Keywords: Git | SSH Authentication | Public Key Error | Troubleshooting | Key Configuration
Abstract: This technical paper provides an in-depth analysis of the common Permission denied (publickey) error in Git operations, offering complete solutions from SSH key generation and configuration to systematic troubleshooting. The article details methods for setting up SSH key pairs on Mac, Linux, and Windows systems, including key generation, addition to Git service provider accounts, and local SSH agent configuration. It also covers detailed debugging using ssh -vT commands to help users accurately identify root causes. Through systematic troubleshooting workflows and code examples, developers can comprehensively resolve SSH public key authentication issues.
Problem Background and Error Analysis
When performing remote repository operations with Git, SSH public key authentication serves as a crucial mechanism for establishing secure connections. The "Permission denied (publickey)" error typically indicates that the local SSH client cannot establish a secure connection with the remote Git server through public key authentication. This error can stem from various causes, including ungenerated SSH key pairs, improperly added public keys to Git service provider accounts, incorrectly running SSH agents, or improper key file permission settings.
SSH Key Pair Generation and Configuration
To resolve public key authentication issues, it's essential to first ensure that valid SSH key pairs have been generated on the local system. SSH key pairs consist of public and private keys, where the public key is used for authentication while the private key must remain strictly confidential. Below are detailed steps for generating SSH key pairs:
# Navigate to SSH configuration directory
cd ~/.ssh
# Generate new RSA key pair
ssh-keygen -t rsa -b 4096 -C "your_email@example.com"
# Or generate more secure Ed25519 keys
ssh-keygen -t ed25519 -C "your_email@example.com"During key generation, the system will prompt for the key file save path and an optional passphrase. While setting a strong passphrase enhances security, pressing enter directly creates passwordless keys.
Adding Public Keys to Git Service Providers
After generating key pairs, the public key content must be added to the account settings of Git service providers (such as GitHub, GitLab, etc.). Public key copying methods vary across operating systems:
# macOS systems
cat ~/.ssh/id_rsa.pub | pbcopy
# Linux systems (requires xclip installation)
cat ~/.ssh/id_rsa.pub | xclip -selection clipboard
# Windows systems (Git Bash)
cat ~/.ssh/id_rsa.pub | clip
# Windows PowerShell
Get-Content ~/.ssh/id_rsa.pub | Set-ClipboardAfter copying the public key, log into the respective Git service provider website and add the new public key in the SSH keys section of account settings. Ensure the public key content is complete and accurate, including the initial "ssh-rsa" or "ssh-ed25519" identifier and the concluding email comment.
SSH Agent Configuration and Management
The SSH agent manages local private keys and provides authentication information to remote servers when needed. Proper SSH agent configuration is crucial for ensuring normal public key authentication operation:
# Start SSH agent and set environment variables
eval "$(ssh-agent -s)"
# Add private key to SSH agent
ssh-add ~/.ssh/id_rsa
# View list of loaded keys
ssh-add -l
# To add specific key files if needed
ssh-add ~/.ssh/your_custom_keyOn some systems, the SSH agent might already run as a system service. In such cases, manual agent startup commands might fail, requiring consultation of system documentation for proper SSH agent service management.
Git Configuration Verification
Ensuring correct Git configuration represents another important aspect of resolving authentication issues. Proper user information must be set for Git to correctly identify committers:
# Set global username
git config --global user.name "Your Name"
# Set global email address
git config --global user.email "your_email@example.com"
# Verify configuration correctness
git config --listAfter configuration completion, restarting terminal sessions ensures all configuration changes take effect. Some systems might require reloading shell configuration files for immediate configuration change activation.
Detailed Troubleshooting and Debugging
When basic key configuration fails to resolve issues, detailed debugging tools become necessary for pinpointing problem sources. The SSH client offers verbose debugging modes displaying every step of the authentication process:
# Test SSH connection using verbose mode
ssh -vT git@github.com
# Or specifically for GitLab
ssh -vT git@gitlab.com
# More detailed debugging (up to three verbosity levels)
ssh -vvvT git@github.comIn debugging output, particular attention should be paid to the following information categories:
# Key file identification status
debug1: identity file /Users/username/.ssh/id_rsa type 1
debug1: identity file /Users/username/.ssh/id_rsa type -1
# Authentication attempt process
debug1: Offering public key: /Users/username/.ssh/id_rsa
debug1: Authentications that can continue: publickey
# Connection establishment information
debug1: Connecting to github.com port 22.
debug1: Connection established.When observing "identity file type -1", this indicates SSH cannot locate or read the corresponding key file. Conversely, "Offering public key" signifies SSH attempting authentication using the specified public key.
Key Permissions and Filesystem Issues
SSH imposes strict requirements on key file permissions, where improper settings lead to authentication failures. Below are correct permission settings:
# Set SSH directory permissions
chmod 700 ~/.ssh
# Set private key file permissions
chmod 600 ~/.ssh/id_rsa
# Set public key file permissions
chmod 644 ~/.ssh/id_rsa.pub
# Set configuration file permissions (if existing)
chmod 600 ~/.ssh/configOn Windows systems, although the file permission system differs from Unix-like systems, Git Bash simulates similar permission checking mechanisms. Ensuring key files aren't locked or occupied by other programs represents another important troubleshooting step.
Advanced Configuration and Alternative Solutions
For complex development environments or multi-account scenarios, more advanced SSH configuration might be necessary:
# ~/.ssh/config file example
Host github.com
HostName github.com
User git
IdentityFile ~/.ssh/id_rsa_github
IdentitiesOnly yes
Host gitlab.com
HostName gitlab.com
User git
IdentityFile ~/.ssh/id_rsa_gitlab
IdentitiesOnly yes
Host *.company.com
User git
IdentityFile ~/.ssh/id_rsa_work
Port 2222When SSH authentication persistently fails, considering HTTPS protocol as an alternative solution is advisable. HTTPS authentication typically uses personal access tokens or username-password combinations for identity verification:
# Convert SSH remote URL to HTTPS
git remote set-url origin https://github.com/username/repository.git
# Or directly clone HTTPS repository
git clone https://github.com/username/repository.gitSystem-Specific Considerations
Different operating systems exhibit some variations in SSH configuration that require special attention:
On macOS systems, Keychain Access might automatically manage SSH keys. The following commands help view and manage SSH keys in Keychain:
# View SSH keys in Keychain
ssh-add -A
# Remove all keys from Keychain
ssh-add -DOn Windows systems using Git for Windows, the following points deserve attention:
# SSH agent management on Windows
# Start SSH agent service
net start ssh-agent
# Or use OpenSSH's built-in agent management
Start-Service ssh-agentLinux system SSH configuration remains relatively standard, though different distributions might vary in SSH service management aspects. Most modern Linux distributions utilize systemd for SSH agent service management.
Summary and Best Practices
Resolving Git SSH public key authentication issues requires systematic troubleshooting approaches. We recommend checking in the following sequence: first generate and configure SSH key pairs, then add public keys to Git service provider accounts, followed by configuring and managing SSH agents, and finally conducting detailed connection testing and debugging. Maintaining correct key file permissions, using SSH configuration files for multi-environment management, and considering HTTPS alternatives when necessary all represent important practices for ensuring smooth Git operations.
Through the comprehensive solutions provided in this paper, developers should capable of diagnosing and resolving most SSH public key authentication related issues, ensuring smooth Git workflow operation. Remember, patience and systematic troubleshooting remain key to resolving technical problems.