9

So I have a project (private repo) that has multiple submodules (also private). I have a server hosted on Amazon EC2 that will house the project, and I want to use our private Github repo.

I generated an ssh key for the main project and added it to the projects deploy keys. I also generated additional ssh keys for each submodule and added it to their deploy keys.

When I try and clone the project (using git@github), it doesn't work:

Permission denied (publickey). fatal: The remote end hung up unexpectedly

I have double checked each repo and their deploy keys and everything seems correct. Is there some other small step I am missing?

Improve this question
2
  • Is the port 22 opened? What does ssh -vT [email protected] say? - help.github.com/ssh-issues Commented May 15, 2012 at 20:45
  • OpenSSH_5.3p1, OpenSSL 1.0.0i-fips 19 Apr 2012 debug1: Reading configuration data /etc/ssh/ssh_config debug1: Applying options for * debug1: Connecting to github.com [207.97.227.239] port 22. debug1: Connection established. Commented May 15, 2012 at 21:51

1 Answer 1

Reset to default
9

Short answer: there is no easy way to use deploy keys with private submodules. In my experience you have two options:

  1. Keep using submodules but stop using deploy keys and instead use a single account-level SSH key that grants access to all your private repositories (easier, less secure)
  2. Stop using submodules, keep using deploy keys, and manually git clone each repository passing in the SSH private key that matches the deploy key (trickier, more secure)

The reason for this is git clone triggers an SSH connection that can only use a single SSH private key at a time (e.g. ~/.ssh/id_rsa). The SSH private key being used must match the repository's deploy key -- and deploy keys must be unique per project. In the case of a submodule clone, you're only using a single private key. That key may match your top-level project, but will surely fail on the child projects with the error you provided.

Hope this is helpful..

Improve this answer
Sign up to request clarification or add additional context in comments.

5 Comments

As of 2 years later there is still no better solution?
OK, found it: github.com/blog/…
@aledalgrande not really a solution, though. It forces me to use tokens instead of ssh keys.
@aledalgrande 2020 and this is still an issue actually
Still in 2023...

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.