I had to restore my master branch from github a couple weeks ago and since then I've been receiving an error that states "Your key with fingerprint... is not authorized to access my app."
I've looked at the previous answers to this problem and have tried deleting the old keypair, creating a new one and uploading it.
I used the following posts and still get the same error:
Your key with fingerprint .... is not authorized to access... myapp. The remote end hung up unexpectedly. HEROKU, GIT CLONE
Why is my key w/ fingerprint not authorized when I try to push latest changes to Heroku?
Cannot push to Heroku because key fingerprint
When I run ssh -Tv git#heroku.com the terminal outputs the following:
OpenSSH_5.9p1, OpenSSL 0.9.8r 8 Feb 2011
debug1: Reading configuration data /Users/username/.ssh/config
debug1: Reading configuration data /etc/ssh_config
debug1: /etc/ssh_config line 20: Applying options for *
debug1: Connecting to heroku.com [50.19.85.154] port 22.
debug1: Connection established.
debug1: identity file /Users/anthonyfrancavilla/.ssh/id_rsa type 1
debug1: identity file /Users/anthonyfrancavilla/.ssh/id_rsa-cert type -1
debug1: identity file /Users/anthonyfrancavilla/.ssh/id_dsa type -1
debug1: identity file /Users/anthonyfrancavilla/.ssh/id_dsa-cert type -1
debug1: Remote protocol version 2.0, remote software version Twisted
debug1: no match: Twisted
debug1: Enabling compatibility mode for protocol 2.0
debug1: Local version string SSH-2.0-OpenSSH_5.9
debug1: SSH2_MSG_KEXINIT sent
debug1: SSH2_MSG_KEXINIT received
debug1: kex: server->client aes128-ctr hmac-md5 none
debug1: kex: client->server aes128-ctr hmac-md5 none
debug1: sending SSH2_MSG_KEXDH_INIT
debug1: expecting SSH2_MSG_KEXDH_REPLY
debug1: Server host key: RSA [rsa key redacted]
debug1: Host 'heroku.com' is known and matches the RSA host key.
debug1: Found key in /Users/anthonyfrancavilla/.ssh/known_hosts:1
debug1: ssh_rsa_verify: signature correct
debug1: SSH2_MSG_NEWKEYS sent
debug1: expecting SSH2_MSG_NEWKEYS
debug1: SSH2_MSG_NEWKEYS received
debug1: Roaming not allowed by server
debug1: SSH2_MSG_SERVICE_REQUEST sent
debug1: SSH2_MSG_SERVICE_ACCEPT received
debug1: Authentications that can continue: publickey
debug1: Next authentication method: publickey
debug1: Offering RSA public key: /Users/anthonyfrancavilla/.ssh/id_rsa_heroku
debug1: Server accepts key: pkalg ssh-rsa blen 279
debug1: Authentication succeeded (publickey).
Authenticated to heroku.com ([50.19.85.154]:22).
debug1: channel 0: new [client-session]
debug1: Entering interactive session.
debug1: Sending environment.
debug1: Sending env LANG = en_US.UTF-8
shell request failed on channel 0
I discovered that the problem was in .git/config
The url under [remote "heroku"] was incorrect. I was able to reconnect once I corrected it.
Related
I am completely new to coding and am doing a startup course on coursera: https://class.coursera.org/startup-001/lecture/87
I'm getting a Permission Denied (publickey) when trying to connect to an EC2 Ubuntu Instance I created on AWS
Set up AWS Istance
Set Security to default and added port 22 and launched
Course tells me to then type:
chmod 400 trevor-learning.pem
ssh -i trevor-learning.pem \ ec2-user#ec2-XX-XXX-XX-XX.us-west-2.compute.amazonaws.com
This then gives me this error: Permission denied (publickey).
I've looked at other questions asked and tried switching the ubuntu# to ec2-user and some other things but I still can't connect.
I also tried:
trevor-larsons-macbook-pro:downloads trev$ chmod 600 trevor-learning.pem
trevor-larsons-macbook-pro:downloads trev$ ssh -v -i trevor-learning ubuntu#ec2-XX-XXX-XX- XX.us-west-2.compute.amazonaws.com
which gave me:
OpenSSH_5.9p1, OpenSSL 0.9.8x 10 May 2012
Warning: Identity file trevor-learning not accessible: No such file or directory.
debug1: Reading configuration data /etc/ssh_config
debug1: /etc/ssh_config line 20: Applying options for *
debug1: Connecting to ec2-XX-XXX-XX-XX.us-west-2.compute.amazonaws.com [XX.XXX.XX.XX] port 22.
debug1: Connection established.
debug1: identity file /Users/trev/.ssh/id_rsa type -1
debug1: identity file /Users/trev/.ssh/id_rsa-cert type -1
debug1: identity file /Users/trev/.ssh/id_dsa type -1
debug1: identity file /Users/trev/.ssh/id_dsa-cert type -1
debug1: Remote protocol version 2.0, remote software version OpenSSH_5.9p1 Debian-5ubuntu1
debug1: match: OpenSSH_5.9p1 Debian-5ubuntu1 pat OpenSSH*
debug1: Enabling compatibility mode for protocol 2.0
debug1: Local version string SSH-2.0-OpenSSH_5.9
debug1: SSH2_MSG_KEXINIT sent
debug1: SSH2_MSG_KEXINIT received
debug1: kex: server->client aes128-ctr hmac-md5 none
debug1: kex: client->server aes128-ctr hmac-md5 none
debug1: SSH2_MSG_KEX_DH_GEX_REQUEST(1024<1024<8192) sent
debug1: expecting SSH2_MSG_KEX_DH_GEX_GROUP
debug1: SSH2_MSG_KEX_DH_GEX_INIT sent
debug1: expecting SSH2_MSG_KEX_DH_GEX_REPLY
debug1: Server host key: RSA xx:xx:xx:xx:xx:xx:xx:xx:xx:xx:xx:xx:xx:xx:xx:xx
debug1: Host 'ec2-XX-XXX-XX-XX.us-west-2.compute.amazonaws.com' is known and matches the RSA host key.
debug1: Found key in /Users/trev/.ssh/known_hosts:2
debug1: ssh_rsa_verify: signature correct
debug1: SSH2_MSG_NEWKEYS sent
debug1: expecting SSH2_MSG_NEWKEYS
debug1: SSH2_MSG_NEWKEYS received
debug1: Roaming not allowed by server
debug1: SSH2_MSG_SERVICE_REQUEST sent
debug1: SSH2_MSG_SERVICE_ACCEPT received
debug1: Authentications that can continue: publickey
debug1: Next authentication method: publickey
debug1: Trying private key: /Users/trev/.ssh/id_rsa
debug1: Trying private key: /Users/trev/.ssh/id_dsa
debug1: No more authentication methods to try.
Permission denied (publickey).
At a loss here and have NO idea what I am doing please help!
Also, not sure if this has anythign to do with it, when I download the instance certificate (shows up bottom left of chrome browser, it opens up my keychain access and says" an error has occured. unable to import an item. the contents of this item cannot be retrieved."
Try the following steps in your terminal:
ssh-keygen -R 12.345.678.999 // This Reset your publickey
Then try to access with your Key Pair Name and Public DNS of EC2:
ssh -i KeyPairName.pem ubuntu#ec2-xx-xxx-xxx-xxx.eu-west-1.compute.amazonaws.com
My first key pair (eyelid_s.pem) is working fine. I'm using this key pair as access to an instance for personal use.
Now I'd like to create a new instance for a team to work on, so I created a new key pair (SE_Server.pem) as the default key pair for the new instance. But it just doesn't work. Even the old pem doesn't work for the new instance. I've tried new key pairs on my first instance, but they don't work either.
I've already done this:
chmod 400 SE_Server.pem
So this shouldn't be the file permission problem.
OpenSSH_5.9p1, OpenSSL 0.9.8r 8 Feb 2011
debug1: Reading configuration data /etc/ssh_config
debug1: /etc/ssh_config line 20: Applying options for *
debug1: Connecting to ec2-23-20-118-96.compute-1.amazonaws.com [2001:778::ffff:64:0:1714:7660] port 22.
debug1: Connection established.
debug1: identity file /Users/Lynn/.ssh/id_rsa type 1
debug1: identity file /Users/Lynn/.ssh/id_rsa-cert type -1
debug1: identity file /Users/Lynn/.ssh/id_dsa type -1
debug1: identity file /Users/Lynn/.ssh/id_dsa-cert type -1
debug1: Remote protocol version 2.0, remote software version OpenSSH_5.5p1 Debian-6+squeeze2
debug1: match: OpenSSH_5.5p1 Debian-6+squeeze2 pat OpenSSH*
debug1: Enabling compatibility mode for protocol 2.0
debug1: Local version string SSH-2.0-OpenSSH_5.9
debug1: SSH2_MSG_KEXINIT sent
debug1: SSH2_MSG_KEXINIT received
debug1: kex: server->client aes128-ctr hmac-md5 none
debug1: kex: client->server aes128-ctr hmac-md5 none
debug1: SSH2_MSG_KEX_DH_GEX_REQUEST(1024<1024<8192) sent
debug1: expecting SSH2_MSG_KEX_DH_GEX_GROUP
debug1: SSH2_MSG_KEX_DH_GEX_INIT sent
debug1: expecting SSH2_MSG_KEX_DH_GEX_REPLY
debug1: Server host key: RSA 4d:28:fd:e1:aa:ba:89:9a:6e:e7:b3:d7:fa:15:bd:af
debug1: Host 'ec2-23-20-118-96.compute-1.amazonaws.com' is known and matches the RSA host key.
debug1: Found key in /Users/Lynn/.ssh/known_hosts:1
debug1: ssh_rsa_verify: signature correct
debug1: SSH2_MSG_NEWKEYS sent
debug1: expecting SSH2_MSG_NEWKEYS
debug1: SSH2_MSG_NEWKEYS received
debug1: Roaming not allowed by server
debug1: SSH2_MSG_SERVICE_REQUEST sent
debug1: SSH2_MSG_SERVICE_ACCEPT received
debug1: Authentications that can continue: publickey
debug1: Next authentication method: publickey
debug1: Offering RSA public key: /Users/Lynn/.ssh/id_rsa
debug1: Authentications that can continue: publickey
debug1: Offering RSA public key: /Users/Lynn/eyelid_s.pem
debug1: Authentications that can continue: publickey
debug1: Offering RSA public key: SE_Server_key.pem
debug1: Authentications that can continue: publickey
debug1: Trying private key: /Users/Lynn/.ssh/id_dsa
debug1: No more authentication methods to try.
Permission denied (publickey).
I'd really be grateful if anyone can help me! This is really really annoying because I have no access to my new instance.
you can have multiple keys (not in AWS console, but you can use them to ssh into your machine), just make sure you add them into the "authorized_keys" or "authorized_keys2" depending on your ssh version.
http://www.idrix.fr/Root/Samples/pubkey2ssh.c - a way to import the .pem but im sure there are other methods out there to.
I am in the process of installing the latest version of gitolite on an osx mountain lion server. I set it up under it's own 'git' user account and followed the instructions here: https://github.com/sitaramc/gitolite
I am getting stuck in trying to check-out the gitolite-admin repo from the server on my workstation. I run this command:
git clone git#gitserver:gitolite-admin
but get this in return:
Cloning into 'gitolite-admin'...
Connection closed by gitserver
fatal: Could not read from remote repository.
Please make sure you have the correct access rights
and the repository exists.
It seems that I got the SSH set-up correctly because it's not asking for a PWD but I am stuck on where to look to try to debug the problem.
Thanks,
Grant
result from ssh -v
OpenSSH_5.9p1, OpenSSL 0.9.8r 8 Feb 2011
debug1: Reading configuration data /etc/ssh_config
debug1: /etc/ssh_config line 20: Applying options for *
debug1: Connecting to gitserver [gitserver] port 22.
debug1: Connection established.
debug1: identity file /Users/xxx/.ssh/id_rsa type 1
debug1: identity file /Users/xxx/.ssh/id_rsa-cert type -1
debug1: identity file /Users/xxx/.ssh/id_dsa type -1
debug1: identity file /Users/xxx/.ssh/id_dsa-cert type -1
debug1: Remote protocol version 2.0, remote software version OpenSSH_5.9
debug1: match: OpenSSH_5.9 pat OpenSSH*
debug1: Enabling compatibility mode for protocol 2.0
debug1: Local version string SSH-2.0-OpenSSH_5.9
debug1: SSH2_MSG_KEXINIT sent
debug1: SSH2_MSG_KEXINIT received
debug1: kex: server->client aes128-ctr hmac-md5 none
debug1: kex: client->server aes128-ctr hmac-md5 none
debug1: SSH2_MSG_KEX_DH_GEX_REQUEST(1024<1024<8192) sent
debug1: expecting SSH2_MSG_KEX_DH_GEX_GROUP
debug1: SSH2_MSG_KEX_DH_GEX_INIT sent
debug1: expecting SSH2_MSG_KEX_DH_GEX_REPLY
debug1: Server host key: RSA xxxxx
debug1: Host 'gitserver' is known and matches the RSA host key.
debug1: Found key in /Users/xxx/.ssh/known_hosts:5
debug1: ssh_rsa_verify: signature correct
debug1: SSH2_MSG_NEWKEYS sent
debug1: expecting SSH2_MSG_NEWKEYS
debug1: SSH2_MSG_NEWKEYS received
debug1: Roaming not allowed by server
debug1: SSH2_MSG_SERVICE_REQUEST sent
debug1: SSH2_MSG_SERVICE_ACCEPT received
debug1: Authentications that can continue: publickey,gssapi-keyex,gssapi-with-mic,keyboard-interactive
debug1: Next authentication method: publickey
debug1: Offering RSA public key: /Users/xxx/.ssh/id_rsa
debug1: Server accepts key: pkalg ssh-rsa blen 279
debug1: read PEM private key done: type RSA
Connection closed by gitserver
Looks OK here unless I am missing some detail.
I had a similar issue configuring a bare git repo in mountain lion. I uncommented the following lines of /etc/sshd_config:
PubkeyAuthentication yes
PermitUserEnvironment yes
The last one was related to the missing PATH error in .ssh/environment, but the first one was the one that allowed connections from ie. msysgit.
PS (edit): In the case of msysgit, I also setup the SSH agent (eval $(ssh-agent) && ssh-add) with OpenSSH key imported in pageant (as my GIT_SSH=path_to_plink). That did the trick.
On osx server, at least since 2015, also enable ssh access explicitly for the repository owner. In my case I have my server configured to allow only a few users. This caused very similar problems like you had.
I am trying to connect with my remote linux server using cygwin+ssh but the authentication fails with no apparent reason. I have successfully setup another connnection to github successfully and I have followed the same process, this is why I am stopped here
$ ssh -v finxxx#xxx.79.xxx.29
OpenSSH_6.0p1, OpenSSL 1.0.1c 10 May 2012
debug1: Connecting to xxx.79.xxx.29 [xxx.79.xxx.29] port 22.
debug1: Connection established.
debug1: identity file /home/xxxtta/.ssh/id_rsa type -1
debug1: identity file /home/xxxtta/.ssh/id_rsa-cert type -1
debug1: identity file /home/xxxtta/.ssh/id_dsa type 2
debug1: identity file /home/xxxtta/.ssh/id_dsa-cert type -1
debug1: identity file /home/xxxtta/.ssh/id_ecdsa type -1
debug1: identity file /home/xxxtta/.ssh/id_ecdsa-cert type -1
debug1: Remote protocol version 2.0, remote software version OpenSSH_5.3p1 Debian-3ubuntu7
debug1: match: OpenSSH_5.3p1 Debian-3ubuntu7 pat OpenSSH_5*
debug1: Enabling compatibility mode for protocol 2.0
debug1: Local version string SSH-2.0-OpenSSH_6.0
debug1: SSH2_MSG_KEXINIT sent
debug1: SSH2_MSG_KEXINIT received
debug1: kex: server->client aes128-ctr hmac-md5 none
debug1: kex: client->server aes128-ctr hmac-md5 none
debug1: SSH2_MSG_KEX_DH_GEX_REQUEST(1024<1024<8192) sent
debug1: expecting SSH2_MSG_KEX_DH_GEX_GROUP
debug1: SSH2_MSG_KEX_DH_GEX_INIT sent
debug1: expecting SSH2_MSG_KEX_DH_GEX_REPLY
debug1: Server host key: RSA c7:b2:f1:f9:76:cd:24:5a:80:91:4b:e5:ac:7e:e1:ee
debug1: Host 'xxx.79.xxx.29' is known and matches the RSA host key.
debug1: Found key in /home/xxxtta/.ssh/known_hosts:1
debug1: ssh_rsa_verify: signature correct
debug1: SSH2_MSG_NEWKEYS sent
debug1: expecting SSH2_MSG_NEWKEYS
debug1: SSH2_MSG_NEWKEYS received
debug1: Roaming not allowed by server
debug1: SSH2_MSG_SERVICE_REQUEST sent
debug1: SSH2_MSG_SERVICE_ACCEPT received
debug1: Authentications that can continue: publickey
debug1: Next authentication method: publickey
debug1: Trying private key: /home/xxxtta/.ssh/id_rsa
debug1: Offering DSA public key: /home/xxxtta/.ssh/id_dsa
debug1: Authentications that can continue: publickey
debug1: Trying private key: /home/xxxtta/.ssh/id_ecdsa
debug1: No more authentication methods to try.
Permission denied (publickey).
I have made the standard stuff but I cannot solve the problem. These are the commands I have used to generate the private/public keys. I have then copied the public key to the server
$ ssh-keygen -t dsa
Generating public/private dsa key pair.
Enter file in which to save the key (/home/xxxtta/.ssh/id_dsa):
Enter passphrase (empty for no passphrase):
Enter same passphrase again:
Your identification has been saved in /home/xxxtta/.ssh/id_dsa.
Your public key has been saved in /home/xxxtta/.ssh/id_dsa.pub
thank you for your help
EDIT:
I have made the same procedure using MINGW and it works (I am able to connect). Something is definitely going wrong with cygwin in my system
Problem probably lies in user name. If you login remotely user name is case sensitive. You must write user name exactly how it was defined in Windows.
Copy id_dsa.pub to your remote server.
# scp .ssh/id_dsa.pub dude#remotemachine
On remote server:
# cat id_dsa.pub >> ~/.ssh/authorized_keys
You might try -vvv instead of -v to increase the verbosity.
Also, check that the file permissions are set properly. See Adding public key to ~/.ssh/authorized_keys does not log me in automatically
I'm on a Mac now and previously I was able to set up and access an EC2 instance successfully from Windows XP. I want to create a new key for access from Mac, used the console management screen to generate a new key, saved the PEM file, changed permission on the file to owner RW only and then tried ssh but couldn't get it to work. Here's my command
ssh -v -i .ssh/ec2-mac.pem ec2-user#ec2-204-236-143-254.us-west-1.compute.amazonaws.com
Here's the verbose output
OpenSSH_5.2p1, OpenSSL 0.9.8l 5 Nov 2009
debug1: Reading configuration data /etc/ssh_config
debug1: Connecting to ec2-204-236-143-254.us-west-1.compute.amazonaws.com http://204.236.143.254 port 22.
debug1: Connection established.
debug1: identity file .ssh/ec2-mac.pem type -1
debug1: Remote protocol version 2.0, remote software version OpenSSH_5.3
debug1: match: OpenSSH_5.3 pat OpenSSH*
debug1: Enabling compatibility mode for protocol 2.0
debug1: Local version string SSH-2.0-OpenSSH_5.2
debug1: SSH2_MSG_KEXINIT sent
debug1: SSH2_MSG_KEXINIT received
debug1: kex: server->client aes128-ctr hmac-md5 none
debug1: kex: client->server aes128-ctr hmac-md5 none
debug1: SSH2_MSG_KEX_DH_GEX_REQUEST(1024<1024<8192) sent
debug1: expecting SSH2_MSG_KEX_DH_GEX_GROUP
debug1: SSH2_MSG_KEX_DH_GEX_INIT sent
debug1: expecting SSH2_MSG_KEX_DH_GEX_REPLY
debug1: Host 'ec2-204-236-143-254.us-west-1.compute.amazonaws.com' is known and matches the RSA host key.
debug1: Found key in /Users/bob/.ssh/known_hosts:3
debug1: ssh_rsa_verify: signature correct
debug1: SSH2_MSG_NEWKEYS sent
debug1: expecting SSH2_MSG_NEWKEYS
debug1: SSH2_MSG_NEWKEYS received
debug1: SSH2_MSG_SERVICE_REQUEST sent
debug1: SSH2_MSG_SERVICE_ACCEPT received
debug1: Authentications that can continue: publickey
debug1: Next authentication method: publickey
debug1: Offering public key: /Users/bob/.ssh/id_rsa
debug1: Authentications that can continue: publickey
debug1: Trying private key: .ssh/ec2-mac.pem
debug1: read PEM private key done: type RSA
debug1: Authentications that can continue: publickey
debug1: No more authentication methods to try.
Permission denied (publickey).
Anyone know what I'm missing? Oh and I am able to ssh into a different instance with the original key created for that instance making this even more puzzling.
Permissions are set correctly using chmod 600. The one thing I'm not sure is in the control panel management screen when I list Instances, it only shows the original value in "Key Pair Name" column, should it show both?
Thanks for your help in advance.
You don't need to create new key for new operating system. You can make use of your old Windows XP key in MAC.
Another point is when you launch an instance with a private key, then you can only login through that key only. A new key won't help.
Regards,
Sanket Dangi