git Push Permission Denied

When pushing to your App's Git Remote, you might encounter the following error:

Pushing to [email protected]:[environment]/[app].git
Permission denied (publickey).
fatal: Could not read from remote repository.

Please make sure you have the correct access rights
and the repository exists.

Ther are two common reasons this occurrs:

Wrong SSH Key

Cause

The most common caused by attempting to authenticate with a public key that is not registered with Aptible, which causes Git Authentication to fail.

You can confirm that this is indeed the issue by connecting directly using ssh:

ssh -T [email protected] test

❗️

Warning

The SSH_ORIGINAL_COMMAND: unbound variable will appear without the test command at the end.

The output of this command will indicate whether you're being correctly authenticated by Aptible's Git server.

If you are properly authenticated, you'll see this message:

Hi [email]! Welcome to Aptible. Please use `git push` to connect.

If you do not see that message, then the problem is indeed that you're not authenticating properly.

Resolution

The most common cause for this error is that you haven't registered your SSH Public Key with Aptible. So, first, make sure you did that.

If you did register your public key, but you're still seeing the error, odds are you have multiple SSH keys and ssh isn't using the correct one when you connect.

To use a specific public key when connecting to Aptible, add the following to your local ~/.ssh/config file (you might need to create it):

Host beta.aptible.com
    IdentityFile /path/to/private/key

Key Type Not Allowed

Cause

The next most common cause is that the SSH key type is not supported by the installation of SSH that git is using. This can be tested for by using ssh:

ssh -v -T [email protected] test

❗️

Warning

The SSH_ORIGINAL_COMMAND: unbound variable will appear without the test command at the end.

If you get a message like the one below then your SSH client is not allowing ssh-rsa keys.

...
debug1: send_pubkey_test: no mutual signature algorithm
...

This commonly occurs on Windows as the latest versions of git for Windows comes bundled with a version of SSH that does not allow ssh-rsa keys by default. In this case ssh -T [email protected] test will indicate that it's able to connect but the git command will still fail because it uses a different SSH client with different default settings. To debug ssh with git commands you can preface the command with GIT_SSH_COMMAND="ssh -v". For example:

GIT_SSH_COMMAND="ssh -v" git push aptible master

❗️

Warning

MacOS Ventura does not support using RSA 1 keys with SSH by default. This can be reenabled within the ~/.ssh/config following the solution provided in this guide.

Resolution

This error can also be addressed by changing your local SSH configuration for Aptible Git Remotes, ~/.ssh/config. If this file does not already exist, you'll have to create it.

Host beta.aptible.com
    PubkeyAcceptedKeyTypes +ssh-rsa