"git@github.com: Permission denied (publickey)." on repo that previously worked

About two weeks ago, a weekly build that has been working fine started failing during the checkout step with this error:

Using SSH Config Dir /home/circleci/.ssh
Cloning into '.'...
Warning: Permanently added the RSA host key for IP address '' to the list of known hosts.
Load key "/home/circleci/.ssh/id_rsa": invalid format
git@github.com: Permission denied (publickey).
fatal: Could not read from remote repository.

I noticed the project had a “deploy key” configured in the CircleCI webUI, but since CircleCI for that project does not write to the project, I tried deleteing the “deploy key” to see if it would help. (The GitHub config shows no deploy keys for this project).

I’m at a loss as to why the checkout is failing. This is a public project: https://github.com/sonatype/nexus-public

Here’s is the latest failed CircleCI build: https://app.circleci.com/pipelines/github/sonatype/nexus-public/224/workflows/e61a60b0-9c55-4d55-89c9-6c01df73800e/jobs/245


More info: I don’t see the usual CircleCI read-only deploy key on this project. How can I recreate the deploy key that CircleCI creates when first following the project?

Good news: I’m guessing that somehow, the original Deploy Key was deleted from GitHub - still don’t know how. Anyway, I was able to create a new ssh key, added it as a GitHub Deploy Key and added the key CircleCI manually as a new ssh key. CircleCI is now able to checkout the source code again, so I think I’m all set for now. Still not idea how the original Deploy Key got wiped out.

For what it’s worth (maybe to help others), I also tried clicking the nice “Add Deploy Key” button in the CircleCI web UI, but it appeared to have not effect - and did not give me an error, nor did it create a new deploy key in the GitHub project. I suspect this is because I do not have admin access on the GitHub project. (I tag teamed with a coworker how does have access to manually create a GitHub Deploy Key).


I’m not sure how to explain why the key was removed, but for future reference if you suspect any issues with the deploy key you can tell the project to “stop building” in the project settings page. Then remove the CircleCI webhook from the webhook settings page on GitHub. Then add the project back to CircleCI. This will generate a fresh deploy key and webhook for your project.

You can find more detailed instructions with screenshots in this support article

1 Like

If you have received “git@github.com: Permission denied (publickey).” Please click “project settings” button, than “SSH keys”. Click to remove deploy key and than click “add deploy key” once again. Than you can click on “${project} deploy key”, it will navigate you to github. Your new deploy key should be visible on github project page.

After that checkout will succeed.