Dear Lazyweb: Why don’t public ssh repository sites like me?

So, a couple months back, I tried to setup a git repository on No dice; it didn’t seem to like my ssh key and I was never able to push. Never got a response to my email either.

I figured I’d try again with So I go over there and create an account, upload my public ssh key, create a project, try to push…and am prompted for a password (yes I remembered to run ssh-add first). While I’m no ssh expert, I have used ssh keys before to connect between systems without having to enter a password for each connection, so I’m a bit perplexed at what’s wrong.

Since allows me to remove or add additional keys myself (unlike, I tried playing around with adding others (and selectively adding or removing keys from my ssh keyagent with ssh-add). Here’s what I’m doing:

$ ssh-keygen -t dsa -f gitorious -C ""
$ cp gitorious* ~/.ssh
$ ssh-add ~/.ssh/gitorious
<Enter appropriate password>
<Copy & paste contents of ~/.ssh/ into the add ssh key thing at the site>
<Periodically reload until my new public ssh key is shown>
$ git push's password:
<Hit Ctrl-C>
$ ssh -v echo hi
<I snipped a lot of output here>
debug1: SSH2_MSG_SERVICE_ACCEPT received
debug1: Authentications that can continue: publickey,password
debug1: Next authentication method: publickey
debug1: Offering public key: /home/newren/.ssh/gitorious
debug1: Authentications that can continue: publickey,password
debug1: Trying private key: /home/newren/.ssh/id_rsa
debug1: Trying private key: /home/newren/.ssh/id_dsa
debug1: Next authentication method: password's password:
<Hit Ctrl-C>

I know lots of other people are using these sites without problems. Which step or steps am I doing wrong?

UPDATE: Many thanks for the different suggestions. Adam G spotted the problem; my push command should have been
$ git push
instead of
$ git push
I suspect my problem with was the same thing.

12 thoughts on “Dear Lazyweb: Why don’t public ssh repository sites like me?”

  1. Maybe their sshd does not accept DSA keys anymore (since the Debian openssl debacle), while their frontend still happily accepts them.

    It is recommended to use RSA keys these days anyways (although a lot of default code/command snippets still use id_dsa etc. as examples)

  2. Since your gitorious key pair is apparently not your normal key pair, you need to add the private key to an IdentityFile line in ~/.ssh/config, otherwise ssh won’t know to look at it. See ‘man ssh_config’ for details.

  3. Some sites (notably Debian and don’t accept DSA keys, because of the Debian OpenSSL PRNG vulnerability (an RSA key is vulnerable if it was *generated* on a vulnerable system, which can be detected; a DSA key is vulnerable if it was ever *used* on a vulnerable system, which can’t).

  4. You’ve probably checked, but perhaps those keys are DSA keys — many servers silently reject DSA keys these days, as they are less secure than RSA, compounded with the Debian OpenSSH debacle.

  5. First, I had no problems with, and author and maintainer (Petr Baudis) is usually responsive. I can push to without problems; alternatively you can set repository on to mirror your repository instead, by polling periodically (but I haven’t used this setup personally).

    I used ssh-keygen to generate key, copied to ~/.ssh, pasted public key on (the *.pub file; I don’t know, perhaps now it can be simply uploaded). Then I use ssh-add to add a key (using absolute pathname), enter passphrase, check that key is in the ring using “ssh-add -l”… and “gut push repo” works. BTW. I have keychain installed and in .profile, and it starts ssh-agent for me…

  6. Thanks everyone for the suggestions. My dsa key was generated on rhel4 (yeah, yeah, I don’t like it either–corporate redtape prevents an upgrade to something recent), so not affected by the debian/ubuntu openssh debacle.

    Jakub: Yeah, I suspect I just emailed Petr when he was gone on vacation. Probably just bad timing on my part. I should have sent another email, but anyway, Adam G has solved the issue for me.

Comments are closed.