the example i’m gonna use is for git, as i came across this problem where i was git pulling from a private repo on one host, then i moved to another host, tried to git pull and this happened
$ git pull The authenticity of host 'github.com (18.104.22.168)' can't be established. RSA key fingerprint is xx:xx:xx:xx:xx:xx:xx:xx:xx:xx:xx:xx. Are you sure you want to continue connecting (yes/no)? yes Warning: Permanently added 'github.com,22.214.171.124' (RSA) to the list of known hosts. Permission denied (publickey). fatal: The remote end hung up unexpectedly
i was all like whaaaaat? i was pretty sure i put the keys on the new host
$ ls -l /home/deploy/.ssh/ total 28 -rw-------. 1 deploy deploy 410 Jan 21 22:16 authorized_keys -rw------- 1 deploy deploy 192 Feb 25 21:25 config -rw------- 1 deploy deploy 1675 Feb 25 21:25 id_rsa_repo1 -rw------- 1 deploy deploy 410 Feb 25 21:25 id_rsa_repo1.pub -rw-r--r-- 1 deploy deploy 407 Mar 4 00:21 known_hosts
so i tried connecting to github
$ ssh -vT [email protected] OpenSSH_5.3p1, OpenSSL 1.0.1e-fips 11 Feb 2013 debug1: Reading configuration data /home/deploy/.ssh/config debug1: Reading configuration data /etc/ssh/ssh_config debug1: Applying options for * debug1: Connecting to github.com [126.96.36.199] port 22. debug1: Connection established. debug1: identity file /home/deploy/.ssh/identity type -1 debug1: identity file /home/deploy/.ssh/identity-cert type -1 debug1: identity file /home/deploy/.ssh/id_rsa type -1 debug1: identity file /home/deploy/.ssh/id_rsa-cert type -1 debug1: identity file /home/deploy/.ssh/id_dsa type -1 debug1: identity file /home/deploy/.ssh/id_dsa-cert type -1 debug1: identity file /home/deploy/.ssh/id_ecdsa type -1 debug1: identity file /home/deploy/.ssh/id_ecdsa-cert type -1 debug1: Remote protocol version 2.0, remote software version libssh-0.7.0 debug1: no match: libssh-0.7.0 debug1: Enabling compatibility mode for protocol 2.0 debug1: Local version string SSH-2.0-OpenSSH_5.3 debug1: SSH2_MSG_KEXINIT sent debug1: SSH2_MSG_KEXINIT received debug1: kex: server->client aes128-ctr hmac-sha1 none debug1: kex: client->server aes128-ctr hmac-sha1 none debug1: sending SSH2_MSG_KEXDH_INIT debug1: expecting SSH2_MSG_KEXDH_REPLY debug1: Host 'github.com' is known and matches the RSA host key. debug1: Found key in /home/deploy/.ssh/known_hosts:1 Warning: Permanently added the RSA host key for IP address '188.8.131.52' to the list of known hosts. debug1: ssh_rsa_verify: signature correct debug1: SSH2_MSG_NEWKEYS sent debug1: expecting SSH2_MSG_NEWKEYS debug1: SSH2_MSG_NEWKEYS received debug1: SSH2_MSG_SERVICE_REQUEST sent debug1: SSH2_MSG_SERVICE_ACCEPT received debug1: Authentications that can continue: publickey debug1: Next authentication method: publickey debug1: Trying private key: /home/deploy/.ssh/identity debug1: Trying private key: /home/deploy/.ssh/id_rsa debug1: Trying private key: /home/deploy/.ssh/id_dsa debug1: Trying private key: /home/deploy/.ssh/id_ecdsa debug1: No more authentication methods to try. Permission denied (publickey).
that’s so wierd it’s not listing my private key. so i googled, and apparently, your keys have to be known about by the ssh-agent. you can check if ssh-agent knows about them like this (first make sure ssh-agent is running using the eval below)
$ ssh-add -l Could not open a connection to your authentication agent. $ eval "$(ssh-agent)" Agent pid 17208 $ ssh-add -l The agent has no identities. $ ssh-add -l -E md5 The agent has no identities.
hmmm no identites. i should add them then!
$ ssh-add ~/.ssh/id_rsa_repo1 Identity added: /home/deploy/.ssh/id_rsa_repo1 (/home/deploy/.ssh/id_rsa_repo1)
does ssh-agent know about it now?
$ ssh-add -l 2048 xx:xx:xx:xx:xx:xx:xx:xx:xx:xx:xx:xx:xx:xx:xx:xx /home/deploy/.ssh/id_rsa_repo1 (RSA)
it does yay! let’s try a pull again
$ git pull remote: Counting objects: 3, done. remote: Compressing objects: 100% (3/3), done. remote: Total 3 (delta 0), reused 0 (delta 0), pack-reused 0 Unpacking objects: 100% (3/3), done. From github.com:user/repo1 90f51eb..c76de19 master -> origin/master Updating 90f51eb..c76de19 Fast-forward index.py | 24 ++++++++++++++++++++++-- 1 files changed, 22 insertions(+), 2 deletions(-)
yay it worked! woo!
there’s a bunch of stuff about ssh i don’t know about. this being one of those things. i suppose when you generate an ssh key pair on your host, they are automatically added to the ssh-agent. but if you take those keys and move them to a new host, you cant expect them to work without ssh-add-ing them first