Hello Zexin and welcome to the Community!
Thank you for providing the steps you took to test and confirm what you’re seeing.
To clarify how this works, this is precisely how SSH is designed to work and be used. When using an SSH key, you have uploaded the keyset to the server to verify your machine you’re using, along with Bitbucket trusting that ssh key. Using the ssh key allows you to communicate to the server without continually having to input a password or phrase to authenticate.
Using the ssh key for authentication reduces the use of usernames and passwords being sent back and forth. Since the ssh key is generated from your machine, and is only trusted from your device to Bitbucket, there is no need to send a phrase or password over the wire to authenticate. While this seems to be less secure since you’re not having to constantly authenticate, it is more secure since your not exposing your credentials constantly when communicating to Bitbucket.
From the documentation, the following is stated: for SSH keys:
- Is more effective if you push and pull from Bitbucket many times a day.
- Removes the need to enter a password each time you connect.
More on this can be found at SSH Keys.
I hope this clarifies how the SSH key works and authenticates.
Regards,
Stephen Sifers
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.