MacOS下git clone git@github.com: Permission denied (publickey)錯誤及解決方式
前言
這個錯誤是筆者在使用以下指令時發生的:
git clone git@github.com:dcos/dcos-cli.git
錯誤訊息
Cloning into ‘dcos-cli’…
Warning: Permanently added the RSA host key for IP address ‘192.30.253.113’ to the list of known hosts.
git@github.com: Permission denied (publickey).
fatal: Could not read from remote repository.Please make sure you have the correct access rights
and the repository exists.
解決辦法
GitHub Help - Error: Permission denied (publickey)中有給出完整的問題排除方法。
以下記錄筆者實測的結果。
改用git當使用者名稱
如果原先使用的是:
ssh -T GITHUB-USERNAME@github.com
請將使用者名稱改為git:
ssh -T git@github.com
但在筆者的機器上還是輸出:
git@github.com: Permission denied (publickey).
所以問題不在這裡。
檢查是否有使用key
在背景啟動ssh-agent
:
eval "$(ssh-agent -s)"
Agent pid 67142
檢查是否有私鑰且己載入ssh:
ssh-add -l -E md5
The agent has no identities.
如果輸出不是像:
2048 MD5:a0:dd:42:3c:5a:9d:e4:2a:21:52:4e:78:07:6e:c8:4d /Users/you/.ssh/id_rsa (RSA)
則需要生成新的ssh key並將它與GitHub關聯。
下面這個部份來自:GitHub Help - Generating a new SSH key and adding it to the ssh-agent。
生成新的ssh key
ssh-keygen -t rsa -b 4096 -C "your_email@example.com"
如果過程中出現Enter file in which to save the key
,可以直接按Enter略過,使用預設的檔案路徑。
如果出現Enter passphrase
,可以輸入自己的密碼或直接按Enter略過。
輸出:
Generating public/private rsa key pair. Enter file in which to save the key (/Users/yourname/.ssh/id_rsa): /Users/yourname/.ssh/id_rsa already exists. Overwrite (y/n)? y Enter passphrase (empty for no passphrase): Enter same passphrase again: Your identification has been saved in /Users/yourname/.ssh/id_rsa. Your public key has been saved in /Users/yourname/.ssh/id_rsa.pub. The key fingerprint is: SHA256:CXtXJ/s8V00b5oz474OUm2lHsBrtP7fgU3eWYy4eCYs mimifasosofamire1123@gmail.com The key's randomart image is: +---[RSA 4096]----+ | | | | | . o .o.| | o . ..==.+| | . S .oo.+++| | . ...+B.*=| | E .==&.=| | ..X+B.| | oo*==| +----[SHA256]-----+
經過這一步以後,新的key己經生成,被存在~/.ssh/config這個路徑下。
我們可以用cat
來查看它的內容:
cat ~/.ssh/config # --- Sourcetree Generated --- Host yourgithubname-GitHub HostName github.com User yourgithubname PreferredAuthentications publickey IdentityFile /Users/yourname/.ssh/yourgithubname-GitHub UseKeychain yes AddKeysToAgent yes # ---------------------------- ForwardX11 yes
因為這時key己經生成,這時候可以回去用ssh-add -l -E md5
來查看key是否己載入ssh:
2048 MD5:03:57:c1:67:f1:04:20:7d:73:4b:91:d4:39:7d:90:47 /Users/yourname/.ssh/id_rsa (RSA)
可以發現己經有id了。
這時用ssh -vT git@github.com
試著連接到git@github.com,來檢查剛剛生成的key是否己被使用:
OpenSSH_7.6p1, LibreSSL 2.6.2
debug1: Reading configuration data /Users/yourname/.ssh/config
debug1: Reading configuration data /etc/ssh/ssh_config
debug1: /etc/ssh/ssh_config line 48: Applying options for *
debug1: /etc/ssh/ssh_config line 52: Applying options for *
debug1: Connecting to github.com port 22.
debug1: Connection established.
debug1: identity file /Users/yourname/.ssh/id_rsa type 0
debug1: key_load_public: No such file or directory
debug1: identity file /Users/yourname/.ssh/id_rsa-cert type -1
debug1: key_load_public: No such file or directory
debug1: identity file /Users/yourname/.ssh/id_dsa type -1
debug1: key_load_public: No such file or directory
debug1: identity file /Users/yourname/.ssh/id_dsa-cert type -1
debug1: key_load_public: No such file or directory
debug1: identity file /Users/yourname/.ssh/id_ecdsa type -1
debug1: key_load_public: No such file or directory
debug1: identity file /Users/yourname/.ssh/id_ecdsa-cert type -1
debug1: key_load_public: No such file or directory
debug1: identity file /Users/yourname/.ssh/id_ed25519 type -1
debug1: key_load_public: No such file or directory
debug1: identity file /Users/yourname/.ssh/id_ed25519-cert type -1
debug1: Local version string SSH-2.0-OpenSSH_7.6
debug1: Remote protocol version 2.0, remote software version babeld-f43b814b
debug1: no match: babeld-f43b814b
debug1: Authenticating to github.com:22 as ‘git’
debug1: SSH2_MSG_KEXINIT sent
debug1: SSH2_MSG_KEXINIT received
debug1: kex: algorithm: curve25519-sha256@libssh.org
debug1: kex: host key algorithm: ssh-rsa
debug1: kex: server->client cipher: chacha20-poly1305@openssh.com MAC: compression: none
debug1: kex: client->server cipher: chacha20-poly1305@openssh.com MAC: compression: none
debug1: expecting SSH2_MSG_KEX_ECDH_REPLY
debug1: Server host key: ssh-rsa SHA256:nThbg6kXUpJWGl7E1IGOCspRomTxdCARLviKw6E5SY8
debug1: Host ‘github.com’ is known and matches the RSA host key.
debug1: Found key in /Users/yourname/.ssh/known_hosts:4
debug1: rekey after 134217728 blocks
debug1: SSH2_MSG_NEWKEYS sent
debug1: expecting SSH2_MSG_NEWKEYS
debug1: SSH2_MSG_NEWKEYS received
debug1: rekey after 134217728 blocks
debug1: SSH2_MSG_SERVICE_ACCEPT received
debug1: Authentications that can continue: publickey
debug1: Next authentication method: publickey
debug1: Offering public key: RSA SHA256:FbFoShO5TA4eD6fXyLjyJJbPGvO8CGO00ZXMmR/7H8I /Users/yourname/.ssh/id_rsa
debug1: Authentications that can continue: publickey
debug1: Offering public key: RSA SHA256:CXtXJ/s8V00b5oz474OUm2lHsBrtP7fgU3eWYy4eCYs /Users/yourname/.ssh/id_rsa
debug1: Authentications that can continue: publickey
debug1: Trying private key: /Users/yourname/.ssh/id_dsa
debug1: Trying private key: /Users/yourname/.ssh/id_ecdsa
debug1: Trying private key: /Users/yourname/.ssh/id_ed25519
debug1: No more authentication methods to try.
git@github.com: Permission denied (publickey).
結果仍然是Permission denied。
這是因為我們尚未將ssh key添加到ssh-agent及GitHub帳戶所致。
將ssh key添加到ssh-agent
在背景啟動ssh-agent:
eval "$(ssh-agent -s)"
將ssh私鑰加入ssh-agent:
ssh-add -K ~/.ssh/id_rsa
這一步完成後,還需將ssh key加入GitHub帳戶。
將SSH key加入GitHub帳戶
此處內容來自:GitHub Help - Adding a new SSH key to your GitHub account。
將~/.ssh/id_rsa.pub
檔案裡的內容複製到剪貼簿:
pbcopy < ~/.ssh/id_rsa.pub
前往GitHub頁面,找到右上角的+
號→SSH and GPG keys
→New SSH key
或Add SSH key
。
這時會出現兩個欄位:
在Title
欄位輸入有意義的名稱,如iMac
,Personal MacBook Air
。
在Key
欄位貼上剛剛複製的內容。
最後點擊Add SSH key
來完成ssh key的添加。
檢查ssh key是否有被使用
可以再次使用以下指令,來檢查剛添加的key有沒有被使用:
ssh -vT git@github.com
OpenSSH_7.6p1, LibreSSL 2.6.2
debug1: Reading configuration data /Users/yourname/.ssh/config
debug1: Reading configuration data /etc/ssh/ssh_config
debug1: /etc/ssh/ssh_config line 48: Applying options for *
debug1: /etc/ssh/ssh_config line 52: Applying options for *
debug1: Connecting to github.com port 22.
debug1: Connection established.
debug1: identity file /Users/yourname/.ssh/id_rsa type 0
debug1: key_load_public: No such file or directory
debug1: identity file /Users/yourname/.ssh/id_rsa-cert type -1
debug1: key_load_public: No such file or directory
debug1: identity file /Users/yourname/.ssh/id_dsa type -1
debug1: key_load_public: No such file or directory
debug1: identity file /Users/yourname/.ssh/id_dsa-cert type -1
debug1: key_load_public: No such file or directory
debug1: identity file /Users/yourname/.ssh/id_ecdsa type -1
debug1: key_load_public: No such file or directory
debug1: identity file /Users/yourname/.ssh/id_ecdsa-cert type -1
debug1: key_load_public: No such file or directory
debug1: identity file /Users/yourname/.ssh/id_ed25519 type -1
debug1: key_load_public: No such file or directory
debug1: identity file /Users/yourname/.ssh/id_ed25519-cert type -1
debug1: Local version string SSH-2.0-OpenSSH_7.6
debug1: Remote protocol version 2.0, remote software version babeld-f43b814b
debug1: no match: babeld-f43b814b
debug1: Authenticating to github.com:22 as ‘git’
debug1: SSH2_MSG_KEXINIT sent
debug1: SSH2_MSG_KEXINIT received
debug1: kex: algorithm: curve25519-sha256@libssh.org
debug1: kex: host key algorithm: ssh-rsa
debug1: kex: server->client cipher: chacha20-poly1305@openssh.com MAC: compression: none
debug1: kex: client->server cipher: chacha20-poly1305@openssh.com MAC: compression: none
debug1: expecting SSH2_MSG_KEX_ECDH_REPLY
debug1: Server host key: ssh-rsa SHA256:nThbg6kXUpJWGl7E1IGOCspRomTxdCARLviKw6E5SY8
debug1: Host ‘github.com’ is known and matches the RSA host key.
debug1: Found key in /Users/yourname/.ssh/known_hosts:4
debug1: rekey after 134217728 blocks
debug1: SSH2_MSG_NEWKEYS sent
debug1: expecting SSH2_MSG_NEWKEYS
debug1: SSH2_MSG_NEWKEYS received
debug1: rekey after 134217728 blocks
debug1: SSH2_MSG_SERVICE_ACCEPT received
debug1: Authentications that can continue: publickey
debug1: Next authentication method: publickey
debug1: Offering public key: RSA SHA256:FbFoShO5TA4eD6fXyLjyJJbPGvO8CGO00ZXMmR/7H8I /Users/yourname/.ssh/id_rsa
debug1: Authentications that can continue: publickey
debug1: Offering public key: RSA SHA256:CXtXJ/s8V00b5oz474OUm2lHsBrtP7fgU3eWYy4eCYs /Users/yourname/.ssh/id_rsa
debug1: Server accepts key: pkalg ssh-rsa blen 535
debug1: Authentication succeeded (publickey).
Authenticated to github.com ([192.30.253.112]:22).
debug1: channel 0: new [client-session]
debug1: Entering interactive session.
debug1: pledge: network
debug1: Sending environment.
debug1: Sending env LANG = de_DE.UTF-8
debug1: client_input_channel_req: channel 0 rtype exit-status reply 0
Hi yourgithubname! You’ve successfully authenticated, but GitHub does not provide shell access.
debug1: channel 0: free: client-session, nchannels 1
Transferred: sent 3760, received 2060 bytes, in 0.8 seconds
Bytes per second: sent 4446.1, received 2435.9
debug1: Exit status 1
這時再次使用:
git clone git@github.com:dcos/dcos-cli.git
發現它己經能正常運作了!
參考連結
GitHub Help - Error: Permission denied (publickey)
GitHub Help - Generating a new SSH key and adding it to the ssh-agent
GitHub Help - Adding a new SSH key to your GitHub account