Cannot push to Heroku because key fingerprint

git heroku ssh git-push

45,220

Solution 1

I had the same problem, I followed this post and others of the same kind without success :-((

Finally, I found the solution: I had to add my new rsa identity in my machine!

So, first of all I created a new rsa key:

ssh-keygen -t rsa -C "giordano.scalzo[at]gmail.com" -f  ~/.ssh/id_rsa_heroku

then added it to my machine

ssh-add ~/.ssh/id_rsa_heroku

and, finally, to Heroku

heroku keys:add ~/.ssh/id_rsa_heroku.pub

After that,

git push heroku master

worked like a charm!

Hope this helps.

Solution 2

I, too have multiple keys and multiple heroku accounts, so I come across this problem every few months. As mentioned Giordano Scalzo, Tom Carchrae, and user664833, the main problem is ssh-agent, which you control using the ssh-add command. The man page (man ssh-add) is actually pretty clear and concise, so check it out.

You can list all the keys that ssh-agent knows about with:

ssh-add -l

You can delete all the keys that ssh-agent knows about with:

ssh-add -D

Or delete a specific key with

ssh-add -d ~/.ssh/id_rsa_example_key_file_use_your_own

Don't worry! You aren't actually deleting the keys, only changing which ones ssh-agent automatically tries to use, for example, when you try to push to heroku. It's easy to add and delete keys as needed, so for me, when I get frustrated by this problem, the easiest way to fix it is to delete all the keys and add back in only the one I want to use at the moment.

ssh-add -D
ssh-add ~/.ssh/id_rsa_example_use_this_one_i_mean_it

Solution 3

Your computer has an SSH key, but that SSH key is associated with another Heroku account.

If you need to use both accounts for different applications on the same computer you should make a new SSH key on your machine and upload it to Heroku:

$ ssh-keygen

Make sure to save it as '/Users/User/.ssh/new_id_rsa.pub' when the prompt asks you.

$ heroku keys:add /Users/User/.ssh/new_id_rsa.pub

You then need to add an alternate host for heroku.com to your ~/.ssh/config:

Host heroku-alt
HostName heroku.com
IdentityFile ~/.ssh/new_id_rsa

And then update the .git/config in your project to use the host alias:

[remote "heroku"]
  url = git@heroku-alt:myapp.git
  fetch = +refs/heads/*:refs/remotes/heroku/*

By choosing between heroku and heroku-alt in the remote of the .git/config files of specific projects you can manage which projects use which credentials.

Solution 4

Here's a very clear explanation that is lacking from ther Heroku documentation or other answers to the question. At least all the info doesn't seem to appear in any one place. It also let's you understand the problem in a way that the accounts tool doesn't.

Heroku identifies you in 2 ways:

The first is in .git/config

[heroku]
    account = acccount_name

This seems to let you perform basic operations using heroku

The second way heroku identifies you is by any operation that uses ssh (git push). Heroku will identify you by your ssh key, as stated here: https://devcenter.heroku.com/articles/keys

This keypair is used for the strong cryptography and that uniquely identifies you as a developer when pushing code changes.

So each heroku account that you work on will have to send a different key to heroku when using ssh. Follow any tutorial to create your ssh keys.

The key is getting SSH to use different keys for each Heroku account. How do you do configure this? You'll need to do 2 things:

1) You'll need to make a 'dummy' domain that your .ssh/config will intercept and reconfigure. This will tell ssh the 'actual' domain you want, and which special ssh key to use.

Host heroku.my_unique_key
  HostName heroku.com
  IdentityFile ~/.ssh/identity.heroku.my_unique_key
  IdentitiesOnly yes

2) Change your .git/config to use that when using git push. Instead of heroku.com, use the dummy domain you set in your .ssh/config

[remote "heroku"]
    url = [email protected]


[remote "heroku"]
    url = [email protected]_unique_key:myapp.git

That's it :) A bit complicated and a bit simple at the same time. It has taken me 3 years of banging my head against the wall and trial and error to discover this info. It should be clearly documented somewhere, but at least it's a start.

Solution 5

youn will need to create new keys and add those

specify a new file name after running

ssh-keygen

then (in my case)

heroku keys:add /home/alex/.ssh/alex_heroku_rsa.pub

View more solutions

45,220

Author by

mre

Updated on July 16, 2022

Comments

mre almost 2 years

I am new to Rails, and I was trying to deploy a very simple app to Heroku. This is the second app that I deploy, and the first one I was able to do it just fine. However I am having some issues with this one. Whenever I "git push heroku master", I get this error:

! Your key with fingerprint xx:xx:xx:xx:xx:xx:xx:xx:xx:xx:xx:xx:xx:xx:xx:xx is not authorized to >access my_heroku_app.

fatal: The remote end hung up unexpectedly

I have tried to manage my keys after logging in heroku. If I type in my console "heroku keys", then I get:

No keys for myemailaddress.

However, If I run the comand "heroku keys:add" I get

Found existing public key: /Users/michele/.ssh/id_rsa.pub Uploading ssh public key /Users/michele/.ssh/id_rsa.pub ! Fingerprint already exists. Please use one ssh key per Heroku account

Please help me! This is soo frustating, I have no idea what's wrong! Thank you
mre over 12 years

I have seen that link, tried to remove and add my keys again, however I still can't get it to work.
Benjamin over 12 years

Have you sorted this problem out?
Tom Carchrae about 12 years

This was really close for me. But there was one more thing. I had two heroku accounts. The first one had added my default SSH key for my machine. No matter what I did trying to fix my second account, it would not take until I removed my default key from the first account. SSH-AGENT will send the first key by default, causing this problem. The fix is to create specific keys for heroku (not the default) for each account
Ross Allen about 12 years

I had the same problem as @TomCarchrae. I logged out of the account that seemed permanently busted with heroku logout, logged in to the other account, and deleted the default RSA key from that account. After that I was able to push with this newly-generated key.
user664833 about 12 years

For me personally, I did the equivalent of ssh-add ~/.ssh/id_rsa_heroku though mine was ssh-add ~/.ssh/identity.heroku.foo because I'm also using https://github.com/ddollar/heroku-accounts (a multiple accounts manager for Heroku).
noli about 12 years

user664833 was the most concise approach for me
Tom Carchrae about 12 years

one other thing to keep in mind - if you have too many SSH keys, it won't be able to log in because it tries the keys in order (and then you get kicked out of the login too many failures). this seems to be a flaw with the ssh-agent (in ubuntu anyway, but i presume other implementations too). so, if you're pulling your hair out, try moving your ~/.ssh directory and starting a new one (you can then pull in keys one by one).
jwarzech almost 12 years

I also had to (on OSX Lion) run ssh-add -d stackoverflow.com/questions/8917956/…
dnewcome almost 12 years

You can influence which key is sent by adding a host entry in ~/.ssh/config for heroku.com pointing to the key you want. This was a quick fix for me since it kept trying to use my default key and failing. This probably won't help in the case of multiple accounts though.
wax eagle over 11 years

Can you summarize the instructions at this link? We try to avoid link only answers here.
Andrea over 11 years

Tom Carchrae's comment is great but does not quite make it work for me: see here for details please :) stackoverflow.com/q/12004401/142409
Macario over 11 years

This only explains how to generate keys not how to manage multiple ones.
house9 over 11 years

this worked well for me, however trying to add back my default ssh key kept prompting for passphrase (on Mtn Lion), don't think I have one? Rebooted and was back to my default ssh all ok - also found this stackoverflow.com/questions/7927750/… which works great
house9 over 11 years

this approach worked best for me - stackoverflow.com/questions/7927750/… - create your remote and specify the host from your ssh config, also I am using heroku:accounts
Gautam Dev over 11 years

See my answer about handling multiple heroku accounts on the same computer for different projects.
griswoldbar over 11 years

bashing my head against a wall for a good while over this one, and this was the final step required - thanks!
Dary about 11 years

@tom-carchrae nailed it for me. Here's what I did (account A was working and account B wasn't): 1) logout of account B both locally and on the Heroku site, 2) login account A on heroku and remove the existing ssh key, 3) create new heroku-specific ssh key, 4) ssh-add that key, 5) login to account A locally (heroku auth:login), 6) it asks which key you want to use so select the one you just created, 7) logout of account A locally, 8) log back in to account B locally, 9) magic (what wasn't working started working).
FluffyJack about 11 years

The unique host name thing was my issue. Thank you very much pixelearth.
Bernard almost 11 years

Yes, that also was the problem for me. Accessing two Heroku accounts from the same client. Thanks.
corbin almost 11 years

Make sure to try restarting your terminal. This fixed the problem for me.
Hairgami_Master almost 11 years

If you tried the first method then this one, (and are getting a Permission Denied(publickey) error when you try to push to your Heroku remote) you've probably forgotten to re-run the heroku keys:add command. Anyways, thank you so much! This did it for me.
JVG almost 11 years

I'm trying to do this method, but "Host heroku-alt" gives me the error: Host heroku-alt not found: 3(NXDOMAIN). I'm putting this in terminal on Mountain Lion. ~/.ssh/config doesn't exist either, just a bunch of .pub files and one called known_hosts. And ideas?
Gautam Dev almost 11 years

@Jascination You will need to create ~/.ssh/config and put in the contents listed in the answer. When you are done save the file and it will contain the Host, HostName, and the IdentityFile lines. It should then work fine.
kinopyo over 10 years

Excellent! This technique is so elegant!
softvar about 10 years

Man! You're awesome. Executing step-by-step finally make me relief. Thank You !!
cnp over 9 years

For me the most important thing was tying my git --config email address to the new ssh key. I was using the default (never entered email) when i created a new key and the system was getting confused when i was trying to push
RaphKomjat over 9 years

The .git/config step is what's missing everywhere else
Sylar over 8 years

It's now 2015 and this worked. Out of nowhere I got the error and this worked. I had to remove all keys then re-add the key. Thanks.