Github user key permission error on machine executor


Is there a problem with github user keys? after checkout in a machine executor, i’m trying to pull another repo and it fails on key: (which works for the 1.0, or if i use a docker executor)
Cloning into ‘/home/ubuntu/eight-docker’…
Warning: Permanently added ‘,’ (RSA) to the list of known hosts.

Permission denied (publickey).

fatal: Could not read from remote repository.

Please make sure you have the correct access rights

Getting Started: Docker Engine

No, that has always been the case. The key in question is only valid for one repository. You will need to configure broader access.


I have a user key, not a deploy key( meaning for all repos, i configured it in the circleci project settings). the same checkout under the regular circleci works perfectly.


Hi Ron,

Sorry for the delay getting back to you. The big reply thread got hairy, so I’ve been unraveling it to find unanswered questions. Could you share a build URL where this is happening?


HI, I think I have the same issue, here’s a build URL:


That’s not a 2.0 build.


The build isn’t picking up a circle.yml, though it looks like your commit is specifically for putting a circle.yml in. CircleCI does a 1-file checkout of your circle.yml before starting a build, but if the file is in the commit, then this initial checkout was unsuccessful.

You might want to compare your Bitbucket checkout key under “project settings -> checkout ssh keys”. You can see if the fingerprint matches what shows up on Bitbucket. If not, they may have fallen out of sync.


Getting the error in a machine executor as well. Docker executor works fine, but we need to use the machine executor for other reasons…


@Wenzil: if you’re stuck, you can drop the checkout command and replace it with your own git clone call, and do your own SSH key and known_hosts setup. AFAIK there would be nothing Circle-ish about that at all - you’d just be doing a remote Git pull from one server to another.


My bad, it was because the pull from git was done in the context of a docker build which doesn’t have access to the host machine ssh keys AFAIK.

I resolved my problem by doing the pull from git from a CircleCI step directly and changing the Dockerfile to ADD the pulled files


That’s correct. Either you need to store the keys in the project repo (suitable for low-value repos where you don’t mind if the keys are revealed) or store them in CI env vars and write them to the appropriate files prior to the pull.