wrong passphrase 3 times: git doesn't ask for passphrase anymore

Asked 8/6, 2017 at 18:14 Answered 16/6, 2017 at 3:15

I wanted to push on a remote git repository. I typed the wrong passphrase three times. I have created a new ssh key and registered the new public key on the repository server. But the ssh agent doesn't prompt for the passphrase. It just keeps telling me:

Permission denied (publickey). fatal: Could not read from remote repository.

Please make sure you have the correct access rights and the repository exists.

How can I solve this problem under ubuntu?

Edit

As it was suggested, I tried ssh-add

sadik@sadix:~$ cd .ssh/
sadik@sadix:~/.ssh$ ls
config  github_rsa  github_rsa.pub  id_rsa  id_rsa.pub  keys.zip  known_hosts
sadik@sadix:~/.ssh$ ssh-add 
Enter passphrase for /home/sadik/.ssh/id_rsa: 
Identity added: /home/sadik/.ssh/id_rsa (/home/sadik/.ssh/id_rsa)
sadik@sadix:~/.ssh$ 
sadik@sadix:~/.ssh$ cd
sadik@sadix:~$ cd some/git-repo/
sadik@sadix:~/some/git-repo/$ git push -u bitbucket master
Permission denied (publickey).
fatal: Could not read from remote repository.

Please make sure you have the correct access rights
and the repository exists.

I should add that this git repository has been cloned from github (not owned by me). I want to push it on my private repository on bitbucket. I don't know whether this can lead to permission problems, but my first problem is that ssh does not prompt for a passphrase. Even after reboot or log out.

Edit

As Jakuje kindly suggested I entered the command GIT_SSH_COMMAND="ssh -vvv" git push -u bitbucket master to get the client logs. This is the end of the output:

debug3: preferred gssapi-keyex,gssapi-with-mic,publickey,keyboard-interactive,password
debug3: authmethod_lookup publickey
debug3: remaining preferred: keyboard-interactive,password
debug3: authmethod_is_enabled publickey
debug1: Next authentication method: publickey
debug1: Offering RSA public key: /home/sadik/.ssh/id_rsa
debug3: send_pubkey_test
debug3: send packet: type 50
debug2: we sent a publickey packet, wait for reply
debug3: receive packet: type 51
debug1: Authentications that can continue: publickey
debug1: Trying private key: /home/sadik/.ssh/id_dsa
debug3: no such identity: /home/sadik/.ssh/id_dsa: No such file or directory
debug1: Trying private key: /home/sadik/.ssh/id_ecdsa
debug3: no such identity: /home/sadik/.ssh/id_ecdsa: No such file or directory
debug1: Trying private key: /home/sadik/.ssh/id_ed25519
debug3: no such identity: /home/sadik/.ssh/id_ed25519: No such file or directory
debug2: we did not send a packet, disable method
debug1: No more authentication methods to try.
Permission denied (publickey).
fatal: Could not read from remote repository.

Please make sure you have the correct access rights
and the repository exists.

For whatever reason it searches for a pubkey id_dsa, so I copied id_rsa to id_dsa and tried it again. Now it prompts for a passphrase! But ... when I enter the wrong passphrase, it asks me again. When I enter the correct one, it says permission denied.

$ git push -u bitbucket master
Enter passphrase for key '/home/sadik/.ssh/id_dsa': 
Enter passphrase for key '/home/sadik/.ssh/id_dsa': 
Enter passphrase for key '/home/sadik/.ssh/id_dsa': 
Permission denied (publickey).
fatal: Could not read from remote repository.

Please make sure you have the correct access rights
and the repository exists.

What's wrong with the permissions?
Why is it looking for id_dsa instead of id_rsa?

Domett answered 8/6, 2017 at 18:14 Comment(5)

Are your keys (public and private) in your ~/.ssh directory? Did you chmod 700 ~/.ssh? – Imposture 8/6, 2017 at 19:1

@Imposture yes and yes. It worked perfectly well until I forgot the passphrase and guessed wrong for multiple times. So I created a new one. The only problem is, that it doesn't prompt for the passphrase. It just takes the wrong one I entered before – Adcock 8/6, 2017 at 22:34

It is using rsa few lines above and it is rejected. Make sure it is really the key you set up to bitbucket, restart you ssh-agent and try again. – Lockett 13/6, 2017 at 10:27

have you looked through the documentation at '$git help credentials' ? Looks to me like you may have several old credentials cached and it is failing to find their keys under ~/.ssh/ – Bidden 16/6, 2017 at 23:8

@DougCoburn Yes, I tried to reset credential.helper (like here https://mcmap.net/q/763366/-git-credential-helper-cache-never-forgets-the-password) but that seemed to have no effect. – Adcock 18/6, 2017 at 7:55

Things look complicated enough that it may be worth starting all over:

Remove all the keys in ~/.ssh that you don't need (if there are keys that you want to keep, consider moving them to a different directory for now).
If ~/.ssh/config exists, check that it doesn't have suspicious lines.
If you are using ssh-agent, remove all keys using ssh-add -D. Check that there are no keys using ssh-add -l. If you see any output, you are suffering from this bug. Log out, log in, and verify that ssh-add -l produces no output.
Run ls -al ~/.ssh and check that there are no keys there.
Create a new key using ssh-keygen. Press enter when it asks for the output file to use the default, then type the passphrase twice.
Run ls -al ~/.ssh and check that id_rsa and id_rsa.pub exist.
Remove existing keys from Bitbucket.
Add the contents of ~/.ssh/id_rsa.pub to Bitbucket.
Test the connection using ssh -T [email protected]. If it fails, post the output of ssh -vvv [email protected].
Check that git commands works.

Why is it looking for id_dsa instead of id_rsa?

SSH tries several keys until it finds one that works. It tried id_rsa, the key was rejected, so it went on to try id_dsa.

Credit to @Leon for mentioning ssh-add.

Dulin answered 16/6, 2017 at 3:15 Comment(5)

I didn't mention ssh-agent (only ssh-add). In any case, your answer is so much more elaborate and helpful that I am going to remove mine. – Prizewinner 16/6, 2017 at 6:34

@Leon: Thank you! Please don't remove your answer though, it's good to have your personal experience on record. I've updated my answer regarding ssh-agent vs. ssh-add. – Dulin 16/6, 2017 at 8:12

Thank you. Still don't know what went wrong, but starting all over sometimes is a good idea. – Adcock 18/6, 2017 at 7:51

@Sadik: Thanks for the bounty. Is it working now though? – Dulin 18/6, 2017 at 9:11

@Dulin yes, thanks. In addition to your steps I also created a new directory and did a git init on it, and copied all the files except the git related ones into the new directory. – Adcock 18/6, 2017 at 11:25

I forgot the passphrase and guessed wrong for multiple times. So I created a new one.

I read that as you had a key that worked, you created a new one and you are wondering why it does not work.

You need to copy the public key to the server's authorized_keys.

Lockett answered 9/6, 2017 at 8:43 Comment(5)

that's what I meant when I wrote "... and registered the new public key on the repository server". I wonder why the command line does not ask for a passphrase and assumes that I don't have access, based on the earlier tries. – Adcock 9/6, 2017 at 13:21

It does not assume anything. If you set it up correcly, it should work. Post the debug logs frpm server and client. – Lockett 11/6, 2017 at 6:9

There is not much to do right or wrong. Server is on bitbucket.org. I don't see any logs there. I have created a new key pair and pasted the pubkey to bitbucket. That's all. – Adcock 13/6, 2017 at 9:7

I don't see any client log – Adcock 13/6, 2017 at 9:14

What is the new key that you put into the bitbucket? GIT_SSH_COMMAND="ssh -vvv" git push -u bitbucket master will generate your debug log. – Lockett 13/6, 2017 at 9:18

Recommended topics

Hot tags