Generated keys, added to my account, ssh not working (Permission denied)

Question

I am on Mac os 10.9. I generated my ssh key with ssh-keygen. I pasted the pub key as a new security key in my account. I restarted my computer. Then $ ssh git@git.cloudbees.com echo Permission denied (publickey).

I tried several times with no progress. I browsed for ideas but found nothing of help.

Here is a trace of verification against the server:

MacBook-Pro-de-Ludovic:~ Ludo$ echo | ssh -v -i ~/.ssh/id_rsa git@git.cloudbees.com echo
OpenSSH_6.2p2, OSSLShim 0.9.8r 8 Dec 2011
debug1: Reading configuration data /etc/ssh_config
debug1: /etc/ssh_config line 20: Applying options for *
debug1: Connecting to git.cloudbees.com [54.235.125.211] port 22.
debug1: Connection established.
debug1: identity file /Users/Ludo/.ssh/id_rsa type 1
debug1: identity file /Users/Ludo/.ssh/id_rsa-cert type -1
debug1: Enabling compatibility mode for protocol 2.0
debug1: Local version string SSH-2.0-OpenSSH_6.2
debug1: Remote protocol version 2.0, remote software version OpenSSH_6.0
debug1: match: OpenSSH_6.0 pat OpenSSH*
debug1: SSH2_MSG_KEXINIT sent
debug1: SSH2_MSG_KEXINIT received
debug1: kex: server->client aes128-ctr hmac-md5 none
debug1: kex: client->server aes128-ctr hmac-md5 none
debug1: SSH2_MSG_KEX_DH_GEX_REQUEST(1024<1024<8192) sent
debug1: expecting SSH2_MSG_KEX_DH_GEX_GROUP
debug1: SSH2_MSG_KEX_DH_GEX_INIT sent
debug1: expecting SSH2_MSG_KEX_DH_GEX_REPLY
debug1: Server host key: RSA 34:fe:24:48:6c:46:ff:1c:96:fc:d0:b6:7f:f8:51:e5
debug1: Host 'git.cloudbees.com' is known and matches the RSA host key.
debug1: Found key in /Users/Ludo/.ssh/known_hosts:1
debug1: ssh_rsa_verify: signature correct
debug1: SSH2_MSG_NEWKEYS sent
debug1: expecting SSH2_MSG_NEWKEYS
debug1: SSH2_MSG_NEWKEYS received
debug1: Roaming not allowed by server
debug1: SSH2_MSG_SERVICE_REQUEST sent
debug1: SSH2_MSG_SERVICE_ACCEPT received
debug1: Authentications that can continue: publickey
debug1: Next authentication method: publickey
debug1: Offering RSA public key: /Users/Ludo/.ssh/id_rsa
debug1: Authentications that can continue: publickey
debug1: Offering RSA public key: /Users/Ludo/.ssh/id_rsa
debug1: Authentications that can continue: publickey
debug1: No more authentication methods to try.
Permission denied (publickey).

Thanks for your help!

Answer 1

Based on your logs, it really looks like the wrong ssh key is being used.

I created an account, added an new ssh key I generated with ssh-keygen (no parameters)

Debug snippet shows the following;

debug1: Offering RSA public key: /root/.ssh/id_rsa
debug1: Server accepts key: pkalg ssh-rsa blen 279
debug1: read PEM private key done: type RSA
debug1: Authentication succeeded (publickey).

ssh-keygen -l showed a fingerprint which matched the fingerprint displayed in the cloudbees portal.

Its a bit of a stretch but... can you tell me what parameters you added to 'ssh-keygen' when generating the key? You may have stumbled on an unsupported key format..

Otherwise, start again with a new key..

Answer 2

The permission denied error means that no known key is being supplied to the SSH server.

To test that CloudBees has the key you expect registered correctly do the following:

echo | ssh -v -i ~/.ssh/id_rsa git@git.cloudbees.com echo

This will show a trace of your SSH client's activities.

If this works, then it is likely that your git client is not using SSH correctly.

Answer 3

I faced the same problem on Windows 7 and MINGW32 (exact same ssh log, same cloudbees host key fingerprint).

I know that yours was on Mac OS, but I managed to find a workaround, and I hope this might help someone else.

This article describe the problem : http://guides.beanstalkapp.com/version-control/git-on-windows.html#openssh-windows-7 They propose to use PuTTY within git instead of OpenSSH, like @d_rez90 proposed, as a workaround. (works fine for me)