Unable to push git repo to Heroku, despite valid SSH keys
There are lots of stack articles citing the same error message as I am getting.
I went through the entire heroku setup doc on another computer and everything worked perfectly. Not sure why this one is not working, but I need it to.
When I run:
> git push -v heroku master Pushing to email@example.com:lit-tor-7969.git Permission denied (publickey). fatal: The remote end hung up unexpectedly
All of the solutions on Stack involve reseting the ssh keys, and I believe the ssh keys are fine. I am on Mac OSX and have run:
heroku keys:clear heroku keys:add
So it looks to me like the git is using /Users/bishopz/.ssh keys rather than the keys I generated manually inside the repository folder.
In addition to the answers below, this article seems to be providing a lot of insight:
Cannot push to Heroku because key fingerprint
I tried completely removing the .ssh directory. I ran
heroku keys:clear ssh-add -D #to remove all ssh identities ssh-keygen -t rsa -C "firstname.lastname@example.org" -f ~/.ssh/id_rsa_heroku ssh-add ~/.ssh/id_rsa_heroku heroku keys:add ~/.ssh/id_rsa_heroku.pub git push heroku master
and now get:
! Your key with fingerprint 27:5f:64:4e:2e:f0:41:5b:62:a9:95:d2:02:df:27:85 is not authorized to access lit-tor-7969. fatal: The remote end hung up unexpectedly
The response to
ssh -vvv email@example.com
debug1: Host 'heroku.com' is known and matches the RSA host key. debug1: Found key in /Users/bishopz/.ssh/known_hosts:1 debug1: ssh_rsa_verify: signature correct debug1: Offering RSA public key: /Users/bishopz/.ssh/id_rsa_heroku debug1: Server accepts key: pkalg ssh-rsa blen 279 debug1: Authentication succeeded (publickey). Authenticated to heroku.com ([18.104.22.168]:22).
Any help appreciated, I’ll start a new bounty if someone can post an answer that works for me.
4 Solutions collect form web for “Unable to push git repo to Heroku, despite valid SSH keys”
This question is not really about git than about ssh. 🙂
Heroku uses git which uses ssh which allows only authentication by publickey.
(But I think that is already clear.)
heroku keys:add will send the public key to heroku. Unless you specify an explicit key it will use
To authenticate successfully you need to present the matching private key. Unless specified otherwise ssh will use
~/.ssh/id_[rd]sa, but it will refuse to read it if permissions are too loose. (See
man ssh section FILES for details.)
An easy way to check whether the permissions are fine is to add the key to the agent:
This should either add the key to the agent (verify with
ssh-add -L) or complain about wrong permissions. (In case no agent is running in the first place, you can start one with ‘ssh-agent bash’.)
After adding the key to the agent, the agent will take care of authentication and also your git should be able to connect without problems. 🙂
Okay, I was able to solve it. Several of these answers were helpful. It seem that two things had happened.
First, based on this article the ssh keys had gotten confused. This was resolved by deleting the .ssh directory (of course this removed all the credentials for other things that use .ssh, but those can be recreated later):
heroku keys:clear ssh-add -D #to remove all ssh identities ssh-keygen -t rsa -C "firstname.lastname@example.org" -f ~/.ssh/id_rsa_heroku ssh-add ~/.ssh/id_rsa_heroku heroku keys:add ~/.ssh/id_rsa_heroku.pub
Secondly, based on an answer to this article the app name had somehow changed during the process of troubleshooting the ssh keys. The app name had to be manually edited in /repository_folder/.git/config
To get the correct app name I logged into heroku.com on the web and then updated the config file:
[remote "heroku"] url = email@example.com:my_new_app_name.git fetch = +refs/heads/*:refs/remotes/heroku/*
Thanks to all that posted suggestions! I am so happy to finally be on my way to a new app!
I have to rerun this command every time I reboot the computer. I can add it my .profile or whatever, but thought it was worth a note.
Depending on your setup.
you might have a config file in your ~/.ssh/ directory that sets which file to be used as public key to use when pushing to heruko.
Host 127.0.0.1 #Use Heroku's IP IdentityFile ~/.ssh/use_this_key
So if that is the case, then change the settings in the ~/.ssh/config file
The permissions on both the
.sshdirectory and the repository directory are 555
What counts for ssh connections are the group and other permissions of:
(replace /home/user by the actual path of your home directory)
The idea is that group and other attribute permission for
.ssh and all its parent directories must not be writable.
555 is fine for .ssh, although 700 is recommended.
Check its parent directories: 755 or 555 all the way up to
/ (no ‘2’, ‘3’ or ‘6’, indicating a writable directory for group or other).