Unable to push git repo to Heroku, despite valid SSH keys

There are lots of stack articles citing the same error message as I am getting.

I went through the entire heroku setup doc on another computer and everything worked perfectly. Not sure why this one is not working, but I need it to.

  • Issue with Git commits and reverting back
  • Remove file from Version Control in IntelliJ IDEA
  • Why does a successful merge break my code?
  • is there a simple way to know which files will be updated in the next 'git pull'?
  • Managing a Git Staging Server and Live Server
  • Permission denied (publickey) copy from remote machine to local
  • When I run:

    > git push -v heroku master
    Pushing to git@heroku.com:lit-tor-7969.git
    Permission denied (publickey).
    fatal: The remote end hung up unexpectedly

    All of the solutions on Stack involve reseting the ssh keys, and I believe the ssh keys are fine. I am on Mac OSX and have run:

    heroku keys:clear
    heroku keys:add

    So it looks to me like the git is using /Users/bishopz/.ssh keys rather than the keys I generated manually inside the repository folder.

    In addition to the answers below, this article seems to be providing a lot of insight:
    Cannot push to Heroku because key fingerprint

    I tried completely removing the .ssh directory. I ran

    heroku keys:clear
    ssh-add -D #to remove all ssh identities
    ssh-keygen -t rsa -C "email@gmail.com" -f  ~/.ssh/id_rsa_heroku
    ssh-add ~/.ssh/id_rsa_heroku
    heroku keys:add ~/.ssh/id_rsa_heroku.pub
    git push heroku master

    and now get:

    !  Your key with fingerprint 27:5f:64:4e:2e:f0:41:5b:62:a9:95:d2:02:df:27:85 is not authorized to access lit-tor-7969.
    fatal: The remote end hung up unexpectedly

    The response to

    ssh -vvv git@heroku.com

    is now:

    debug1: Host 'heroku.com' is known and matches the RSA host key.
    debug1: Found key in /Users/bishopz/.ssh/known_hosts:1
    debug1: ssh_rsa_verify: signature correct
    debug1: Offering RSA public key: /Users/bishopz/.ssh/id_rsa_heroku
    debug1: Server accepts key: pkalg ssh-rsa blen 279
    debug1: Authentication succeeded (publickey).
    Authenticated to heroku.com ([]:22).

    Any help appreciated, I’ll start a new bounty if someone can post an answer that works for me.

  • How to reset a remote GIT repository to remove all commits?
  • git - cherry-pick - HOWTO / WHYTO
  • Digital Ocean git bare repo
  • How can I have grep not print out 'No such file or directory' errors?
  • Trying to add .rvmrc to ignore, its not working
  • Timestamps in Git
  • 4 Solutions collect form web for “Unable to push git repo to Heroku, despite valid SSH keys”

    This question is not really about git than about ssh. 🙂

    Heroku uses git which uses ssh which allows only authentication by publickey.
    (But I think that is already clear.)

    heroku keys:add will send the public key to heroku. Unless you specify an explicit key it will use ~/.ssh/id_[rd]sa.pub.

    To authenticate successfully you need to present the matching private key. Unless specified otherwise ssh will use ~/.ssh/id_[rd]sa, but it will refuse to read it if permissions are too loose. (See man ssh section FILES for details.)

    An easy way to check whether the permissions are fine is to add the key to the agent:
    ssh-add ~/.ssh/id_[rd]sa

    This should either add the key to the agent (verify with ssh-add -L) or complain about wrong permissions. (In case no agent is running in the first place, you can start one with ‘ssh-agent bash’.)

    After adding the key to the agent, the agent will take care of authentication and also your git should be able to connect without problems. 🙂

    Okay, I was able to solve it. Several of these answers were helpful. It seem that two things had happened.

    First, based on this article the ssh keys had gotten confused. This was resolved by deleting the .ssh directory (of course this removed all the credentials for other things that use .ssh, but those can be recreated later):

    heroku keys:clear
    ssh-add -D #to remove all ssh identities
    ssh-keygen -t rsa -C "email@gmail.com" -f  ~/.ssh/id_rsa_heroku
    ssh-add ~/.ssh/id_rsa_heroku
    heroku keys:add ~/.ssh/id_rsa_heroku.pub    

    Secondly, based on an answer to this article the app name had somehow changed during the process of troubleshooting the ssh keys. The app name had to be manually edited in /repository_folder/.git/config

    To get the correct app name I logged into heroku.com on the web and then updated the config file:

    it’s contains

    [remote "heroku"]
        url = git@heroku.com:my_new_app_name.git
        fetch = +refs/heads/*:refs/remotes/heroku/*

    Thanks to all that posted suggestions! I am so happy to finally be on my way to a new app!


    I have to rerun this command every time I reboot the computer. I can add it my .profile or whatever, but thought it was worth a note.

    Depending on your setup.
    you might have a config file in your ~/.ssh/ directory that sets which file to be used as public key to use when pushing to heruko.

    example (~/.ssh/config):

    Host #Use Heroku's IP
    IdentityFile ~/.ssh/use_this_key

    So if that is the case, then change the settings in the ~/.ssh/config file


    The permissions on both the .ssh directory and the repository directory are 555

    What counts for ssh connections are the group and other permissions of:

    • /home/user/.ssh
    • /home/user
    • /home

    (replace /home/user by the actual path of your home directory)

    The idea is that group and other attribute permission for .ssh and all its parent directories must not be writable.

    555 is fine for .ssh, although 700 is recommended.
    Check its parent directories: 755 or 555 all the way up to / (no ‘2’, ‘3’ or ‘6’, indicating a writable directory for group or other).

    Git Baby is a git and github fan, let's start git clone.