Permission denied (publickey,password) adding a Git repository
When adding a Git repository to Fisheye using the SSH protocol, testing the connection throws the following error in the UI:
The following appears in the
2016-04-01 15:00:00,000 ERROR [qtp1864387098-21099 ection-1459537718527] fisheye RepositoryAdminRpcServiceImpl-testRepositoryConnection - Error testing connection. com.atlassian.fisheye.spi.admin.services.RepositoryConfigException: com.cenqua.fisheye.config.ConfigException: Error talking to repository: Permission denied (publickey,password). fatal: Could not read from remote repository. Please make sure you have the correct access rights and the repository exists. at com.atlassian.fisheye.spi.admin.impl.DefaultRepositoryAdminService.testConnectionFor(DefaultRepositoryAdminService.java:864) [fisheye.jar:?] at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method) [?:1.8.0_74] at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62) [?:1.8.0_74] at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43) [?:1.8.0_74] at java.lang.reflect.Method.invoke(Method.java:498) [?:1.8.0_74] at org.springframework.aop.support.AopUtils.invokeJoinpointUsingReflection(AopUtils.java:317) [spring-aop-4.0.9.RELEASE.jar:4.0.9.RELEASE] ... at org.eclipse.jetty.server.AsyncHttpConnection.handle(AsyncHttpConnection.java:82) [jetty-server-8.1.10.v20130312.jar:8.1.10.v20130312] at org.eclipse.jetty.io.nio.SelectChannelEndPoint.handle(SelectChannelEndPoint.java:628) [jetty-io-8.1.10.v20130312.jar:8.1.10.v20130312] at org.eclipse.jetty.io.nio.SelectChannelEndPoint$1.run(SelectChannelEndPoint.java:52) [jetty-io-8.1.10.v20130312.jar:8.1.10.v20130312] at org.eclipse.jetty.util.thread.QueuedThreadPool.runJob(QueuedThreadPool.java:608) [jetty-util-8.1.10.v20130312.jar:8.1.10.v20130312] at org.eclipse.jetty.util.thread.QueuedThreadPool$3.run(QueuedThreadPool.java:543) [jetty-util-8.1.10.v20130312.jar:8.1.10.v20130312] at java.lang.Thread.run(Thread.java:745) [?:1.8.0_74] Caused by: com.cenqua.fisheye.config.ConfigException: Error talking to repository: Permission denied (publickey,password). fatal: Could not read from remote repository. Please make sure you have the correct access rights and the repository exists. at com.atlassian.fisheye.git.GitScmConfig.testConnection(GitScmConfig.java:120) [fisheye.jar:?] at com.cenqua.fisheye.RepositoryConfig.testConnection(RepositoryConfig.java:428) [fisheye.jar:?] at com.atlassian.fisheye.spi.admin.impl.DefaultRepositoryAdminService.testConnectionFor(DefaultRepositoryAdminService.java:862) [fisheye.jar:?] ... 179 more
- When having a key pair generated by Fisheye, make sure the public key generated is added to the
~/.ssh/authorized_keysfile of the user running Fisheye.
From a command line, logged in as the user running Fisheye, test the SSH connection outside Fisheye:
ssh -Tv <username>@<hostname>
In the command above, replace username by the name of the user that accesses the Git repository, and hostname by the hostname of the server in which the Git repository resides.
You may get an output, among which you may see the following regarding the authentication being performed:
debug1: Authentications that can continue: publickey,password debug1: Next authentication method: publickey debug1: Trying private key: /home/user/.ssh/id_rsa debug1: Trying private key: /home/user/.ssh/id_dsa debug1: Next authentication method: password <username>@<hostname>'s password: debug1: Authentication succeeded (password).
If only the password authentication succeeded, this indicates that the authentication using the public key failed.
This topic suggested checking at the Git server's
/var/log/ file, which could give an idea of what's happening. For this occurrence, we found an entry similar as the following:
Sep 14 01:26:31 new-server sshd: Authentication refused: bad ownership or modes for directory /home/user/.ssh Sep 14 01:26:46 new-server sshd: Connection closed by 184.108.40.206
The entry above was showing up both for the
~/.ssh directory and for the
~/.ssh/authorized_keys file. As explained by this article, SSH doesn’t like it if your home or ~/.ssh directories have group write permissions. Your home directory should be writable only by you, ~/.ssh should be 700, and authorized_keys should be 600.
Adjust the permissions on the referenced directory and file, as follows:
chmod 700 /home/user/.ssh chmod 600 /home/user/.ssh/authorized_keys