

 

I got

 

authenticated via ssh key.

 

You can use git to connect to Bitbucket. Shell access is disabled

 

and now no matter how many times I run it it stays the same as opposed to before when after I tried git pull, for example, it didn’t work anymore.  But when I run

 

ssh -t -vvv git@bitbucket.org

 

I get the following:

 

OpenSSH_9.2p1, OpenSSL 1.1.1t  7 Feb 2023

debug1: Reading configuration data /etc/ssh/ssh_config

debug1: /etc/ssh/ssh_config line 55: Applying options for bitbucket.org

debug3: expanded UserKnownHostsFile '~/.ssh/known_hosts' -> '/c/Users/tix/.ssh/known_hosts'

debug3: expanded UserKnownHostsFile '~/.ssh/known_hosts2' -> '/c/Users/tix/.ssh/known_hosts2'

debug2: resolving "bitbucket.org" port 22

debug3: resolve_host: lookup bitbucket.org:22

debug3: ssh_connect_direct: entering

debug1: Connecting to bitbucket.org [18.205.93.1] port 22.

debug3: set_sock_tos: set socket 4 IP_TOS 0x48

debug1: Connection established.

debug1: identity file /c/Users/tix/bb_g type 3

debug1: identity file /c/Users/tix/bb_g-cert type -1

debug1: Local version string SSH-2.0-OpenSSH_9.2

debug1: Remote protocol version 2.0, remote software version conker_0fbb776d60 35b70849510a

debug1: compat_banner: no match: conker_0fbb776d60 35b70849510a

debug2: fd 4 setting O_NONBLOCK

debug1: Authenticating to bitbucket.org:22 as 'git'

debug3: record_hostkey: found key type RSA in file /c/Users/tix/.ssh/known_hosts:2

debug3: load_hostkeys_file: loaded 1 keys from bitbucket.org

debug1: load_hostkeys: fopen /c/Users/tix/.ssh/known_hosts2: No such file or directory

debug1: load_hostkeys: fopen /etc/ssh/ssh_known_hosts: No such file or directory

debug1: load_hostkeys: fopen /etc/ssh/ssh_known_hosts2: No such file or directory

debug3: order_hostkeyalgs: prefer hostkeyalgs: rsa-sha2-512-cert-v01@openssh.com,rsa-sha2-256-cert-v01@openssh.com,rsa-sha2-512,rsa-sha2-256

debug3: send packet: type 20

debug1: SSH2_MSG_KEXINIT sent

debug3: receive packet: type 20

debug1: SSH2_MSG_KEXINIT received

debug2: local client KEXINIT proposal

debug2: KEX algorithms: sntrup761x25519-sha512@openssh.com,curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,ext-info-c

debug2: host key algorithms: rsa-sha2-512-cert-v01@openssh.com,rsa-sha2-256-cert-v01@openssh.com,rsa-sha2-512,rsa-sha2-256,ssh-ed25519-cert-v01@openssh.com,ecdsa-sha2-nistp256-cert-v01@openssh.com,ecdsa-sha2-nistp384-cert-v01@openssh.com,ecdsa-sha2-nistp521-cert-v01@openssh.com,sk-ssh-ed25519-cert-v01@openssh.com,sk-ecdsa-sha2-nistp256-cert-v01@openssh.com,ssh-ed25519,ecdsa-sha2-nistp256,ecdsa-sha2-nistp384,ecdsa-sha2-nistp521,sk-ssh-ed25519@openssh.com,sk-ecdsa-sha2-nistp256@openssh.com

debug2: ciphers ctos: chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com

debug2: ciphers stoc: chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com

debug2: MACs ctos: umac-64-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha1-etm@openssh.com,umac-64@openssh.com,umac-128@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1

debug2: MACs stoc: umac-64-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha1-etm@openssh.com,umac-64@openssh.com,umac-128@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1

debug2: compression ctos: none,zlib@openssh.com,zlib

debug2: compression stoc: none,zlib@openssh.com,zlib

debug2: languages ctos:

debug2: languages stoc:

debug2: first_kex_follows 0

debug2: reserved 0

debug2: peer server KEXINIT proposal

debug2: KEX algorithms: curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-s

debug2: host key algorithms: ssh-rsa,rsa-sha2-256,rsa-sha2-512,ssh-dss

debug2: ciphers ctos: aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,chacha20-poly1305@openssh.com

debug2: ciphers stoc: aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,chacha20-poly1305@openssh.com

debug2: MACs ctos: hmac-sha2-256-etm@openssh.com,hmac-sha2-256,hmac-sha1,hmac-sha1-96

debug2: MACs stoc: hmac-sha2-256-etm@openssh.com,hmac-sha2-256,hmac-sha1,hmac-sha1-96

debug2: compression ctos: none

debug2: compression stoc: none

debug2: languages ctos:

debug2: languages stoc:

debug2: first_kex_follows 0

debug2: reserved 0

debug1: kex: algorithm: curve25519-sha256@libssh.org

debug1: kex: host key algorithm: rsa-sha2-512

debug1: kex: server->client cipher: chacha20-poly1305@openssh.com MAC: <implicit> compression: none

debug1: kex: client->server cipher: chacha20-poly1305@openssh.com MAC: <implicit> compression: none

debug3: send packet: type 30

debug1: expecting SSH2_MSG_KEX_ECDH_REPLY

debug3: receive packet: type 31

debug1: SSH2_MSG_KEX_ECDH_REPLY received

debug1: Server host key: ssh-rsa SHA256:zzXQOXSRBEiUtuE8AikJYKwbHaxvSc0ojez9YXaGp1A

debug3: record_hostkey: found key type RSA in file /c/Users/tix/.ssh/known_hosts:2

debug3: load_hostkeys_file: loaded 1 keys from bitbucket.org

debug1: load_hostkeys: fopen /c/Users/tix/.ssh/known_hosts2: No such file or directory

debug1: load_hostkeys: fopen /etc/ssh/ssh_known_hosts: No such file or directory

debug1: load_hostkeys: fopen /etc/ssh/ssh_known_hosts2: No such file or directory

debug1: Host 'bitbucket.org' is known and matches the RSA host key.

debug1: Found key in /c/Users/tix/.ssh/known_hosts:2

debug3: send packet: type 21

debug2: ssh_set_newkeys: mode 1

debug1: rekey out after 134217728 blocks

debug1: SSH2_MSG_NEWKEYS sent

debug1: expecting SSH2_MSG_NEWKEYS

debug3: receive packet: type 21

debug1: SSH2_MSG_NEWKEYS received

debug2: ssh_set_newkeys: mode 0

debug1: rekey in after 134217728 blocks

debug3: ssh_get_authentication_socket_path: path '/tmp/ssh-WF8prVNcZ0cY/agent.1384'

debug1: get_agent_identities: ssh_get_authentication_socket: Bad file descriptor

debug1: Will attempt key: /c/Users/tix/bb_g ED25519 SHA256:StqIMk4bEGLcTKv64rTZRrY1i+SjK4FQaKh7XR63fL0

debug2: pubkey_prepare: done

debug3: send packet: type 5

debug3: receive packet: type 7

debug1: SSH2_MSG_EXT_INFO received

debug1: kex_input_ext_info: server-sig-algs=<rsa-sha2-256,ecdsa-sha2-nistp256,ecdsa-sha2-nistp384,ecdsa-sha2-nistp521,ssh-rsa-cert-v01@openssh.com,ssh-dss-cert-v01@openssh.com,ecdsa-sha2-nistp521-cert-v01@openssh.com,ssh-rsa,rsa-sha2-512,ssh-dss,ecdsa-sha2-nistp256-cert-v01@openssh.com,ecdsa-sha2-nistp384-cert-v01@openssh.com>

debug3: receive packet: type 6

debug2: service_accept: ssh-userauth

debug1: SSH2_MSG_SERVICE_ACCEPT received

debug3: send packet: type 50

debug3: receive packet: type 51

debug1: Authentications that can continue: publickey

debug3: start over, passed a different list publickey

debug3: preferred publickey,keyboard-interactive,password

debug3: authmethod_lookup publickey

debug3: remaining preferred: keyboard-interactive,password

debug3: authmethod_is_enabled publickey

debug1: Next authentication method: publickey

debug1: Offering public key: /c/Users/tix/bb_g ED25519 SHA256:StqIMk4bEGLcTKv64rTZRrY1i+SjK4FQaKh7XR63fL0

debug3: send packet: type 50

debug2: we sent a publickey packet, wait for reply

debug3: receive packet: type 60

debug1: Server accepts key: /c/Users/tix/bb_g ED25519 SHA256:StqIMk4bEGLcTKv64rTZRrY1i+SjK4FQaKh7XR63fL0

debug3: sign_and_send_pubkey: using publickey with ED25519 SHA256:StqIMk4bEGLcTKv64rTZRrY1i+SjK4FQaKh7XR63fL0

debug3: sign_and_send_pubkey: signing using ssh-ed25519 SHA256:StqIMk4bEGLcTKv64rTZRrY1i+SjK4FQaKh7XR63fL0

debug3: ssh_get_authentication_socket_path: path '/tmp/ssh-WF8prVNcZ0cY/agent.1384'

debug3: no authentication agent, not adding key

debug3: send packet: type 50

debug3: receive packet: type 52

Authenticated to bitbucket.org ([18.205.93.1]:22) using "publickey".

debug1: channel 0: new session [client-session] (inactive timeout: 0)

debug3: ssh_session2_open: channel_new: 0

debug2: channel 0: send open

debug3: send packet: type 90

debug1: Entering interactive session.

debug1: pledge: filesystem

debug3: client_repledge: enter

debug3: receive packet: type 91

debug2: channel_input_open_confirmation: channel 0: callback start

debug2: fd 4 setting TCP_NODELAY

debug3: set_sock_tos: set socket 4 IP_TOS 0x48

debug2: client_session2_setup: id 0

debug2: channel 0: request pty-req confirm 1

debug3: send packet: type 98

debug2: channel 0: request shell confirm 1

debug3: send packet: type 98

debug3: client_repledge: enter

debug2: channel_input_open_confirmation: channel 0: callback done

debug2: channel 0: open confirm rwindow 2097152 rmax 32768

debug3: receive packet: type 100

debug2: channel_input_status_confirm: type 100 id 0

PTY allocation request failed on channel 0

 

Now, my key is not named id_rsa or any of the standard names, but it was working with Smartgit.  Then when I ran

 

ssh-add -l

 

I got

 

Error connecting to agent: Bad file descriptor

 

so I ran

 

eval $(ssh-agent)

 

which gave me

 

Agent pid 1637

 

Then running

 

ssh-add -l

 

I got

 

The agent has no identities.

 

so I added the key again with

 

ssh-add ~/.ssh/nh_rsa

 

and then

 

ssh-add -l

 

gave me

 

2048 SHA256:JXyFivBZGaaRsdeoJy3aL3SiEVhvLIORgAe4vDuW6p4 /c/Users/my_user/.ssh/nh_rsa (RSA)

 

so I appeared to be in business, but I still can’t read from the repository.  git branch is still giving me old branches, for example, and git pull is giving me

 

git@bitbucket.org: Permission denied (publickey).

fatal: Could not read from remote repository.

 

Please make sure you have the correct access rights

and the repository exists.

 

Please help.

Suggest an answer

Log in or Sign up to answer
DEPLOYMENT TYPE
CLOUD
PERMISSIONS LEVEL
Site Admin
TAGS
AUG Leaders

Atlassian Community Events