Error: Permission denied (publickey)
A "Permission denied" error means that the server rejected your connection. There could be several reasons why, and the most common examples are explained below.
Platform navigation
In this article
Should thesudo command or elevated privileges be used with Git?
You should not be using thesudo command or elevated privileges, such as administrator permissions, with Git.
If you have avery good reason you must usesudo, then ensure you are using it with every command. If yougenerate SSH keys withoutsudo and then try to use a command likesudo git push, you won't be using the same keys that you generated.
Check that you are connecting to the correct server
To make sure you are connecting to the right domain, you can enter the following command:
ssh -vT git@github.com
ssh -vT git@github.comYou should see this output:
>OpenSSH_8.1p1, LibreSSL 2.7.3>debug1: Reading configuration data /Users/YOU/.ssh/config>debug1: Reading configuration data /etc/ssh/ssh_config>debug1: /etc/ssh/ssh_config line 47: Applying optionsfor *>debug1: Connecting to github.com port 22.The connection should be made on port 22, unless you're overriding settings to useSSH over HTTPS.
Always use the "git" user
All connections, including those for remote URLs, must be made as the "git" user. If you try to connect with your GitHub username, it will fail:
$ssh -T GITHUB-USERNAME@github.com>Permission denied (publickey).If your connection failed and you're using a remote URL with your GitHub username, you canchange the remote URL to use the "git" user.
You should verify your connection by typing:
ssh -T git@github.com
ssh -T git@github.comYou should see this output:
>Hi USERNAME! You've successfully authenticated...Make sure you have a key that is being used
OpenTerminalTerminalGit Bash.
Verify that you have a private key generated and loaded into SSH.
#start the ssh-agentin the background$eval"$(ssh-agent -s)">Agent pid 59566$ssh-add -l -E sha256>2048 SHA256:274ffWxgaxq/tSINAykStUL7XWyRNcRTlcST1Ei7gBQ /Users/USERNAME/.ssh/id_rsa (RSA)
If you haveGitHub Desktop installed, you can use it to clone repositories and not deal with SSH keys.
If you are using Git Bash, turn on ssh-agent:
#start the ssh-agentin the background$eval"$(ssh-agent -s)">Agent pid 59566If you are using another terminal prompt, such asGit for Windows, turn on ssh-agent:
#start the ssh-agentin the background$eval $(ssh-agent -s)>Agent pid 59566Note
The eval commands above start ssh-agent manually in your environment. These commands may fail if ssh-agent already runs as a background system service. If that happens, we recommend you check the relevant documentation for your environment.
Verify that you have a private key generated and loaded into SSH.
$ssh-add -l -E sha256>2048 SHA256:274ffWxgaxq/tSINAykStUL7XWyRNcRTlcST1Ei7gBQ /Users/USERNAME/.ssh/id_rsa (RSA)
OpenTerminalTerminalGit Bash.
Verify that you have a private key generated and loaded into SSH.
$ssh-add -l -E sha256>2048 SHA256:274ffWxgaxq/tSINAykStUL7XWyRNcRTlcST1Ei7gBQ /Users/USERNAME/.ssh/id_rsa (RSA)
Thessh-add commandshould print out a long string of numbers and letters. If it does not print anything, you will need togenerate a new SSH key and associate it with GitHub.
Tip
On most systems the default private keys (~/.ssh/id_rsa and~/.ssh/identity) are automatically added to the SSH authentication agent. You shouldn't need to runssh-add path/to/key unless you override the file name when you generate a key.
Getting more details
You can also check that the key is being used by trying to connect togit@github.com:
ssh -vT git@github.com
ssh -vT git@github.comYou'll see output like this:
>...>debug1: identity file /Users/YOU/.ssh/id_rsatype -1>debug1: identity file /Users/YOU/.ssh/id_rsa-certtype -1>debug1: identity file /Users/YOU/.ssh/id_dsatype -1>debug1: identity file /Users/YOU/.ssh/id_dsa-certtype -1>...>debug1: Authentications that cancontinue: publickey>debug1: Next authentication method: publickey>debug1: Trying private key: /Users/YOU/.ssh/id_rsa>debug1: Trying private key: /Users/YOU/.ssh/id_dsa>debug1: No more authentication methods to try.>Permission denied (publickey).In this example, SSH did not find any keys.
- "-1" at the end of the "identity file" lines means SSH couldn't find a file to use.
- "Trying private key" lines indicate that no file was found.
If a file existed, those lines would be "1" and "Offering public key", as in this output:
>...>debug1: identity file /Users/YOU/.ssh/id_rsatype 1>...>debug1: Authentications that cancontinue: publickey>debug1: Next authentication method: publickey>debug1: Offering RSA public key: /Users/YOU/.ssh/id_rsaVerify the public key is attached to your account
You must provide your public key to GitHub to establish a secure connection.
Open Terminal.
Start SSH agent in the background.
$eval"$(ssh-agent -s)">Agent pid 59566Find and take a note of your public key fingerprint.
$ssh-add -l -E sha256>2048 SHA256:274ffWxgaxq/tSINAykStUL7XWyRNcRTlcST1Ei7gBQ /Users/USERNAME/.ssh/id_rsa (RSA)In the upper-right corner of any page on GitHub, click your profile picture, then click Settings.
In the "Access" section of the sidebar, click SSH and GPG keys.
Compare the list of SSH keys with the output from the
ssh-addcommand.
Open the command line.
Start SSH agent in the background.
$ssh-agent -s>Agent pid 59566Find and take a note of your public key fingerprint.
$ssh-add -l -E sha256>2048 SHA256:274ffWxgaxq/tSINAykStUL7XWyRNcRTlcST1Ei7gBQ /Users/USERNAME/.ssh/id_rsa (RSA)In the upper-right corner of any page on GitHub, click your profile picture, then click Settings.
In the "Access" section of the sidebar, click SSH and GPG keys.
Compare the list of SSH keys with the output from the
ssh-addcommand.
Open Terminal.
Start SSH agent in the background.
$eval"$(ssh-agent -s)">Agent pid 59566Find and take a note of your public key fingerprint. If you're using OpenSSH 6.7 or older:
$ssh-add -l>2048 a0:dd:42:3c:5a:9d:e4:2a:21:52:4e:78:07:6e:c8:4d /Users/USERNAME/.ssh/id_rsa (RSA)If you're using OpenSSH 6.8 or newer:
$ssh-add -l -E md5>2048 MD5:a0:dd:42:3c:5a:9d:e4:2a:21:52:4e:78:07:6e:c8:4d /Users/USERNAME/.ssh/id_rsa (RSA)In the upper-right corner of any page on GitHub, click your profile picture, then click Settings.
In the "Access" section of the sidebar, click SSH and GPG keys.
Compare the list of SSH keys with the output from the
ssh-addcommand.
If you don't see your public key in GitHub, you'll need toadd your SSH key to GitHub to associate it with your computer.
Warning
If you see an SSH key you're not familiar with on GitHub, delete it immediately and contact us through theGitHub Support portal for further help. An unidentified public key may indicate a possible security concern. For more information, seeReviewing your SSH keys.