Can't push to Heroku using SourceTree

Hi, I can push to Heroku using the command "git push heroku master", but when I open the push dialog within sourcetree it says: "Password Required for user git on host heroku.com".

I enter the password and after a few seconds the dialog comes up again. So i enter the password again. After a few seconds the dialog comes up again. This loop goes on forever until I click cancel, and then I'm back where I started.

As it stands right now I'm stuck using the command line to push to heroku. Any help is appreciated.

3 answers

1 accepted

This widget could not be displayed.

That's odd - basically SourceTree puts that prompt up only when it gets an authentication error from the remote. SourceTree is trying to list the remote branches when it enters the dialog, using 'git remote show', compared to the actual push which is done via 'git push' as you would do from the command line. SourceTree is just trying to give you all the information available.

The 'git remote show' command will require authentication too, which is why you get the prompt the first time. However, if that authentication succeeded, you should not see it again. Are you saying you don't see the authentication dialog anymore now? It's odd because that means authentication must now be working on the 'git remote show' command, yet this is no different to the initial time you used it.

I don't have a Heroku account myself to test this with, but I know other people who do and this hasn't come up before. I wonder whether you encountered a temporary error on the server side of Heroku which was causing SourceTree to keep prompting you, which has now been resolved.

I'm confused. It turns out that I am getting the dialog again, but all I have to do is hit cancel, and wait a second. Then I check the checkboxes for the master branch (which is the only branch) and click ok. The push succeeds. I tried git remote show heroku from the command line which responded as expected without prompting for a password. Then I went back to sourcetree and I am no longer getting the dialogue. (I assume that after I reboot or something the dialog will begin to reappear again.) So yeah, this is weird. Any ideas?

Very odd. Can you tell me what the URL is that you're using? You can replace bits with placeholders if you don't want to expose the actual URL, but I'm interested in the form of it, especially whether it's ssh or https, and whether the username is included in it. If the username is not included, it may help to add it (e.g. https://username@hostname.com/repo), especially if you use more than one user on the same host, because then it's unambiguous when it comes to look up the password in your keychain.
If you're not using ssh keys to authenticate, please also take a look in Keychain Access to make sure SourceTree has been able to create an entry there for your URL (this is how it remembers the password).

It's ssh. The format is as follows:

git@heroku.com:radiant-day-4808.git

To my knowledge this is the only address format one can use to push to Heroku. See the section "Git Remotes and Heroku" herehttp://devcenter.heroku.com/articles/git

I only have one heroku username, so as far as I know there is no ambiguity. I am using ssh keys to authenticate but I looked in Keychain access just out of curiousity and I see the entry for bitbucket (because I am also pushing to a repo there via https) and as expected there was no entry for heroku.

Also, I'm not sure if it makes a difference or not, but following the instructions at http://devcenter.heroku.com/articles/keys I ran "heroku keys" and I see that heroku shows me having two keys. One is from my old laptop which I no longer use. The other one is the one that resides in my ~/.ssh/id_rsa.pub file, which I believe was created automatically by heroku (because up until that point I hadn't been using ssh on the new laptop). If you want I can delete the unused key from heroku's records to see if that helps.

Ok - ssh is in many ways the easiest, because often sites like this don't use a username and instead identify you by your key. This key also acts as the authentication so you don't need to type a password, and best of all, because Mac OS X has built-in support for ssh and ssh-agent (which caches your ssh keys), you normally don't get any prompts at all. I use several servers that work this way (GitHub, Bitbucket, gitosis, gitolite) so it should work.

The only prompts you would get are:

  1. If you've set a passphrase on your key, you may get prompted by ssh for this - this prompt will have no user name box, just a passphrase box and will come from SSH / Mac OS X itself. Typing the passphrase once will store it for the Mac OS X session so you won't have to type it again - you only have to enter it next time you log in and use it. Alternatively, if you check the box saying 'store this in the Keychain', you never have to type the passphrase again, effectively your Mac login information is the sole gatekeeper.
  2. If for some reason the server rejects the key, SourceTree will display a standard login prompt with user and password.

To be sure, I would remove the entry for the old key on Heroku so there is no ambiguity. The id_rsa.pub would have been created when you followed some command-line instructions, probably from Heroku, to create it - this is a central public key and everything from git on the command line to SourceTree should reference it the same way (SourceTree just calls git anyway, which itself calls ssh and picks up the global configuration).

I hope that helps. If you still get prompts, please clarify which of the two types of prompts described above that it is you're getting, because this should indicate what's happening (key passphrase prompt or a user/pwd prompt because the key was rejected).

First I tried removing the key for my old computer. That didn't help. Then I deleted all of my keys from heroku (heroku keys:remove from the command line) and from my local machine (i.e. removed id_rsa and id_rsa.pub files from ~/.ssh). I also removed heroku as a remote via SourceTree. Then I readded everything from scratch. Heroku keys:add creates a new key and uploads the public key to their site. Then I added the ssh url as before and guess what? Same exact issue as before. I can push, but only after I hit cancel. Entering a password and clicking ok only causes the dialog to repeat. It's only after I click cancel that I can check the checkboxes on the grid and click ok to push. (Again, the push itself succeeds.)

The dialog is definitely the first one. There is no user name field. The prompt says: "Password Required, For user git on host heroku.com" The weird thing is that as far as I can tell the heroku generated key is not password protected. It doesn't ask me for any password via the command line. In any case I do enter a password and check "store password in keychain", but it doesn't help.

Let me know if you think of anything else to check or to try.

Thanks for the info. So from that, we can conclude that the prompt that's appearing is actually the passphrase prompt from SSH and not the SourceTree login prompt. It's strange because I wouldn't expect SSH to prompt you if the key has no passphrase - however I never use passphrase-less keys because it's a huge security risk, if someone gets hold of your key file they can instantly get into anything you use it for.

I didn't realise Heroku automated the generation of the SSH key, and it's not a great idea if they don't allow you to set a passphrase while doing it. I tried to look for the docs on this, but all I came up with was this: http://devcenter.heroku.com/articles/keys, which uses the standard ssh-keygen tool first (which is what I'd expect), and only heroku keys:add to upload the public part to Heroku. So are you saying you didn't perform the ssh-keygen part?

If so, if I were you I'd follow that link above and clear out your keys, then follow that article, including the ssh-keygen part, and make sure you set a passphrase on the key. I use a relatively long sentence of normal words which is easy to remember but also very hard to crack - this way, even if my key file is obtained by someone else, say if my laptop gets stolen or something, the key is useless to someone else unless they know the passphrase. That is then the passphrase you type into the prompt you get from SSH - which lasts for a whole login session by default, or can be added to your keychain if you think your main Mac login is strong enough to protect it.

This is how I've set up SSH keys for years and it's both secure and convenient, and it definitely works with SourceTree. I hope that helps!

I tried your suggestion of deleting all keys again and creating the key first using ssh-keygen before adding the key to heroku. What happened when I went to push in SourcreTree was that I got TWO DIFFERENT password prompts. The dialogs were different. The first one had two checkboxes and the second one had just one. Is there some way I can pass you a couple of images? I took screenshots. The first one accepted the password I put on the key and saved it to the keychain. Then the second password prompt came up, which is the one I've been encountering all this time. That's the one that doesn't accept any password and keeps coming up repeatedly.

Next what I did was change the remote I set up to remote repo bitbucket. I changed the name of the remote from bitbucket to origin. (per your answer here) As far as I can tell now I can't get the problematic password dialog to come up anymore. When I open the push dialog the repo selected is always origin (which is the https bitbucket repo) and I can switch to heroku without the weird password dialog appearing. My guess is that the bug occurs when there are two repos, heroku is the first one on the list and neither one is named origin.

I'm going to give this another day or two and then if I don't see the dialog any more I will mark this as answered. Do you want the screenshots?

The screenshots would be useful, I do have repositories here with multiple ssh remotes but it might shed some light on this. Here are a couple of options for posting them:

http://getcloudapp.com/
http://www.screencast.com/

By the way, I'm not sure if it makes a difference but I wanted to point out that my bitbucket remote is setup as https, not ssh. Only heroku is ssh.

'first dialog.png' is the SSH prompt for your key passphrase. This will be when it's trying to connect to Heroku.

'second dialog.png' is the fallback password prompt when the server rejects the SSH key (I forgot, for git this dialog doesn't include a user name for ssh because git doesn't allow you to change it if it's in the URL). In Heroku's case, it's not actually possible to provide a valid password since they don't allow user/password login, only key-based login. However, SourceTree doesn't know that so it gives you the option.

So neither of these are to do with Bitbucket (if you used http for that, then you'd definitely get a user/password prompt the first time).

I wonder if Heroku has a slight delay between adding SSH keys and them being actually available for use in the login. Some sites have this because of a deferred sync process for example, especially if the service is big/distributed. What seems to have happened there is that you've been prompted for the SSH key passphrase (as expected), which is a *local* prompt, but that just this once the key was rejected by the server, maybe because of a server sync delay, causing the second prompt. Then, once the SSH key had been synced in your account properly, it starts getting accepted so the prompt starts goes away.

Now that you have your key passphrase set up, and the key is in sync, I doubt you'll have any problems with this any more. At least I hope so!

Thanks for explaining the dialogs. However, I disagree with your conclusion. The problem never occurred on the command line. The problem didn't go away until I made bitbucket the origin remote, such that it is the first option in the dropdown on the push screen in SourceTree. I have a feeling that if I renamed the origin remote to something else that the problem would reoccur. (Would you like me to test that theory?) I think there is some timing issue in the background processing of the push screen when heroku is the first remote and therefore the first option in the dropdown.

Please do try any theories you have, because I can't reproduce it here, and I have several repositories which have multiple remotes and which the default entry is SSH (it's my preferred auth mechanism). As I say the SSH authentication prompts are not even controlled directly by SourceTree, they're automatic, so the behaviour being different between command line and SourceTree makes no sense. I'd love to know whether you can reliably turn the behaviour on and off.

Ok, I can't reproduce it now. My theory doesn't work. haha Sorry about all of the back and forth, and thanks for your attention. Great product!

This widget could not be displayed.

I think there is some sort of bug here, because I realize that after I hit cancel (and after enough time has passed) I can go ahead and click the checkboxes on the first row of the "branches to push" grid, and subsequently click Ok to push. That worked fine and now it seems that the "password required" dialog no longer appears. The confusing repeating dialog seems to be nothing more than just a simple infinite loop in the wrong place. hehe

This widget could not be displayed.
yang yang I'm New Here Aug 08, 2018
  1. install Heroku CLI
  2. restart SourceTree
  3. open SourceTree Terminal `$ heroku login`

Suggest an answer

Log in or Sign up to answer
Community showcase
Published May 30, 2018 in Sourcetree

Tip from the team: configuring Git or Mercurial in Sourcetree

Supported Platforms macOS Windows To make using Sourcetree as simple yet powerful as possible we embed (bundle) dependencies such as Git, Git LFS, and Mercurial. We strive to keep these...

877 views 2 3
Read article

Atlassian User Groups

Connect with like-minded Atlassian users at free events near you!

Find a group

Connect with like-minded Atlassian users at free events near you!

Find my local user group

Unfortunately there are no AUG chapters near you at the moment.

Start an AUG

You're one step closer to meeting fellow Atlassian users at your local meet up. Learn more about AUGs

Groups near you