我们经常发布文档更新,此页面的翻译可能仍在进行中。有关最新信息,请访问英文文档。如果此页面上的翻译有问题,请告诉我们

此版本的 GitHub Enterprise 将停止服务 此版本的 GitHub Enterprise 已停止服务 2020-11-12. 即使针对重大安全问题,也不会发布补丁。 要获得更好的性能、改进的安全性和新功能,请升级到 GitHub Enterprise 的最新版本。 如需升级方面的帮助,请联系 GitHub Enterprise 支持

Error: Permission denied (publickey)

A "Permission denied" error means that the server rejected your connection. There could be several reasons why, and the most common examples are explained below.

本文内容

此文档对您有帮助吗?

帮助我们创建出色的文档!

所有 GitHub 文档都是开源的。看到错误或不清楚的内容了吗?提交拉取请求。

做出贡献

或, 了解如何参与。

Should the sudo command be used with Git?

You should not be using the sudo command with Git. If you have a very good reason you must use sudo, then ensure you are using it with every command (it's probably just better to use su to get a shell as root at that point). If you generate SSH keys without sudo and then try to use a command like sudo git push, you won't be using the same keys that you generated.

Check that you are connecting to the correct server

Typing is hard, we all know it. Pay attention to what you type; you won't be able to connect to "githib.com" or "guthub.com". In some cases, a corporate network may cause issues resolving the DNS record as well.

To make sure you are connecting to the right domain, you can enter the following command:

$ ssh -vT git@hostname
> OpenSSH_8.1p1, LibreSSL 2.7.3
> debug1: Reading configuration data /Users/you/.ssh/config
> debug1: Reading configuration data /etc/ssh/ssh_config
> debug1: /etc/ssh/ssh_config line 47: Applying options for *
> debug1: Connecting to hostname port 22.

The connection should be made on port 22.

Always use the "git" user

All connections, including those for remote URLs, must be made as the "git" user. If you try to connect with your GitHub Enterprise username, it will fail:

$ ssh -T GITHUB-USERNAME@hostname
> Permission denied (publickey).

If your connection failed and you're using a remote URL with your GitHub Enterprise username, you can change the remote URL to use the "git" user.

You should verify your connection by typing:

$ ssh -T git@hostname
> Hi username! You've successfully authenticated...

Make sure you have a key that is being used

  1. 打开 Terminal(终端)Terminal(终端)Git Bash

  2. Verify that you have a private key generated and loaded into SSH. If you're using OpenSSH 6.7 or older:

    # start the ssh-agent in the background
    $ eval "$(ssh-agent -s)"
    > Agent pid 59566
    $ ssh-add -l
    > 2048 a0:dd:42:3c:5a:9d:e4:2a:21:52:4e:78:07:6e:c8:4d /Users/you/.ssh/id_rsa (RSA)

    If you're using OpenSSH 6.8 or newer:

    # start the ssh-agent in the background
    $ eval "$(ssh-agent -s)"
    > Agent pid 59566
    $ ssh-add -l -E md5
    > 2048 MD5:a0:dd:42:3c:5a:9d:e4:2a:21:52:4e:78:07:6e:c8:4d /Users/you/.ssh/id_rsa (RSA)

如果已安装 GitHub Desktop,可使用它克隆仓库,而无需处理 SSH 密钥。

  1. 如果您在使用 Git Bash,请启动 ssh-agent:

    # start the ssh-agent in the background
    $ eval "$(ssh-agent -s)"
    > Agent pid 59566

    如果您在使用其他终端提示符,例如 Git for Windows,请启动 ssh-agent:

    # 在后台启动 ssh-agent
    $ eval $(ssh-agent -s)
    > Agent pid 59566
  2. Verify that you have a private key generated and loaded into SSH. If you're using OpenSSH 6.7 or older:

    $ ssh-add -l
    > 2048 a0:dd:42:3c:5a:9d:e4:2a:21:52:4e:78:07:6e:c8:4d /Users/you/.ssh/id_rsa (RSA)

    If you're using OpenSSH 6.8 or newer:

    $ ssh-add -l -E md5
    > 2048 MD5:a0:dd:42:3c:5a:9d:e4:2a:21:52:4e:78:07:6e:c8:4d /Users/you/.ssh/id_rsa (RSA)
  1. 打开 Terminal(终端)Terminal(终端)Git Bash

  2. Verify that you have a private key generated and loaded into SSH. If you're using OpenSSH 6.7 or older:

    # start the ssh-agent in the background
    $ eval "$(ssh-agent -s)"
    > Agent pid 59566
    $ ssh-add -l
    > 2048 a0:dd:42:3c:5a:9d:e4:2a:21:52:4e:78:07:6e:c8:4d /Users/you/.ssh/id_rsa (RSA)

    If you're using OpenSSH 6.8 or newer:

    # start the ssh-agent in the background
    $ eval "$(ssh-agent -s)"
    > Agent pid 59566
    $ ssh-add -l -E md5
    > 2048 MD5:a0:dd:42:3c:5a:9d:e4:2a:21:52:4e:78:07:6e:c8:4d /Users/you/.ssh/id_rsa (RSA)

The ssh-add command should print out a long string of numbers and letters. If it does not print anything, you will need to generate a new SSH key and associate it with GitHub Enterprise.

Tip: On most systems the default private keys (~/.ssh/id_rsa and ~/.ssh/identity) are automatically added to the SSH authentication agent. You shouldn't need to run ssh-add path/to/key unless you override the file name when you generate a key.

Getting more details

You can also check that the key is being used by trying to connect to git@[hostname]:

$ ssh -vT git@hostname
> ...
> debug1: identity file /Users/you/.ssh/id_rsa type -1
> debug1: identity file /Users/you/.ssh/id_rsa-cert type -1
> debug1: identity file /Users/you/.ssh/id_dsa type -1
> debug1: identity file /Users/you/.ssh/id_dsa-cert type -1
> ...
> debug1: Authentications that can continue: publickey
> debug1: Next authentication method: publickey
> debug1: Trying private key: /Users/you/.ssh/id_rsa
> debug1: Trying private key: /Users/you/.ssh/id_dsa
> debug1: No more authentication methods to try.
> Permission denied (publickey).

In that example, we did not have any keys for SSH to use. The "-1" at the end of the "identity file" lines means SSH couldn't find a file to use. Later on, the "Trying private key" lines also indicate that no file was found. If a file existed, those lines would be "1" and "Offering public key", respectively:

$ ssh -vT git@hostname
> ...
> debug1: identity file /Users/you/.ssh/id_rsa type 1
> ...
> debug1: Authentications that can continue: publickey
> debug1: Next authentication method: publickey
> debug1: Offering RSA public key: /Users/you/.ssh/id_rsa

Verify the public key is attached to your account

You must provide your public key to GitHub Enterprise to establish a secure connection.

  1. Open Terminal.

  2. Start SSH agent in the background.

    $ eval "$(ssh-agent -s)"
    > Agent pid 59566
  3. Find and take a note of your public key fingerprint. If you're using OpenSSH 6.7 or older:

    $ ssh-add -l
    > 2048 a0:dd:42:3c:5a:9d:e4:2a:21:52:4e:78:07:6e:c8:4d /Users/USERNAME/.ssh/id_rsa (RSA)

    If you're using OpenSSH 6.8 or newer:

    $ ssh-add -l -E md5
    > 2048 MD5:a0:dd:42:3c:5a:9d:e4:2a:21:52:4e:78:07:6e:c8:4d /Users/USERNAME/.ssh/id_rsa (RSA)
  1. 在任何页面的右上角,单击您的个人资料照片,然后单击 Settings(设置)
    用户栏中的 Settings 图标
  2. 在用户设置侧边栏中,单击 SSH and GPG keys(SSH 和 GPG 密钥)
    身份验证密钥
  3. Compare the list of SSH keys with the output from the ssh-add command.
    SSH key listing in GitHub Enterprise
  1. Open the command line.

  2. Start SSH agent in the background.

    $ ssh-agent -s
    > Agent pid 59566
  3. Find and take a note of your public key fingerprint. If you're using OpenSSH 6.7 or older:

    $ ssh-add -l
    > 2048 a0:dd:42:3c:5a:9d:e4:2a:21:52:4e:78:07:6e:c8:4d /Users/USERNAME/.ssh/id_rsa (RSA)

    If you're using OpenSSH 6.8 or newer:

    $ ssh-add -l -E md5
    > 2048 MD5:a0:dd:42:3c:5a:9d:e4:2a:21:52:4e:78:07:6e:c8:4d /Users/USERNAME/.ssh/id_rsa (RSA)
  1. 在任何页面的右上角,单击您的个人资料照片,然后单击 Settings(设置)
    用户栏中的 Settings 图标
  2. 在用户设置侧边栏中,单击 SSH and GPG keys(SSH 和 GPG 密钥)
    身份验证密钥
  3. Compare the list of SSH keys with the output from the ssh-add command.
    SSH key listing in GitHub Enterprise
  1. Open Terminal.

  2. Start SSH agent in the background.

    $ eval "$(ssh-agent -s)"
    > Agent pid 59566
  3. Find and take a note of your public key fingerprint. If you're using OpenSSH 6.7 or older:

    $ ssh-add -l
    > 2048 a0:dd:42:3c:5a:9d:e4:2a:21:52:4e:78:07:6e:c8:4d /Users/USERNAME/.ssh/id_rsa (RSA)

    If you're using OpenSSH 6.8 or newer:

    $ ssh-add -l -E md5
    > 2048 MD5:a0:dd:42:3c:5a:9d:e4:2a:21:52:4e:78:07:6e:c8:4d /Users/USERNAME/.ssh/id_rsa (RSA)
  4. 在任何页面的右上角,单击您的个人资料照片,然后单击 Settings(设置)

    用户栏中的 Settings 图标

  5. 在用户设置侧边栏中,单击 SSH and GPG keys(SSH 和 GPG 密钥)

    身份验证密钥

  6. Compare the list of SSH keys with the output from the ssh-add command.

    SSH key listing in GitHub Enterprise

If you don't see your public key in GitHub Enterprise, you'll need to add your SSH key to GitHub Enterprise to associate it with your computer.

Warning: If you see an SSH key you're not familiar with on GitHub Enterprise, delete it immediately and contact your GitHub Enterprise site administrator, for further help. An unidentified public key may indicate a possible security concern. For more information, see "Reviewing your SSH keys."

此文档对您有帮助吗?

帮助我们创建出色的文档!

所有 GitHub 文档都是开源的。看到错误或不清楚的内容了吗?提交拉取请求。

做出贡献

或, 了解如何参与。