The 'Permission to repo.git denied to username' error occurs when Git attempts to push to a remote repository using credentials for a different account that doesn't have access. This typically happens due to cached credentials, multiple GitHub accounts, or misconfigured SSH keys.
This error indicates that Git is trying to authenticate with a username or SSH key that does not have permission to push to the target repository. The remote server (GitHub, GitLab, Bitbucket, etc.) recognized your credentials but determined that the authenticated user lacks write access to the repository. The key part of the error is "denied to username" - this tells you which account Git is actually using to authenticate. If this username is different from what you expected, your system has cached credentials from another account. This is a common problem when: 1. **Multiple accounts** - You have personal and work GitHub accounts on the same machine 2. **Credential caching** - Your operating system stored credentials from a previous account 3. **SSH key conflicts** - The wrong SSH key is being used for authentication 4. **Deploy keys** - An SSH key is attached to a different repository as a deploy key 5. **Insufficient permissions** - You're a collaborator with read-only access to the repository
First, determine which account Git is actually authenticating with. The error message itself tells you this:
remote: Permission to user/repo.git denied to OTHER_USERNAME.This means Git is authenticating as OTHER_USERNAME, not the account you intended. Verify the current authentication:
For SSH:
# Test which account SSH connects with
ssh -T [email protected]
# Expected output:
# Hi YOUR_USERNAME! You've successfully authenticated...For HTTPS:
# Check stored credentials
git config --global credential.helper
# On Windows, check Credential Manager for stored GitHub credentials
# On macOS, check Keychain Access for github.com entriesIf the username shown doesn't match the account that owns the repository, you've identified the problem.
If you're using HTTPS and the wrong credentials are cached, remove them:
On Windows (Credential Manager):
1. Open Control Panel > Credential Manager > Windows Credentials
2. Find entries for git:https://github.com or github.com
3. Click each entry and select Remove
Or via command line:
cmdkey /delete:git:https://github.com
cmdkey /delete:LegacyGeneric:target=git:https://github.comOn macOS (Keychain):
# Remove GitHub credentials from Keychain
git credential-osxkeychain erase
host=github.com
protocol=https
# Press Enter twice (Ctrl+D)
# Or open Keychain Access and search for "github.com"On Linux:
# If using 'store' helper (plain text file)
rm ~/.git-credentials
# If using cache helper
git credential-cache exit
# If using GNOME Keyring
# Open "Passwords and Keys" app and remove GitHub entriesAfter clearing credentials, Git will prompt you to authenticate again on the next push.
Force Git to use the correct account by including your username in the remote URL:
# Check current remote URL
git remote -v
# Update remote URL with your username for HTTPS
git remote set-url origin https://[email protected]/owner/repo.git
# Verify the change
git remote -vWhen you push, Git will prompt for a password - use your Personal Access Token (not your GitHub password).
Alternative: Switch to SSH
# Change to SSH URL (avoids credential conflicts)
git remote set-url origin [email protected]:owner/repo.gitIf you use multiple GitHub accounts with SSH, configure SSH to use different keys for each account:
Step 1: Check your SSH keys
ls -la ~/.ssh/
# Look for key pairs like id_ed25519, id_rsa, work_key, personal_key, etc.Step 2: Configure SSH for multiple accounts
Edit ~/.ssh/config:
# Personal GitHub account
Host github.com
HostName github.com
User git
IdentityFile ~/.ssh/id_ed25519_personal
IdentitiesOnly yes
# Work GitHub account
Host github-work
HostName github.com
User git
IdentityFile ~/.ssh/id_ed25519_work
IdentitiesOnly yesStep 3: Update your repository's remote URL
# For work repositories, use the custom host
git remote set-url origin git@github-work:company/repo.git
# For personal repositories
git remote set-url origin [email protected]:username/repo.gitStep 4: Verify SSH is using the correct key
# Test personal account
ssh -T [email protected]
# Test work account
ssh -T git@github-workIf your SSH key is attached as a deploy key to another repository, it can only access that specific repository and may block access to others.
Check if your key is a deploy key:
1. Go to the repository settings where push fails
2. Navigate to Settings > Deploy keys
3. Check if your public key appears there
Solution:
1. Remove the deploy key from the repository
2. Add the key to your personal GitHub account instead:
- Go to [github.com/settings/keys](https://github.com/settings/keys)
- Click New SSH key
- Paste your public key (cat ~/.ssh/id_ed25519.pub)
- Save
Deploy keys are meant for CI/CD systems, not personal development. Your personal SSH key should be added to your GitHub account, not individual repositories.
Ensure you actually have write access to the repository:
For your own repositories:
- Go to the repository on GitHub
- You should see "Settings" tab if you're the owner
For repositories you don't own:
- Ask the repository owner to add you as a collaborator
- Go to repository Settings > Collaborators and teams
- They need to add your GitHub username with "Write" or "Admin" permission
For organization repositories:
- Check your organization membership
- You may need to be added to a team with write access
- Organization owners can check: Organization Settings > People > Your username
If you can't get write access:
# Fork the repository instead
# Then push to your fork
# Change remote to your fork
git remote set-url origin https://github.com/YOUR_USERNAME/repo.git
# After making changes, create a Pull Request to the original repoYour Personal Access Token might lack the necessary permissions. Create a new one with the correct scopes:
For GitHub:
1. Go to [github.com/settings/tokens](https://github.com/settings/tokens)
2. Click Generate new token > Generate new token (classic)
3. Set a descriptive name and expiration
4. Select scopes:
- repo - Required for pushing to private repositories
- workflow - If you need to update GitHub Actions
- admin:org - If pushing to organization repositories
5. Click Generate token and copy it immediately
For fine-grained tokens (more secure):
1. Go to [github.com/settings/tokens?type=beta](https://github.com/settings/tokens?type=beta)
2. Select the specific repository or repositories
3. Set Repository permissions > Contents to "Read and write"
4. Generate the token
Use the new token:
# Clear old credentials first (see Step 2)
git push origin main
# When prompted, enter your username and paste the new token as passwordIf the repository belongs to an organization with SAML Single Sign-On enabled, you must authorize your token:
1. Go to [github.com/settings/tokens](https://github.com/settings/tokens)
2. Find your Personal Access Token
3. Click Configure SSO next to the token
4. Click Authorize next to the organization name
5. Complete any SSO authentication prompts
For SSH keys with SSO:
1. Go to [github.com/settings/keys](https://github.com/settings/keys)
2. Find your SSH key
3. Click Configure SSO
4. Click Authorize for each organization
You'll know SSO authorization is needed if:
- You can access personal repositories but not organization ones
- The organization uses enterprise SSO/SAML
### Understanding the Credential Resolution Order
When Git authenticates, it tries credentials in this order:
1. Credentials embedded in the URL (https://user:[email protected])
2. Git credential helper (configured via credential.helper)
3. SSH key matching the host in ~/.ssh/config
4. Default SSH key (~/.ssh/id_rsa or ~/.ssh/id_ed25519)
Understanding this helps debug which credentials are being used.
### Git Credential Manager Diagnostic Mode
# Enable diagnostic logging
GCM_TRACE=1 GIT_TRACE=1 git push origin main
# Check which credential helper is active
git config --list --show-origin | grep credential### SSH Agent Issues
Multiple SSH keys loaded in the agent can cause the wrong key to be used:
# List loaded keys
ssh-add -l
# Remove all keys from agent
ssh-add -D
# Add only the key you need
ssh-add ~/.ssh/id_ed25519_work### GitHub CLI as Alternative
The GitHub CLI handles authentication automatically and avoids credential conflicts:
# Install GitHub CLI
# brew install gh (macOS)
# winget install GitHub.cli (Windows)
# Login (handles multiple accounts)
gh auth login
# Switch between accounts
gh auth switch
# Clone and push work seamlessly
gh repo clone owner/repo### Per-Repository Credential Configuration
You can configure different credentials for different repository paths:
# Configure credential helper for specific paths
git config --global credential.https://github.com/work-org.helper store
git config --global credential.https://github.com/personal.helper osxkeychain
# Or in .gitconfig:
# [credential "https://github.com/work-org"]
# helper = store
# username = work-username### Debugging 403 Errors
A 403 error means "Forbidden" - you authenticated successfully but lack permission:
# Verbose output for HTTPS
GIT_CURL_VERBOSE=1 git push origin main 2>&1 | grep -E "(Authorization|403|Permission)"### Repository Transfer Issues
If a repository was transferred to a new owner or organization:
- Your fork's upstream remote becomes invalid
- You may lose collaborator access
- Update your remote URL to the new location:
git remote set-url origin https://github.com/NEW_OWNER/repo.git### Token Expiration Handling
Personal Access Tokens can expire. Check token status at [github.com/settings/tokens](https://github.com/settings/tokens). Consider setting up token expiration reminders or use SSH keys which don't expire.
kex_exchange_identification: Connection closed by remote host
Connection closed by remote host when connecting to Git server
fatal: unable to access: Proxy auto-configuration failed
How to fix 'Proxy auto-configuration failed' in Git
fatal: unable to access: Authentication failed (proxy requires basic auth)
How to fix 'Authentication failed (proxy requires basic auth)' in Git
fatal: unable to access: no_proxy configuration not working
How to fix 'no_proxy configuration not working' in Git
fatal: unable to read tree object in treeless clone
How to fix 'unable to read tree object in treeless clone' in Git