Showing results for 
Search instead for 
Did you mean: 
Sign up Log in
It's not the same without you

Join the community to find out what other Atlassian users are discussing, debating and creating.

Atlassian Community Hero Image Collage

Source tree won't forget user ID/ssh key

I'm just getting started with Source Tree and was thinking it was a pretty good client until I ran into this problem for which there doesn't appear to be a similar question already;

I'm setting up a new git server using ssh access with gitolite as the server side management tool. I managed to create the gitolite-admin repo, check it out using the gitolite admin users key to my own machine. i then made what I thikn is a mistake; I added my personal ssh key (public) with the name id_rsa and also added this key to source tree.

now when I try to pull from the remote repo (or do anything else with it) I get an error message saying that access is denied to id_rsa. I've removed the local repository for the gitolite-admin by asking source tree to remove the book mark and the disk files. I;ve removed all the ssh keys from the source tree options page but still everytime i try to clone the gitolite-admin repository I get a failure message that says access is denied to the id-rsa user.

How does one get source tree to use the correct key for access to the repository and forget the old user id and key? More generally, what is the process for management of multiple user IDs in source tree?


Damon jebb

3 answers

1 accepted

1 vote
Answer accepted

The location of id_rsa for the purposes of actually performing authentication is actually the domain of ssh (OpenSSH in this case - I assume you're talking about the Mac version).

The default key location is ~/.ssh/id_rsa. SourceTree doesn't actually specify the location of the key, it's just derived from OpenSSH's own defaults. You'd keep the private key local (that's id_rsa), and upload the public version of it to your server, to the ~/.ssh/authorized_keys file.

OpenSSH is picky about the permissions of your local private key, because it's important for it not to be visible to others. If you have the permissions set too openly on ~/.ssh/id_rsa then OpenSSH won't let you use it. The correct permissions are set like this:

chmod 600 ~/.ssh/id_rsa

Your public key can be more open (typically because you share this with other people.

On the subject of using multiple keys, I generally advise people not to do it unless they really have a serious need to have different identities in different keys. id_rsa is used by default, but you can create other keys and use the ~/.ssh/config file to specify which ones to use in different circumstances - here's some more info on that: But again, I'd advise not doing this if you can help it - personally I've never needed more than one key and I've worked on a lot of projects.

I found a solid answer - quick fix, detailed explanation, and steps (add LaunchAgent) to keep it from happening again - here:

Thanks Steve. I have finally got my head around this now and realise that git and source tree are just calling open ssh. I tried the ~/.ssh/config file to set the key that is used for this but what was actually confusing me was that when I added my key to the gitolite configuration it was called from which gitolite created a user called id_rsa. It was gitolite that is recognising my key and then calling me 'id_rsa'. I needed to make a copy of my public key file with to be able to call myself 'damon' when connecting to the repository.

I'm not sure I can get away with a single identity file as it will mean going back to other locations and updating the file to my id_rsa one, but I will certainly try to keep the number of keys to a minimum.


Damon Jebb

One point on this - it's perfectly OK to have multiple public keys in your authorized_keys file on servers, while still having a single key on each client. I do this occasionally so I have the public key relating to my primary ID allowing me in, but also a secondary public key which I might have on another server, so I can ssh between the 2. This lets me partition up what keys I'm using so that I can revoke the access of one key without the other - I keep my main private key very secure, only on local physical machines and I don't want to upload that one to a server just so I can ssh across boxes. But each ssh client only has one key, it just might be a different one if it's on a machine I don't 100% physically control.

Suggest an answer

Log in or Sign up to answer
Community showcase
Published in Sourcetree

Tip from the team: configure your repos for hosting goodness!

Supported Platforms macOS Windows We recently introduced support for additional hosting services such as GitHub Enterprise, GitLab (Cloud, Community Edition, Enterprise Edition), and...

7,242 views 5 14
Read article

Community Events

Connect with like-minded Atlassian users at free events near you!

Find an event

Connect with like-minded Atlassian users at free events near you!

Unfortunately there are no Community Events near you at the moment.

Host an event

You're one step closer to meeting fellow Atlassian users at your local event. Learn more about Community Events

Events near you