Troubleshooting Git push and SSH common issues
Prerequisite
At this point, we consider you have correctly setup your environment as detailed here:
Git authentication error: Please make sure you have the correct access rights
When pushing to the platform, if you get the following error:
$ git push scalingo master
fatal: Could not read from remote repository.
Please make sure you have the correct access rights
and the repository exists.
It means you are not authenticated or you do not have the right to push on this app.
Solving the problem
Please redo the “Setup SSH” tutorial for your operating system. You have not configured your system correctly.
Git push error: error: src refspec master does not match any
$ git push scalingo master
error: src refspec master does not match any.
error: failed to push some refs to 'git@ssh.osc-fr1.scalingo.com:APP_NAME.git'
When we tell you to run git push scalingo master
, we consider you are already
using Git for your project. This error means that there is a Git environment but
no commit (Git name for ‘version’) has been done on the master
branch.
Solving the problem
You need to make a first commit on the master
or main
branch of your project:
git add .
git commit -m "initial commit"
git push scalingo master
# OR
git push scalingo main
If the branch named master
or main
does not exist, you need to create one:
git checkout -B master
# OR
git checkout -B main
If you are using another branch name than master
or main
branches, you can
use one of the following commands to push your branch:
git push scalingo mybranch:master
# OR
git push scalingo mybranch:main
Invalid SSH key error when adding it to account
The platform is expecting SSH keys to be in the OpenSSH format. This is the default
format when an SSH key pair is generated on Linux or macOS. However on Windows, if
PuTTY
generated your key, there are chances the format is wrong.
Solving the problem
There are two methods to solve this issue:
- Windows only - PuTTY Key generator tool
Using PuTTY Key generator tool also named PuTTYGen
, you can import
your SSH key and convert it to the OpenSSH format.
- All platforms - Using ssh-keygen tool
Using the following command, will automatically convert your key to the OpenSSH format:
ssh-keygen -l -f public_key_file
For example, if your key looks like:
---- BEGIN SSH2 PUBLIC KEY ----
Comment: "Name of the key"
AAAAB3NzaC1yc2EAAAABJQAAAgEAvHiFU0R8sWBT1dsKMW7HsEHta5adFei0J1AR
qtGbaALDJnKzK0Ihf9YxlIt1kHGtN6pXOiIj8DClb8YcLeVRIoe63BE0GXtFebdO
[...]
After converting to SSH format, it should look like:
ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAgEAvHiFU0R8sWBT1dsKMW7[...]
The latter will be accepted by the platform.
Invalid SSH key error: key is already taken
SSH key pairs are used as authentication credentials for an account. It let us
authenticate the user who is deploying an application using the git push
command. As it is required for account authentication, SSH keys are unique: the
same public key can’t be associated with multiple accounts.
Solving the problem
- You have multiple accounts (ie. professional/personal)
In this case, the simplest way is the account owning the key is either owner or collaborator with all the applications you want to deploy.
An alternative method is to create a second key for the second account, modify how Git is using ssh to connect to the remote server (Linux/macOS only):
Define a wrapper script, in $HOME/.ssh/scalingo-personal.sh
with the following content:
#!/usr/bin/bash
exec ssh -i $HOME/.ssh/path-to-alternative-key $@
Then, to push with this second key:
GIT_SSH=$HOME/.ssh/scalingo-personal.sh git push scalingo master
Then Git will correctly use authenticate using the second alternative key, authenticating the second account.
- It is your only account
Please reach the support which will investigate the reason why your key is considered already used.
git push error: Permission denied (public key)
A Permission denied (public key)
error means that the server rejected your connection.
There could be several reasons why, and the most common examples are explained below.
Check that you are connecting to the right server
Typing is hard, we all know it. Pay attention to what you type.
You won’t be able to connect to ssh.osc-fr1.scalungo.com
or ssh.scalingo.com
.
In some cases, a corporate network may cause issues resolving the DNS record as well.
You can also check that the key is being used by trying to connect to Scalingo SSH server.
Example with osc-fr1
region:
$ ssh -vT git@ssh.osc-fr1.scalingo.com
OpenSSH_8.2p1 Ubuntu-4ubuntu0.4, OpenSSL 1.1.1f 31 Mar 2020
debug1: Reading configuration data /home/USERNAME/.ssh/config
debug1: Reading configuration data /etc/ssh/ssh_config
debug1: Connecting to ssh.osc-fr1.scalingo.com [171.33.103.138] port 22.
debug1: Connection established.
Check that you are connecting with a key
You can also check that the key is being used by trying to connect to Scalingo servers.
In that example, we did not have any keys for SSH to use:
$ ssh -vT git@ssh.osc-fr1.scalingo.com
...
debug1: identity file /home/USERNAME/.ssh/id_rsa type -1
debug1: identity file /home/USERNAME/.ssh/id_rsa-cert type -1
...
debug1: Authentications that can continue: publickey
debug1: Next authentication method: publickey
debug1: Trying private key: /home/USERNAME/.ssh/id_rsa
debug1: No more authentication methods to try.
Permission denied (publickey).
The “-1” at the end of the identity file
lines means SSH couldn’t find a file to use.
Later on, the Trying private key
lines also indicate that no file was found.
If a file existed, those lines would be “1” and Offering public key
, respectively:
$ ssh -vT git@ssh.osc-fr1.scalingo.com
...
debug1: identity file /home/USERNAME/.ssh/id_rsa type 1
...
debug1: Authentications that can continue: publickey
debug1: Next authentication method: publickey
debug1: Offering RSA public key: /home/USERNAME/.ssh/id_rsa
Always use the git
user
All connections, including those for remote URLs, must be made as the git
user.
If you try to connect with your Scalingo username, it will fail:
$ ssh -T SCALINGO_USERNAME@ssh.osc-fr1.scalingo.com
SCALINGO_USERNAME@ssh.osc-fr1.scalingo.com: Permission denied (publickey).
Make sure you have a key that is being used
Verify that you have a private key generated and loaded into the SSH agent:
$ ssh-add -l -E sha256
2048 SHA256:274ffWxgaxq/tSINAykStUL7XWyRNcRTlcST1Ei7gBQ /home/USERNAME/.ssh/id_rsa (RSA)
The ssh-add
command should print out a long string of numbers and letters.
If it does not print anything, you will probably need to generate a new SSH key
and upload it on Scalingo.
Verify the public key is attached to your Scalingo account
You must provide your public key to Scalingo to establish a secure connection, authenticate you and check if you have access to the application.
Get the fingerprint of your SSH key.
- If you’re using OpenSSH 6.7 or older:
$ ssh-add -l
2048 a0:dd:42:3c:5a:9d:e4:2a:21:52:4e:78:07:6e:c8:4d /home/USERNAME/.ssh/id_rsa (RSA)
- If you’re using OpenSSH 6.8 or newer:
$ ssh-add -l -E md5
2048 MD5:a0:dd:42:3c:5a:9d:e4:2a:21:52:4e:78:07:6e:c8:4d /home/USERNAME/.ssh/id_rsa (RSA)
Go to the Dashboard > User settings > SSH Keys page and check if the fingerprint is the same as the output of the previous command.