🌐 Detecting your location…
📢 Advertisement — Configure AdSense in Appearance → Customize → AdSense Settings

How to Fix Permission Denied publickey SSH Error on GitHub

⏱️4 min read  ·  730 words

The error git@github.com: Permission denied (publickey). fatal: Could not read from remote repository means GitHub rejected your SSH authentication. It’s a common blocker when setting up Git. Here’s how to fix it completely.

What This Error Means

GitHub uses SSH keys to authenticate you for push/pull over SSH. “Permission denied (publickey)” means GitHub couldn’t verify your identity — usually because you have no SSH key, the key isn’t added to your GitHub account, or the SSH agent isn’t using it.

Step 1: Check for Existing SSH Keys

ls -la ~/.ssh
# Look for: id_ed25519.pub or id_rsa.pub

# If you see .pub files, you may already have a key — skip to Step 3

Step 2: Generate a New SSH Key

# Ed25519 is the modern recommended algorithm
ssh-keygen -t ed25519 -C "your_email@example.com"

# Press Enter to accept default location (~/.ssh/id_ed25519)
# Optionally set a passphrase for extra security

# For older systems without Ed25519 support:
ssh-keygen -t rsa -b 4096 -C "your_email@example.com"

Step 3: Add the Key to the SSH Agent

# Start the ssh-agent
eval "$(ssh-agent -s)"
# Agent pid 12345

# Add your key
ssh-add ~/.ssh/id_ed25519

# On macOS, store passphrase in keychain
ssh-add --apple-use-keychain ~/.ssh/id_ed25519

Step 4: Add the Public Key to GitHub

# Copy your PUBLIC key (.pub — never share the private key!)
cat ~/.ssh/id_ed25519.pub

# macOS: copy directly to clipboard
pbcopy < ~/.ssh/id_ed25519.pub

# Linux:
xclip -sel clip < ~/.ssh/id_ed25519.pub

Then in GitHub: Settings, then SSH and GPG keys, then New SSH key. Paste the public key and save.

Step 5: Test the Connection

ssh -T git@github.com

# Success looks like:
# Hi username! You've successfully authenticated,
# but GitHub does not provide shell access.

# The "does not provide shell access" message is NORMAL and means it worked!

Common Cause 1: Using HTTPS Remote Instead of SSH

# Check your remote URL
git remote -v
# origin  https://github.com/user/repo.git  ← HTTPS, not SSH!

# Switch to SSH
git remote set-url origin git@github.com:user/repo.git

# Verify
git remote -v
# origin  git@github.com:user/repo.git (fetch)

Common Cause 2: Key Not Loaded in Agent

# List keys currently in the agent
ssh-add -l
# "The agent has no identities" means no key is loaded

# Add your key
ssh-add ~/.ssh/id_ed25519

# Make it persistent — add to ~/.ssh/config:
Host github.com
  HostName github.com
  User git
  IdentityFile ~/.ssh/id_ed25519
  AddKeysToAgent yes
  UseKeychain yes   # macOS only

Common Cause 3: Wrong Key Permissions

# SSH refuses keys with loose permissions
chmod 700 ~/.ssh
chmod 600 ~/.ssh/id_ed25519       # private key
chmod 644 ~/.ssh/id_ed25519.pub   # public key
chmod 600 ~/.ssh/config

Debugging with Verbose Output

# See exactly what SSH is doing
ssh -vT git@github.com

# Look for lines like:
# "Offering public key: ~/.ssh/id_ed25519"  ← key is being tried
# "Authentications that can continue: publickey"  ← GitHub wants a key
# If your key isn't offered, it's not in the agent or config

Frequently Asked Questions

Q: Should I use Ed25519 or RSA?
A: Ed25519 — it's more secure and faster than RSA. Use RSA (4096-bit) only for older systems that don't support Ed25519.

Q: What's the difference between the .pub file and the other one?
A: id_ed25519.pub is your PUBLIC key — safe to share, add it to GitHub. id_ed25519 (no extension) is your PRIVATE key — never share it, never commit it.

Q: It worked before but suddenly fails. Why?
A: The ssh-agent often loses keys after a reboot. Add AddKeysToAgent yes to ~/.ssh/config, or re-run ssh-add. On macOS, UseKeychain yes makes it persistent.

Q: Can I use the same key on multiple machines?
A: You can, but best practice is a separate key per device. That way, if one machine is compromised, you revoke only that key from GitHub without affecting others.

Q: HTTPS or SSH for GitHub?
A: SSH avoids entering credentials repeatedly and is convenient once set up. HTTPS with a personal access token is simpler for one-off use or restricted networks that block SSH.

Conclusion

"Permission denied (publickey)" means GitHub couldn't authenticate your SSH key. The fix sequence: generate a key with ssh-keygen -t ed25519, add it to the agent with ssh-add, add the .pub key to GitHub, and test with ssh -T git@github.com. If it still fails, check that your remote uses SSH (not HTTPS) and that key permissions are correct. The verbose flag ssh -vT reveals exactly where authentication breaks down.

✍️ Leave a Comment

Your email address will not be published. Required fields are marked *

🌐 Read in:🇬🇧 English🇩🇪 Deutsch🇧🇷 Português🇸🇦 العربية🇮🇳 हिन्दी🇧🇩 বাংলা