I might clarify the phrasing slightly. The master should have the needed credentials. Those credentials may include usernames and passwords (for https and http based access to git repositories), private keys (for ssh based access to git repositories), and other credentials as needed.
The master should generally not run jobs, since it is best used as a coordinator of the work of agents, rather than as a worker.
If the master must run a job, it should obtain its ssh keys through credentials, just as other agents obtain credentials. I think it is generally unwise to rely that the account which is executing the Jenkins master has default ssh access to things.
The shell based "git push" command is not executed by the git plugin, but by an "sh" step. The credentials from the git plugin are not shared with other steps.
The message that's being displayed by "git push" is telling you that it can't find a source for a username and password to use in the push.
You could use the withCredentials wrapper to gather the user name and password, then could pass those into the sh step for use by command line git. For instance, you could push to a specific URL and embed the username and password in the URL to which you are pushing. Something like
https://username:pass...@github.com/organization/repository/.
Mark Waite