ssh permission denied on Mac (Mojave)

mwr-stats May 21, 2019

I am trying to pull from a remote repo hosted by BitBucket using Sourcetree (v 3.0.1) on a Mac running OS 10.14.4 (Mojave).  This was working two weeks ago.  It's using the OAuth authentication protocol.  I have updated Sourcetree (after it failed the first time), but I don't think I've updated anything else.

I checked whether my ssh agent (OpenSSH) was running from the command line.  It didn't seem to be, so I started it.  It did not have the private key registered, so I ssh-add'ed it.  I checked that I had the right private key, that the public key was registered to my account on BitBucket and that Bitbucket was in my known_host file.  I registered my key with the Apple keychain.  In the Sourcetree preferences/accounts, I tried using the "connect host" button, which seemed to help in the past, but all it did was open a page in my browser that then redirected back to the SourceTree app.  I've rebooted SourceTree.  I just get the same error over and over:

git --no-optional-locks -c color.branch=false -c color.diff=false -c color.status=false -c diff.mnemonicprefix=false -c core.quotepath=false -c credential.helper=sourcetree fetch origin Permission denied (publickey).

fatal: Could not read from remote repository.

Please make sure you have the correct access rights

and the repository exists.

I'll mention that I am able to interact with the same repo via a Windows Server2012 workstation (using Pageant via SourceTree).

Please help.  I don't need this aggravation.

1 answer

1 accepted

1 vote
Answer accepted
Atlassian Team
Atlassian Team members are employees working across the company in a wide variety of roles.
May 22, 2019

Hi @mwr-stats,

In 10.12 Apple made changes to the way SSH works, introducing some instability from our perspective. You'd actually see the same error on the command line with Git. What you can do is use ssh-add -l to check what keys are loaded already by the agent and ssh-add ~/.ssh/your-key to add any keys the agent didn't load properly. After that you're good to go until it flakes out again. We are looking into a more permanent resolution but don't have an ETA. Thank you for your patience.

Brian Ganninger
Principal Developer, Sourcetree

mwr-stats May 22, 2019

As I mentioned, I had already tried this.  However, I think I somehow had multiple instances of the ssh-agent running; so I think I may have been adding the key to the wrong instance (i.e., not the one in use by ST).  After a reboot, manually adding the key fixed this issue.  Thanks for your assistance.

Can't you guys just have your app check whether the key is loaded (and add it if it isn't) before trying to connect?  Or at least have it do that if the connection fails?  I understand that they key being dropped may be an Apple issue, but it doesn't seem like rocket science to create a work around.  I see a lot of questions around these issues in the community forums, going back several years.  I would think that your target market for this app is people who are command-line averse; this kind of messes that up.  

Again, thank you for your help.  

Yannick Chenot May 27, 2019

I have now restarted my mac multiple times and subsequently added my SSH keys to the agent - to no avail.

Changing the remote address from SSH to HTTPS seems to do the trick somehow.

But adding the key to the SSH agent is still required and the whole thing is obviously far from ideal.

Suggest an answer

Log in or Sign up to answer
AUG Leaders

Atlassian Community Events