"git@github.com: Permission denied (publickey)"

We at Tahoe-LAFS project has been using CircleCI for some years now. CircleCI has stopped working for us a few weeks back. Our CircleCI project is https://app.circleci.com/pipelines/github/tahoe-lafs/tahoe-lafs, and our GitHub project is https://github.com/tahoe-lafs/tahoe-lafs/.

I see two kinds of error messages. On https://app.circleci.com/pipelines/github/tahoe-lafs/tahoe-lafs/4958/workflows/d16324ae-293d-45c8-ba97-6ac39ef4cfc4/jobs/86359, for instance, is this one:

Warning: checkout key has zero length
Writing SSH key for checkout to "/tmp/nobody/.ssh/id_rsa"
Fetching into existing repository
Fetching from remote repository
Warning: Permanently added the ECDSA host key for IP address '140.82.112.3' to the list of known hosts.
Load key "/tmp/nobody/.ssh/id_rsa": invalid format
git@github.com: Permission denied (publickey).
fatal: Could not read from remote repository.

And https://app.circleci.com/pipelines/github/tahoe-lafs/tahoe-lafs/4957/workflows/1b68aca6-6a7f-4cee-9df5-fa73eded9cd7/jobs/86336 has a slightly different message:

Writing SSH key for checkout to "/tmp/nobody/.ssh/id_rsa"
Writing SSH public key for checkout to "/tmp/nobody/.ssh/id_rsa.pub"
Fetching into existing repository
Fetching from remote repository
git@github.com: Permission denied (publickey).
fatal: Could not read from remote repository.

Any idea what might be going on?

I see several topics matching the error message that I’m searching for, band it seems that I will need admin access to the GitHub project to reset deploy keys. I do not have admin access to the GitHub project.

Why did CircleCI stop being able to check out all of a sudden, without any action from our part?

Tahoe-LAFS is a public project, and we do not really need CircleCI to check out using SSH. Can we get CircleCI to check out sources using HTTPS?

First thing I’d try would be to have someone who’s an org owner remove and re-add the CircleCI integration. Possibly something interfered with or removed the deploy key that the integration uses.

You can also try opening a support case in cases like this (I think even with open source projects).

Can also try the variant mentioned here.

Can we not make it checkout via HTTPS? Why do we need any ssh keys at all?

(Somewhere else it was suggested to remove any that exist – for tahoe-lafs/zfec project, there are none but it’s still trying to check out via SSH instead of HTTPS)