How to solve permission denied (public key) error when using Git

Git is a distributed version control system designed to handle everything from small to very large projects with speed and efficiency. Git allows multiple developers to work on the same project simultaneously, each with their own local copies of the project. These copies can later be synchronized with the main repository and with each other. Some core features of Git include:

  • Branching and merging: Git’s branching model lets you create isolated environments within the same repository to develop features, fix bugs, or experiment without affecting the main codebase.

  • Distributed development: Each developer has a complete local copy of the repository, allowing for full functionality and operation even when offline.

  • Integrity and authenticity: Changes and commits are checksummedIn Git, when we talk about commits being "checksummed," we're referring to how Git calculates a unique identifier (a hash) for each commit using a cryptographic algorithm. , ensuring the integrity and traceability of modifications.

Permission denied (public key) error

The "Permission denied (public key)" error typically arises when you're trying to interact with a Git repository over SSH, and one of the following happens:

  • No SSH key: You haven't added an SSH keySSH (Secure Shell) keys are a pair of cryptographic keys that can be used to authenticate a client to a server without using passwords. They are more secure than password-based authentication due to the complexity and length of the keys. to your Git hosting account (e.g., GitHub, GitLab, Bitbucket).

  • Wrong SSH key: The SSH key on your local machine doesn't match any of the SSH keys associated with your Git hosting account.

  • SSH agent issues: The SSH agent might not be running or might not have the necessary keys loaded.

  • Incorrect permissions: The SSH key files have overly permissive file permissions.

  • Wrong SSH URL: You're using an SSH URL for a repository but haven't set up SSH authentication.

To address the "Permission denied (public key)" error, you can follow these steps :

  1. Generate an SSH key: If you don't have an SSH key, generate one using:

ssh-keygen -t rsa -b 4096 -C "your_email@example.com"
Command to generate an SSH key

This command is used to generate a new SSH key. Let's break down the command:

  • ssh-keygen: This is the command-line tool provided by many Unix-based systems for generating, managing, and converting authentication keys for SSH.

  • -t rsa: Specifies the type of key to create. In this case, it's an RSA key. RSA is a popular algorithm used in public key cryptography.

  • -b 4096: Specifies the number of bits in the key. A longer key is generally more secure. 4096 bits is currently considered strong.

  • -C "your_email@example.com": Provides a label or comment for the key. This is often set to the email address associated with the user's account on the Git hosting service (e.g., GitHub, GitLab) to help identify the key.

  1. Add your SSH key to Git hosting account:

    1. After generating the key, you'll have two files: id_rsa (private key) and id_rsa.pub (public key). You'll want to upload the contents of the id_rsa.pub file to your Git hosting account.

    2. Most Git hosting services provide a section in the account settings where you can add your public SSH key.

Adding SSH key to Github
Adding SSH key to Github

  1. Ensure the SSH agent has your key:

  • Start the SSH agent with:

eval "$(ssh-agent -s)"
Command to start the SSH agent

This command is used to start the ssh-agent and ensure that its environment variables are properly set for your current shell session. Let's break it down:

  • ssh-agent: This is a background program that handles private keys on behalf of the user, so the user doesn’t have to keep entering the passphrase. When an SSH key has been added to the agent, you can use it to authenticate without entering the passphrase for the key every time.

  • -s: This flag, when used with ssh-agent, generates Bourne shell commands. This means it outputs commands in a format that's compatible with standard shells like bash and sh.

  • eval: The eval command in shell programming takes a string as its argument, and evaluates that string as if it were a command. By wrapping the ssh-agent -s command in eval, you're ensuring that the commands output by ssh-agent are executed in the current shell. This is important because ssh-agent outputs environment variables that need to be set in your session.

  • Add the key to the agent:

ssh-add ~/.ssh/id_rsa
Command to add the key to SSH agent

This command is used to add your private SSH key to your ssh-agent. Here's a breakdown:

  • ssh-add: This is a command-line tool that adds private key identities to the ssh-agent.

  • ~/.ssh/id_rsa: This is the default path to the private RSA key for a user on Unix-like systems (the ~ character denotes the user's home directory). When you generate an SSH key pair using ssh-keygen without specifying a different filename, the keys will be saved by default as id_rsa (private key) and id_rsa.pub (public key) in the .ssh directory of the user's home folder.

  1. Check file permissions: Ensure your SSH key files are readable only by you:

chmod 600 ~/.ssh/id_rsa
chmod 644 ~/.ssh/id_rsa.pub
Command to set the files permissions

The commands adjust the file permission of the SSH keys:

  • chmod 600 ~/.ssh/id_rsa: Sets the private key (id_rsa) to be readable and writable only by the owner.

  • chmod 644 ~/.ssh/id_rsa.pub: Sets the public key (id_rsa.pub) to be readable by everyone but only writable by the owner.

  1. Use the correct SSH URL: The SSH URL is the repository's address used for SSH-based Git operations. It follows the format git@hosting-service.com:username/repo.git. This means you're connecting as the "git" user to the hosting service, and the specific repository path is determined by the username and repo.git segments. Always use the correct SSH URL to ensure seamless and authenticated interactions with the repository.

  2. Test your connection: For GitHub, for instance, you can test your SSH connection with:

ssh -T git@github.com
Command to test the SSH connection

If everything is set up correctly, you should receive a welcome message.

  1. Consider using HTTPS: If SSH proves too troublesome, consider switching to HTTPS. While it doesn't offer the same convenience as SSH (especially if you're pushing frequently), it's sometimes easier to set up.

Following these steps should help you solve the "Permission denied (public key)" error when using Git.

Conclusion

In this Answer, we delved into resolving the "Permission denied (public key)" error encountered when using Git. This error typically stems from SSH key authentication issues. By generating and configuring SSH keys correctly, starting the SSH agent, adjusting file permissions, and using the appropriate SSH URL, users can seamlessly interact with Git repositories and eliminate this common issues. Proper setup and understanding ensure both secure and efficient Git operations.

Free Resources

Copyright ©2025 Educative, Inc. All rights reserved