Git "fatal: Could not read from remote repository" in CI
Git connected far enough to talk to the remote but was refused or could not find the repository. The trailing hint - "make sure you have the correct access rights and the repository exists" - points at access or a wrong URL, not a network outage.
What this error means
A git clone or git fetch aborts with fatal: Could not read from remote repository and the standard hint about access rights. It is deterministic for a given URL and credential - it fails the same way on every retry.
git@github.com: Permission denied (publickey).
fatal: Could not read from remote repository.
Please make sure you have the correct access rights
and the repository exists.Common causes
Missing or wrong credentials
The most common case in CI: SSH has no usable key, or the token/credential helper supplies nothing valid, so the remote refuses the connection before any repository data is read.
Wrong remote URL or repository does not exist
A typo in the org/repo name, a renamed or deleted repository, or pointing at a private repo the runner cannot see all surface as the same generic error.
The account lacks access to a private repository
The credential is valid but the identity behind it (a deploy key, a GitHub App token, a PAT) was never granted access to this specific repository.
How to fix it
Confirm the URL and that the repo is reachable
Print the configured remote and try a non-mutating probe with the same credentials the job uses.
git remote -v
git ls-remote https://github.com/org/repo.git # lists refs if access is OKProvide working credentials for the clone
- For SSH, ensure a deploy key or the runner key is loaded and added to the repo/org.
- For HTTPS, supply a token via the credential helper or an
x-access-tokenURL. - On GitHub Actions, confirm
actions/checkouthas access - for other repos add a PAT or deploy key via thetoken/ssh-keyinput.
How to prevent it
- Use
actions/checkout(or the equivalent) with an explicit token for cross-repo clones. - Grant deploy keys / App installations access to every repo a job clones.
- Pin the exact remote URL in the workflow instead of relying on inherited config.