Troubleshooting Git push and SSH common issues
At this point we consider you have correctly setup your environment as detailed here:
Git authentication error:
Please make sure you have the correct access rights
When pushing to the platform, if you get the following error:
$ git push scalingo master fatal: Could not read from remote repository. Please make sure you have the correct access rights and the repository exists.
It means you are not authenticated or you do not have the right to push on this app.
Solving the problem
Please redo the “Setup SSH” tutorial for your operating system. You have not configured your system correctly.
Git push error:
error: src refspec master does not match any
$ git push scalingo master error: src refspec master does not match any. error: failed to push some refs to 'email@example.com:APP_NAME.git'
When we tell you to run
git push scalingo master, we consider you are already
using Git for your project. This error means that there is a Git environment but
no commit (Git name for ‘version’) has been done on the
Solving the problem
You need to make a first commit on the
master branch of your project:
$ git add . $ git commit -m "initial commit" $ git push scalingo master
If the branch named
master does not exist (default branch may be named
main) you need to create one:
$ git checkout -B master
If you use the
main branch on your repository you can push to
master branch on Scalingo with:
git push scalingo main:master
Invalid SSH key error when adding it to account
The platform is expecting SSH keys to be in the OpenSSH format. This is the default
format when a SSH key pair is generated on Linux or MacOS. However on Windows, if
PuTTY generated your key, there are chances the format is wrong.
Solving the problem
There are two methods to solve this issue:
- Windows only - PuTTY Key generator tool
Using PuTTY Key generator tool also named
PuTTYGen, you can import
your SSH key and convert it to the OpenSSH format.
- All platforms - Using ssh-keygen tool
Using the following command, will automatically convert your key to the OpenSSH format:
ssh-keygen -l -f public_key_file
For example, if your key looks like:
---- BEGIN SSH2 PUBLIC KEY ---- Comment: "Name of the key" AAAAB3NzaC1yc2EAAAABJQAAAgEAvHiFU0R8sWBT1dsKMW7HsEHta5adFei0J1AR qtGbaALDJnKzK0Ihf9YxlIt1kHGtN6pXOiIj8DClb8YcLeVRIoe63BE0GXtFebdO [...]
After converting to SSH format, it should look like:
The latter will be accepted by the platform.
Invalid SSH key error: key is already taken
SSH key pairs are used as authentication credentials for an account. It let us
authenticate the user who is deploying an application using the
command. As it is required for account authentication, SSH keys are unique: the
same public key can’t be associated with multiple accounts.
Solving the problem
- You have multiple accounts (ie. professional/personal)
In this case, the simplest way is the account owning the key is either owner or collaborator with all the applications you want to deploy.
An alternative method is to create a second key for the second account, modify how Git is using ssh to connect to the remote server (Linux/MacOS only):
Define a wrapper script, in
$HOME/.ssh/scalingo-personal.sh with the following content:
#!/usr/bin/bash exec ssh -i $HOME/.ssh/path-to-alternative-key $@
Then, to push with this second key:
GIT_SSH=$HOME/.ssh/scalingo-personal.sh git push scalingo master
Then Git will correctly used authenticate using the second alternative key authenticating the second account.
- It is your only account
Please reach the support which will investigate the reason why your key is considered already used.
git push error:
Permission denied (public key)
Permission denied (public key) error means that the server rejected your connection.
There could be several reasons why, and the most common examples are explained below.
Check that you are connecting to the right server
Typing is hard, we all know it. Pay attention to what you type.
You won’t be able to connect to
In some cases, a corporate network may cause issues resolving the DNS record as well.
You can also check that the key is being used by trying to connect to Scalingo SSH server.
$ ssh -vT firstname.lastname@example.org OpenSSH_8.2p1 Ubuntu-4ubuntu0.4, OpenSSL 1.1.1f 31 Mar 2020 debug1: Reading configuration data /home/USERNAME/.ssh/config debug1: Reading configuration data /etc/ssh/ssh_config debug1: Connecting to ssh.osc-fr1.scalingo.com [188.8.131.52] port 22. debug1: Connection established.
Check that you are connecting with a key
You can also check that the key is being used by trying to connect to Scalingo servers.
In that example, we did not have any keys for SSH to use:
$ ssh -vT email@example.com ... debug1: identity file /home/USERNAME/.ssh/id_rsa type -1 debug1: identity file /home/USERNAME/.ssh/id_rsa-cert type -1 ... debug1: Authentications that can continue: publickey debug1: Next authentication method: publickey debug1: Trying private key: /home/USERNAME/.ssh/id_rsa debug1: No more authentication methods to try. Permission denied (publickey).
The “-1” at the end of the
identity file lines means SSH couldn’t find a file to use.
Later on, the
Trying private key lines also indicate that no file was found.
If a file existed, those lines would be “1” and
Offering public key, respectively:
$ ssh -vT firstname.lastname@example.org ... debug1: identity file /home/USERNAME/.ssh/id_rsa type 1 ... debug1: Authentications that can continue: publickey debug1: Next authentication method: publickey debug1: Offering RSA public key: /home/USERNAME/.ssh/id_rsa
Always use the
All connections, including those for remote URLs, must be made as the
If you try to connect with your Scalingo username, it will fail:
$ ssh -T SCALINGO_USERNAME@ssh.osc-fr1.scalingo.com SCALINGO_USERNAME@ssh.osc-fr1.scalingo.com: Permission denied (publickey).
Make sure you have a key that is being used
Verify that you have a private key generated and loaded into the SSH agent:
$ ssh-add -l -E sha256 2048 SHA256:274ffWxgaxq/tSINAykStUL7XWyRNcRTlcST1Ei7gBQ /home/USERNAME/.ssh/id_rsa (RSA)
ssh-add command should print out a long string of numbers and letters.
If it does not print anything, you will probably need to generate a new SSH key
and upload it on Scalingo.
Verify the public key is attached to your Scalingo account
You must provide your public key to Scalingo to establish a secure connection, authenticate you and check if you have access to the application.
Get the fingerprint of your SSH key.
- If you’re using OpenSSH 6.7 or older:
$ ssh-add -l 2048 a0:dd:42:3c:5a:9d:e4:2a:21:52:4e:78:07:6e:c8:4d /home/USERNAME/.ssh/id_rsa (RSA)
- If you’re using OpenSSH 6.8 or newer:
$ ssh-add -l -E md5 2048 MD5:a0:dd:42:3c:5a:9d:e4:2a:21:52:4e:78:07:6e:c8:4d /home/USERNAME/.ssh/id_rsa (RSA)
Go to the Dashboard > User settings > SSH Keys page and check if the fingerprint is the same as the output of the previous command.
RSA SHA-1 algorithm deprecated on recent version of OpenSSH
If you see this error:
no mutual signature algorithm from the debug
log of a
git push you’re using OpenSSH 8.2 or newer.
RSA SHA-1 hash algorithm is being quickly deprecated from SSH clients
like OpenSSH because of various security vulnerabilities, with many of these
technologies now outright denying the use of this algorithm.
In order to re-enable
ssh-rsa support, you need to add the following lines
into the SSH configuration file
Host ssh.osc-fr1.scalingo.com PubkeyAcceptedKeyTypes +ssh-rsa
To fully resolve this issue, Scalingo recommends you to generate a new SSH key
using a supported and more secure algorithm such as
Create a new SSH key pair documentation pages here: