[10:24:15] https://tools-static.wmflabs.org/bridgebot/c9062093/file_41644.jpg [10:24:16] https://tools-static.wmflabs.org/bridgebot/7af9ec2c/file_41645.jpg [15:40:26] Does anyone know how to fix the [15:40:27] [15:40:29] ``` [15:40:30] base@gerrit.wikimedia.org: Permission denied (publickey). [15:40:32] fatal: Could not read from remote repository. [15:40:34] [15:40:35] Please make sure you have the correct access rights [15:40:37] and the repository exists.``` [15:40:38] [15:40:40] [15:40:41] error? I have tried changing my key pair and uploading the new one to gerrit many times, and it does not help me. I also have no problems when using git over ssh with Github, Gitlab, and Bitbucket [15:45:38] This particular output was from running [15:45:38] [15:45:40] > git clone "ssh://base@gerrit.wikimedia.org:29418/css-sanitizer" && scp -p -P 29418 base@gerrit.wikimedia.org:hooks/commit-msg "css-sanitizer/.git/hooks/" [15:45:41] [15:45:42] but I get it when making any git remote interaction with Gerrit [15:46:01] Try plain ssh with -v, it tends to be more informative [15:46:57] Could you tell me what exactly I have to run? I have never tried using plain ssh against git repositories (re @gtisza: Try plain ssh with -v, it tends to be more informative) [15:47:12] ssh -v gerrit.wikimedia.org [15:47:12] ? [15:48:08] ssh -v -p 29418 base@gerrit.wikimedia.org [15:48:21] Maybe -P, not sure [15:49:22] Chances are your keyfile is in the wrong place. [15:49:32] https://phabricator.wikimedia.org/P35490 [15:49:55] well it is at ~/.ssh/id_rsa (re @gtisza: Chances are your keyfile is in the wrong place.) [15:50:03] could be T276486? [15:50:05] at least it should be the one there [15:50:59] you could try generating an ed25519 key and using that instead [15:51:09] debug1: Offering public key: /home/base/.ssh/id_rsa RSA SHA256:D6KlwPVyz0klXSPkaBFZdDZDjzlsujYxJzrNbU9AM2Q explicit agent debug1: send_pubkey_test: no mutual signature algorithm [15:51:45] So yeah [15:53:12] Interesting. I am not using a Fedora though, but I guess that part does not matter much [15:53:27] So, what would be a command to generate a Gerrit compatible key? [15:53:34] Fedora was early in deprecating the key exchange algorithm, but other distributions will have followed suit by now [15:54:10] I think it might be as simple as `ssh-keygen -t ed25519` [15:54:59] and use the default file (`~/.ssh/id_ed25519`), `ssh` should also use that I believe [15:55:14] and then add the .pub file in your Gerrit preferences [15:56:59] hmm, how do I make it so that I still have my other one as my main one for anything else? A non-default name and a .ssh/config record for gerrit.wikimedia.org with an IdentityFile directive? [15:57:12] you could do that, yeah [15:57:40] though I believe SSH offers all available keys to the remote host by default, so having both should work IIUC [15:58:07] (there was a webpage a while ago that would tell you your github username if you SSHed to it, because github pubkeys are public and SSH would send it to the remote host…) [15:58:40] hm, let me try that then (re @lucaswerkmeister: though I believe SSH offers all available keys to the remote host by default, so having both should work IIUC) [16:01:40] (whoami.filippo.io was the website if anyone’s curious ^^) [16:04:00] Yay, seems to work, both for Gerrit and for another non-Wikimedia repo elsewhere. (re @lucaswerkmeister: though I believe SSH offers all available keys to the remote host by default, so having both should work IIUC) [16:04:34] Thanks :) Another issue that I had for months but didn't get myself to resolve finally removed. Might as well make some patches now :) [16:06:05] \o/ [16:07:42] (FWIW, Gerrit 3.6 is supposed to make RSA keys work again iiuc, but we’re still on 3.4 at the moment)