Can't fetch from private-key authenticated Git repository

MikeL November 15, 2011

When I invoke Fetch, I'm getting following error:

RSA host key for IP address '1.2.3.4' not in list of known hosts.
Permission denied (publickey).
fatal: The remote end hung up unexpectedly

I don't have any problems accessing this repository using SmartGit.

1 answer

0 votes
stevestreeting
Rising Star
Rising Star
Rising Stars are recognized for providing high-quality answers to other users. Rising Stars receive a certificate of achievement and are on the path to becoming Community Leaders.
November 15, 2011

Please check your ~/.ssh/known_hosts file. Is there an entry for it already? If so, it may be wrong, try deleting it and trying again.

I don't know why this would behave differently outside of SourceTree, unless the other apps are deliberately ignoring known_host fingerprint clashes, which is insecure.

MikeL November 15, 2011

I don't want to mess with command line. SmartGit asks me for the location of my private key file as well as the passphrase.

stevestreeting
Rising Star
Rising Star
Rising Stars are recognized for providing high-quality answers to other users. Rising Stars receive a certificate of achievement and are on the path to becoming Community Leaders.
November 15, 2011

SSH automatically uses your private keys in ~/.ssh, there's absolutely no need for SourceTree to prompt for that - SmartGit only does because it's Java, which runs on platforms which don't support SSH natively, e.g. Windows. On the Mac, your SSH configuration is system-wide.

MikeL November 15, 2011

Please excuse, but my private key file definitely is NOT located within ~/.ssh because I don't use command line SSH. What steps do I need to do to tell the SSH client which is used by SourceTree where my private key file is located and what passphrase to use?

stevestreeting
Rising Star
Rising Star
Rising Stars are recognized for providing high-quality answers to other users. Rising Stars receive a certificate of achievement and are on the path to becoming Community Leaders.
November 16, 2011

You don't have to be using the command-line to have your SSH keys in ~/.ssh, that's where Mac OS X puts them for *all* uses of SSH. Perhaps you've just become used to using non-native or Windows-style tools.

You should put your SSH keys in ~/.ssh, that's where they belong. SourceTree provides no facility to locate them anywhere else, because that's not how Mac OS X works. Literally every other native tool on Mac OS X will expect the SSH keys and data files to be in this location, it really doesn't make sense for you to keep them anywhere else.

stevestreeting
Rising Star
Rising Star
Rising Stars are recognized for providing high-quality answers to other users. Rising Stars receive a certificate of achievement and are on the path to becoming Community Leaders.
November 16, 2011

Also about the passphrase, if you use SSH as Mac OS X intends then you will never need to tell SourceTree the passphrase, which is how it should be. Mac OS X will prompt you for the passphrase when it needs it, which will persist for the rest of your Mac OS X session. You can also opt to have that passphrase saved in your Keychain for future sessions if you want. This is far more secure than typing the passphrase into a 3rd party application.

MikeL November 17, 2011

Steve, I appreciate your explaination of how SSH usually is handled on OS X, but this does not solve my problem. Could you please explain me how I can get SourceTree working with a given private key file? What steps I need to "import" my private key file to OS X so SourceTree automatically uses it? Thanks in advance.

stevestreeting
Rising Star
Rising Star
Rising Stars are recognized for providing high-quality answers to other users. Rising Stars receive a certificate of achievement and are on the path to becoming Community Leaders.
November 17, 2011

The normal way to set up a private key is like this: http://confluence.atlassian.com/display/BITBUCKET/Using+SSH+to+Access+your+Bitbucket+Repository

To import a key from elsewhere, you should be able to copy your private key file to ~/.ssh/id_rsa:

cp your_private_key_location ~/.ssh/id_rsa
chmod 600 ~/.ssh/id_rsa

I do intend to add some helpers for SSH in future, but most people using SSH keys on OS X already have already gone through the native key generation process so don't need to do this.

MikeL November 17, 2011

Thanks, this helps a little bit further. What should I do, if ~/.ssh/id_rsa already exists? Should I append it?

stevestreeting
Rising Star
Rising Star
Rising Stars are recognized for providing high-quality answers to other users. Rising Stars receive a certificate of achievement and are on the path to becoming Community Leaders.
November 17, 2011

Hmm, that suggests you've generated a private key already at some point. If you don't know where the public key for this one is it's probably best just to rename it, I don't think appending works. It's possible to add more than one key but you need to mess with your login configuation to do so, if you don't know what this key is there's probably no point.

Suggest an answer

Log in or Sign up to answer
TAGS
AUG Leaders

Atlassian Community Events