GitHub

Comments and changes to this ticket

• 

  Antonio Salazar April 29th, 2008 @ 09:52 PM

  I've also run into this:

  shadowfiend@ubuntu:~/magic_fields$ git push origin master

  ERROR: Permission to Shadowfiend/awesome_fields denied to kemayo.

  fatal: The remote end hung up unexpectedly

  I've double and triple-checked my public key, and have logged into remote computers using it.

• 

  Antonio Salazar April 29th, 2008 @ 09:54 PM

  • → Title changed from “Mistaken identity on git clone” to “Mistaken identity on git access”

  (Since this actually affected me on a push.)

• 

  Mislav April 30th, 2008 @ 02:30 PM

  • → Title changed from “Mistaken identity on git access” to “Mistaken identity on SSH access”

  I've run into this with deploy keys.

  I have generated a passwordless RSA key for github.

  Host github.com
    IdentityFile ~/.ssh/github
  

  After pasting the public key to GitHub admin for my project, I have tried to clone for the first time:

  mislav@mislav:/var/rails/icelanders $ git clone git@github.com:mislav/icelanders.git
  Initialized empty Git repository in /var/rails/icelanders/icelanders/.git/
  The authenticity of host 'github.com (65.74.177.129)' can't be established.
  RSA key fingerprint is 16:27:ac:a5:76:28:2d:36:63:1b:56:4d:eb:df:a6:48.
  Are you sure you want to continue connecting (yes/no)? yes
  Warning: Permanently added 'github.com,65.74.177.129' (RSA) to the list of known hosts.
  ERROR: Permission to mislav/icelanders denied to thewhitenoise.
  fatal: The remote end hung up unexpectedly
  fetch-pack from 'git@github.com:mislav/icelanders.git' failed.
  

  Retrying, error seems the same:

  mislav@mislav:/var/rails/icelanders $ git clone --depth 1 git@github.com:mislav/icelanders.git
  Initialized empty Git repository in /var/rails/icelanders/icelanders/.git/
  ERROR: Permission to mislav/icelanders denied to thewhitenoise.
  fatal: The remote end hung up unexpectedly
  fetch-pack from 'git@github.com:mislav/icelanders.git' failed.
  

  I generated another passwordless key, again RSA:

  Host github.com
    IdentityFile ~/.ssh/github2
  

  Pasted it to GitHub as another key, and now I can clone (!). Makes no sense.

  I've attached ssh -vv output with the first key to this ticket. It still calls me "thewhitenoise". When using the second key, it calls me "mislav/icelanders" (as it probably should).

  • github-ssh-keys-oddity 6.2 KB
• 

  defunkt April 30th, 2008 @ 02:34 PM

  • → Assigned user changed from “defunkt” to “PJ Hyett”
• 

  Antonio Salazar April 30th, 2008 @ 03:39 PM

  To be clear, it looks like the key that is at fault here for me is also an RSA key. If I move it out of the way and let the DSA key take over, everything works.

• 

  Adam Meehan May 5th, 2008 @ 08:29 PM

  Also experiencing this problem. It calls me 'caolan', which is nothing recognisable to me.

  Will try the double key fix.

• 

  Tom Preston-Werner May 5th, 2008 @ 09:01 PM

  What OS/Version are you guys generating your keys on?

• 

  Adam Meehan May 5th, 2008 @ 09:12 PM

  I am on

  • Ubuntu 7.10
  • OpenSSL 0.9.8e
  • git 1.5.5.1

  probably more than you need.

• 

  Adam Meehan May 5th, 2008 @ 09:13 PM

  And just for completeness

  • OpenSSH_4.6p1
• 

  Antonio Salazar May 5th, 2008 @ 09:44 PM

  Hmmm... I generated mine a while ago, but I'm fair certain it was Ubuntu 7.10 as well. Sadly, I wouldn't know the versions of OpenSSL and OpenSSH I was running at the time, and there is no indication of it in the key itself.

• 

  Eric Mill May 6th, 2008 @ 06:17 AM

  Yeah, this was Ubuntu 7.10 for me too. I don't have access to software versions anymore, as I've since reformatted and upgraded to Ubuntu 8.04.

• 

  Adam Meehan May 6th, 2008 @ 04:08 PM

  Interesting. On a hunch I took the keyring manager out of the picture and got some different results.

  On first try it worked and I thought that it was just the keyring manager. But then I rembered I already added 2 extra keys as Mislav suggested. So I removed both extras and updated the IdentifyFile config option to my original key and it failed with the 'caolan' username again.

  So I added back another key which is a dsa key and switched the config to use and it worked. I then changed the config to use the original rsa key and it still worked.

  So it doesn't look like it relates to rsa or dsa keys, but the number of keys. Strange.

  I will play a bit more scientifically later.

• 

  Adam C May 9th, 2008 @ 02:17 PM

  In my opinion this is a very serious problem and, to be honest, needs someone's attention urgently.

  As far as I can see, we have just managed to checkout somebody's else private repository.

  The key for this account belongs to 'catphish' who is setup as a collaborator for the adamcooke/radar repo (which is private) however he can't authenticate himself but can authenticate as somebody else and clone their project.

  Please see the attached screenshot for further information.

  • github.jpg 92 KB
• 

  Chris Wanstrath May 9th, 2008 @ 02:41 PM

  • → Assigned user changed from “PJ Hyett” to “defunkt”

  I'm working on this now.

• 

  Adam C May 9th, 2008 @ 02:48 PM

  Excellent :)

• 

  defunkt May 9th, 2008 @ 05:19 PM

  • → State changed from “new” to “open”

  Tighter validations are now in place for new keys. We're going to have to delete the existing duplicated keys and email the affected users.

  Anyone watching this thread should create and enter a new key. Seems like ssh-keygen on some versions of Ubuntu is bugged. Thanks.

• 

  defunkt May 9th, 2008 @ 06:04 PM

  Affected users have been emailed. I'm going to remove the invalid keys in the next day or two.

• 

  Tom Preston-Werner May 20th, 2008 @ 11:01 PM

  In case you missed it, all of these collisions were caused by crippled PRNG code on Debian's OpenSSL package:

  http://github.com/blog/63-ssh-ke...

  Anyone affected by this needs to regenerate any keys generated on Debian based systems. Your current keys are COMPROMISED.

• 

  defunkt June 18th, 2008 @ 06:43 PM

  • → State changed from “open” to “resolved”
  • → Milestone cleared.