Unable to push git repo to Heroku, despite valid SSH keys

Question

There are lots of stack articles citing the same error message as I am getting.

I went through the entire heroku setup doc on another computer and everything worked perfectly. Not sure why this one is not working, but I need it to.

When I run:

> git push -v heroku master

Pushing to [email protected]:lit-tor-7969.git
Permission denied (publickey).
fatal: The remote end hung up unexpectedly

All of the solutions on Stack involve reseting the ssh keys, and I believe the ssh keys are fine. I am on Mac OSX and have run:

heroku keys:clear
heroku keys:add

So it looks to me like the git is using /Users/bishopz/.ssh keys rather than the keys I generated manually inside the repository folder.

In addition to the answers below, this article seems to be providing a lot of insight: Cannot push to Heroku because key fingerprint

I tried completely removing the .ssh directory. I ran

heroku keys:clear
ssh-add -D #to remove all ssh identities
ssh-keygen -t rsa -C "[email protected]" -f  ~/.ssh/id_rsa_heroku
ssh-add ~/.ssh/id_rsa_heroku
heroku keys:add ~/.ssh/id_rsa_heroku.pub
git push heroku master

and now get:

!  Your key with fingerprint 27:5f:64:4e:2e:f0:41:5b:62:a9:95:d2:02:df:27:85 is not authorized to access lit-tor-7969.
fatal: The remote end hung up unexpectedly

The response to

ssh -vvv [email protected]

is now:

debug1: Host 'heroku.com' is known and matches the RSA host key.
debug1: Found key in /Users/bishopz/.ssh/known_hosts:1
debug1: ssh_rsa_verify: signature correct
debug1: Offering RSA public key: /Users/bishopz/.ssh/id_rsa_heroku
debug1: Server accepts key: pkalg ssh-rsa blen 279
debug1: Authentication succeeded (publickey).
Authenticated to heroku.com ([50.19.85.132]:22).

Any help appreciated, I'll start a new bounty if someone can post an answer that works for me.

Answer 1

This question is not really about git than about ssh. :)

Heroku uses git which uses ssh which allows only authentication by publickey. (But I think that is already clear.)

heroku keys:add will send the public key to heroku. Unless you specify an explicit key it will use ~/.ssh/id_[rd]sa.pub.

To authenticate successfully you need to present the matching private key. Unless specified otherwise ssh will use ~/.ssh/id_[rd]sa, but it will refuse to read it if permissions are too loose. (See man ssh section FILES for details.)

An easy way to check whether the permissions are fine is to add the key to the agent: ssh-add ~/.ssh/id_[rd]sa

This should either add the key to the agent (verify with ssh-add -L) or complain about wrong permissions. (In case no agent is running in the first place, you can start one with 'ssh-agent bash'.)

After adding the key to the agent, the agent will take care of authentication and also your git should be able to connect without problems. :)