Gitlab.com does not work with SSH key

Versions

Please select whether options apply, and add the version information.

• Self-managed
• GitLab.com SaaS

Problem to solve

Hello,
currently Gitlab.com is not working for me with SSH keys and I wanted to ask if there is a known bug or if I am doing something wrong.

I am using a Debian Trixie with openssh-client version:

Package: openssh-client
Version: 1:9.6p1-4
Priority: standard
Section: net
Source: openssh
Maintainer: Debian OpenSSH Maintainers <debian-ssh@lists.debian.org>
Installed-Size: 5078 kB
Provides: ssh-client

and Git in version:

Package: git
Version: 1:2.43.0-1
Priority: optional
Section: vcs
Maintainer: Jonathan Nieder <jrnieder@gmail.com>

My Key is a ED25519 key

I have a ssh config where I have an entry for Gitlab.com that points to my private key.
And the private key is also loaded in my ssh agent.
The public key is also correctly stored in my Gitlab.com account.

If I now do an ssh git@gitlab.com I get the familiar response:

ssh git@gitlab.com
PTY allocation request failed on channel 0
Welcome to GitLab, @UserXY!
Connection to gitlab.com closed.

So that works, but if I now try a normal git clone, git pull or a git push I get the following response (after a long wait):

git pull
git@gitlab.com: Permission denied (publickey).
fatal: Could not read from remote repository.

Please make sure you have the correct access rights
and the repository exists.

A git clone, push or pull via HTTPS and API token, on the other hand, works without any problems.

I also use the key for my Rasp. PIs and VMs and there I can also access the machines normally with the key, so the key itself also works.

I have also created a Github account as a test and also stored my public key there and created a test repo, everything works here too.
So there only seem to be problems with Gitlab.com and here only with SSH keys.

Can anyone here help me or tell me what I’m doing wrong?
If you need any more information, please ask!

Hi there,

There are several things you can check:

1. Which URL for cloning did you use? It is important to use the Clone with SSH link, otherwise you are using https protocol instead of ssh. If you’re not sure anymore, you can execute the following in your local project:

   git remote -v
   

   If it starts with git@… it’s good. If it starts with https://… it’s not good. You have to change your origin URL, and you can do that with:

   git remote set-url origin <copy-the-correct-clone-ssh-url-here>
   

2. Where are your SSH keys on your computer located? If you’re on Linux, make sure they are under ~/.ssh and have correct permissions. If you have many keys, then you will have to set it up correctly - see docs - similar, but you don’t need to specify username, as you’re using one account (I assume).
3. Make sure you have at least Developer permissions on the project you are trying to clone
4. Depending on where you are, it could be that either your region or company are blocking specific ports/protocols. In this case it’s good to turn to your company’s security team to resolve potential issues.

Hope this helps!

Hey there

First of all, thanks for the ideas and suggestions

1.) I use the corresponding URLs, with SSH git@…
and with HTTPS the https://url.
For the tests, I always modified the git remote accordingly.

2.) I use Linux, more precisely Debian.
My key is also under ~/.ssh and has the appropriate rights (0600).
It is also loaded correctly into my SSH agent and works with Github and my VMs

3.) The repo is my own private repo, so I am the owner and as I said, I can work normally via https, which means that the rights should fit.

4.) I am on my private computer and use my own network with a Fritzbox.
There are no dedicated rules here that could explain this, plus it works with VMs and Github, so I would think that my network is not limiting anything here.