Sourcetree not working with pageant loaded with multiple keys

Graham Saulnier July 1, 2013

I'm experiencing an odd issue with windows 7, pageant and sourcetree.

Our company uses both our own git server and Github. We use different private keys for each.

On Machine A I run pageant at system startup loading both keys. Machine A can push/fetch both to our git server and github from sourcetree, the git bash, cmd etc...

On Machine B I run pageant at system startup loading both keys. Machine B can push/fetch both to our git server and github from the git bash, cmd, etc... but NOT from sourcetree.

Machine B's sourcetree installation is giving me this error when trying to fetch from the git server

git -c diff.mnemonicprefix=false -c core.quotepath=false fetch --prune origin
Access denied
Access denied
Access denied
Access denied
Access denied
FATAL ERROR: Server sent disconnect message

type 2 (protocol error):
"Too many authentication failures for git"

fatal: Could not read from remote repository.

Please make sure you have the correct access rights
and the repository exists.

Completed with errors, see above.

when trying to fetch from Github, I am first asked if I want to Launch SSH Agent (which is already running). If I say Yes, it asks me if I want to load a key. If I say yes I'm prompted which key (I load my github key) and then Pageant reports it is already running and refuses the key as it's already loaded. If I say no, Pageant reports it is already running. I then get this error.

git -c diff.mnemonicprefix=false -c core.quotepath=false fetch --prune origin
FATAL ERROR: Disconnected: No supported authentication methods available (server sent: publickey)

fatal: Could not read from remote repository.

Please make sure you have the correct access rights
and the repository exists.

Completed with errors, see above.

If I close pageant and start it manually from Sourcetree, loading the specific key, I am able to push/fetch to either our git server our github without any issue. But only one at a time. If I want to switch repos then I'm forced to close pageant, clear the key from Sourcetree's settings and load the other key.

Both systems point to the same plinks and git installations. The keys are not in %HOME%\.ssh

1 answer

1 accepted

1 vote
Answer accepted
stevestreeting
Rising Star
Rising Star
Rising Stars are recognized for providing high-quality answers to other users. Rising Stars receive a certificate of achievement and are on the path to becoming Community Leaders.
July 1, 2013

This problem is usually caused by there being more than one key loaded into your agent that is accepted by the server, but that the permissions granted by each key are different. The way SSH works is it sends keys in order until one of them is accepted. Usually with git/ssh, the user you're logged in as is derived from the key, it's not explicitly specified in the URL (which is a general git@blah). So what happens is the ssh client sends each key in turn until ONE of them is accepted by the server, which then maps that key to a user name. If there's more than one key in your agent which maps to a valid user on the server, then the first one will succeed, and this happens *before* it figures out whether that key allows you access to the repository itself. So if you have public keys on GitHub for both your keys for example, you'll just automatically become the user matching the first one that gets accepted, but that user may not have access to the repository.

The way to avoid this is either to:

  1. Use a single private key per server, and make sure none of your other keys are registered on that service at all, or
  2. Create aliases in PuTTY which are more specific about which key to send first.

If you can't do the former, the latter isn't too difficult - you first need to launch PuTTY; the full client, you can get it via www.putty.org if you don't have it already.

  1. In the tree on the left, go to Connection > SSH > Auth
  2. Specify the private key in the box
  3. Click 'Session' again in the tree
  4. In Host Name specify the REAL host name (e.g. myserver.com)
  5. In the text box under 'Saved Sessions', type an alias which you'll use to identify using myserver.com with this particular key, e.g 'myserverwithkey1', then click Save
  6. When you want to use this specific key/server combination, use the alias name in place of the host name. PuTTY will then pick up all the settings from that saved session and send that specific key instead of just trying all of them. That should mean you're always identified as the right user you need to access the repo.

HTH
Steve

Suggest an answer

Log in or Sign up to answer
TAGS
AUG Leaders

Atlassian Community Events