Random Github permission errors are the worst!
You're probably familiar with this error:
You don't know where it comes from. It's frustrating, and you want to get on with deploying and working on your project. The things that actually matter.
Let's investigate a few possible reasons for why you're seeing this error and a solution for each one of them. 👇🏼
Read on or if you prefer video, watch it below.
First of all, try not to use
sudo command with git. When you use sudo, you're running the command as the
root user and SSH will use a different key pair to authenticate with Github.
When you generate SSH keys without sudo and then use sudo to clone a repository, you won't be using the same keys you generated. This leads to Github denying access to your private repositories because it can't verify that it's you.
If you're cloning a repository, double-check you didn't make any typos in the command. It's easy to omit or misspell a letter without you noticing. The correct format for cloning a Github repository using SSH is:
# Syntax for cloning a Github repository using SSH git clone email@example.com:[username]/[repository].git
I recommend copying the repository location from the Github website to avoid making manual mistakes. You can do this by navigating to the repository page and look for a green button labelled "Code" in the upper right corner.
In case you're trying to push to Github, make sure the remote is spelled correctly and pointing to the right repository. You can view a repository's remotes with:
# View a repository's remote list git remote -v
Next troubleshooting step is to check whether the SSH client can find a private key to authenticate with Github.
To debug an SSH connection you can pass the
-v flag to the SSH command. Therefore, to debug your SSH connection with Github, you would type:
# Debug the SSH connection to github.com ssh -v firstname.lastname@example.org
This will print out a few things to the terminal. Look out for a sequence of lines starting with
debug1: identity file .... This is the SSH client trying to find a private key by going through a list of possible filenames. In my case, the debug output looks as follows:
debug1: Connecting to github.com port 22. debug1: Connection established. debug1: identity file /Users/maxim/.ssh/id_rsa type 0 debug1: identity file /Users/maxim/.ssh/id_rsa-cert type -1 debug1: identity file /Users/maxim/.ssh/id_dsa type -1 debug1: identity file /Users/maxim/.ssh/id_dsa-cert type -1 debug1: identity file /Users/maxim/.ssh/id_ecdsa type -1 debug1: identity file /Users/maxim/.ssh/id_ecdsa-cert type -1 debug1: identity file /Users/maxim/.ssh/id_ed25519 type -1 debug1: identity file /Users/maxim/.ssh/id_ed25519-cert type -1 debug1: identity file /Users/maxim/.ssh/id_xmss type -1 debug1: identity file /Users/maxim/.ssh/id_xmss-cert type -1
-1 at the end of each line stands for not found. As you can see, SSH was able to find my private key at
/Users/maxim/.ssh/id_rsa and will use it to authenticate with Github.
If you don't have a key pair, you can generate one fairly simple. Github has a good guide on how to generate an SSH key pair.
In case you do have a key pair on the system but the SSH client cannot find it, because it's in a different location or has a different name, you have two options:
- Rename and place the key in the default location
~/.ssh/id_rsaso SSH can find it
- Let SSH know where to find your private key. You can do this with a oneliner:
# Authenticate with a specific key while cloning a repository GIT_SSH_COMMAND='ssh -i /path/to/private_key -o IdentitiesOnly=yes' git clone email@example.com:[username]/[repository].git
Or you can add a
~/.ssh/config file with the following contents:
Host github.com IdentityFile /path/to/private_key IdentitiesOnly yes
Make sure the file has the correct permissions with the following command:
# Restrict write & read access to the file owner chmod 600 ~/.ssh/config
Lastly, let's verify that the correct public key is added to your Github account.
Go to github.com, click on your avatar and then "Settings". Find the "SSH and GPG keys" section on the left side and click on it. In the right pane, you'll see a list of SSH keys associated with your account.
Each public key in this list grants the corresponding private key access to your repositories.
Back in your terminal, type the following:
# Print the public key's fingerprint ssh-keygen -E md5 -lf ~/.ssh/id_rsa.pub
This will print the fingerprint of your public key. Change the path if your public key is at a different location or has a different name.
If you don't see a public key fingerprint in your Github account that matches the output in your terminal, you'll need to add the public key to your Github account to gain access to your repositories.
In this article, we've looked at some possible solutions for the "Permission denied" error from Github:
- Don't use sudo with git
- Avoid typos by copying the repository location from the Github website
- Make sure you have a key pair and that the SSH client is using it
- Add the correct public key to your Github account
I hope this helped you solve this pesky error so you can continue working on your project.