Own SSH keys not working to get access to private repositories

Pieter Janse van Rensburg January 8, 2020

I have an existing SSH keypair and I added it to my Pipeline configuration as per https://confluence.atlassian.com/bitbucket/use-ssh-keys-in-bitbucket-pipelines-847452940.html.

I have also added the public key to the "SSH Keys" section under our team, that contains all our private repositories.

During our build we clone many of our repositories as dependencies and I don't want to go into each and add the public key under the repo "Access Keys", I want to do it globally under the team, so that the Pipeline has access to all repositories when cloning.

It does not seem to work and I get the following:

Cloning into 'xxx'...
Warning: Permanently added the RSA host key for IP address '18.205.93.1' to the list of known hosts.
Permission denied (publickey).
fatal: Could not read from remote repository.

Please make sure you have the correct access rights and the repository exists.
ERROR: sh(git clone -n git@bitbucket.org:<team>/xxx.git xxx) failed with return code 128

I have replaced the repository name with "xxx" and our team with <team>. For interest, we are using rebar as build tool that clones the dependencies.

Another thing that I pick up is that when a key is added globally, i.e. under the team, it gives an error when you try to add it to individual repositories, is that expected? Even adding this existing key to the individual repository gives the same error, and I have confirmed that it is indeed using my private key in the Pipeline by inspecting /opt/atlassian/pipelines/agent/ssh/id_rsa.

Any ideas why my own keys don't work or how I can debug it further, command I can execute in the Pipeline to see...

2 answers

0 votes
Aleksander Ślązak June 24, 2020

Hi Pieter,

Did you resolve this problem?
We have exactly the same and trying to resolve without no luck for 2 days...

Pieter Janse van Rensburg June 25, 2020

Hi,

We did manage to solve it, never got to reply here to close off with an answer. The keys that I used and uploaded seemed to have the generator email address at the end, e.g.

ssh-rsa AAAA*** pieter@x.y

Once I removed that at the end, uploaded again, it all worked.

0 votes
Pieter Janse van Rensburg January 8, 2020

I have re-generated and tested with the following command in my Pipeline, and the error I get is strange because testing it locally with the same key gives success.

ssh -T -v git@bitbucket.org

OpenSSH_7.2p2 Ubuntu-4ubuntu2.8, OpenSSL 1.0.2g 1 Mar 2016
debug1: Reading configuration data /root/.ssh/config
debug1: Reading configuration data /etc/ssh/ssh_config
debug1: /etc/ssh/ssh_config line 19: Applying options for *
debug1: Connecting to bitbucket.org [18.205.93.1] port 22.
debug1: Connection established.
debug1: permanently_set_uid: 0/0
debug1: key_load_public: No such file or directory
debug1: identity file /opt/atlassian/pipelines/agent/ssh/id_rsa type -1
debug1: key_load_public: No such file or directory
debug1: identity file /opt/atlassian/pipelines/agent/ssh/id_rsa-cert type -1
debug1: Enabling compatibility mode for protocol 2.0
debug1: Local version string SSH-2.0-OpenSSH_7.2p2 Ubuntu-4ubuntu2.8
debug1: Remote protocol version 2.0, remote software version conker_31073e5a11 app-155
debug1: no match: conker_31073e5a11 app-155
debug1: Authenticating to bitbucket.org:22 as 'git'
debug1: SSH2_MSG_KEXINIT sent
debug1: SSH2_MSG_KEXINIT received
debug1: kex: algorithm: curve25519-sha256@libssh.org
debug1: kex: host key algorithm: ssh-rsa
debug1: kex: server->client cipher: chacha20-poly1305@openssh.com MAC: <implicit> compression: none
debug1: kex: client->server cipher: chacha20-poly1305@openssh.com MAC: <implicit> compression: none
debug1: expecting SSH2_MSG_KEX_ECDH_REPLY
debug1: Server host key: ssh-rsa SHA256:zzXQOXSRBEiUtuE8AikJYKwbHaxvSc0ojez9YXaGp1A
debug1: Host 'bitbucket.org' is known and matches the RSA host key.
debug1: Found key in /root/.ssh/known_hosts:2
Warning: Permanently added the RSA host key for IP address '18.205.93.1' to the list of known hosts.
debug1: rekey after 134217728 blocks
debug1: SSH2_MSG_NEWKEYS sent
debug1: expecting SSH2_MSG_NEWKEYS
debug1: SSH2_MSG_NEWKEYS received
debug1: rekey after 134217728 blocks
debug1: SSH2_MSG_SERVICE_ACCEPT received
debug1: Authentications that can continue: publickey
debug1: Next authentication method: publickey
debug1: Trying private key: /opt/atlassian/pipelines/agent/ssh/id_rsa
debug1: read_passphrase: can't open /dev/tty: No such device or address
debug1: No more authentication methods to try.
Permission denied (publickey).

It is strange that it looks like it is asking for a passphrase but I did not add one on the keypair.

Suggest an answer

Log in or Sign up to answer
TAGS
AUG Leaders

Atlassian Community Events