Create
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Sign up Log in
Products
See all
Community resources
Top groups
Explore all groups
Community resources
Learn
Community resources
Events
Community resources

Access Keys not working

nsilverman
nsilverman October 31, 2020

Hello,

I'm unable to clone my repository using access keys.

Details:
1 - create repository on bitbucket

2 - create new ssh key on my AWS server "ssh-keygen"

3 - Go to access keys section in repository settings and add the new public key (id_rsa.pub)

4 - copy/paste the clone line from bitbucket (git clone git@bitbucket.org:xxx/xxx.git)

I get "git@bitbucket.org: Permission denied (publickey)."

I've run the clone in verbose, and also checked with ssh -T.  No matter what I try, I get a permission denied.  However, the correct public key IS setup as the repository access key.

Can anybody help with some troubleshooting steps?

Thanks!

Answer
Watch
Like AdryanSignor likes this
4733 views

1 answer

1 accepted

1 vote
Answer accepted
Theodora Boudale
Theodora Boudale
Atlassian Team
Atlassian Team members are employees working across the company in a wide variety of roles.
November 4, 2020

Hello,

A few things to check:

1. What is the output of the following command, executed on your AWS server:

ssh -Tvvv git@bitbucket.org

This will give us verbose output and should show us what repos this access key has access to, or if authentication fails, an indication of what may be going wrong. If you could copy-paste it here, I can take a look.

2. Could you perhaps share the public SSH key, so I can check in our system and see what repos it is associated with?

3. What are the permissions of the .ssh directory, the private and the public key on the AWS server?

4. Do you have more more than one SSH key pairs in the .ssh directory?

5. Another thing to check would be the config file in the .ssh directory, see if there is any entry for bitbucket.org, specifying an IdentityFile other than the one you generated?

Kind regards,
Theodora

View More Comments
nsilverman
nsilverman November 4, 2020

Hi Theodora,  Thanks for the help. 

I'll respond to your questions in order

1) Output is pasted here: https://pastebin.ubuntu.com/p/WCQyhTzNXF/ 

 

2) Public key is:  

ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQDfn+yjPwwsXA90mDi1N6OoMSntxyFjdqT3yw0BQQZIsi58zp1hib9NqV3+MBU/nvLMaccvsoWyNx+Wq6DOZB9Z0a7N/3/wpWWPuoQLx3uHcla/PznSxPkfXkJIG43udrdTY+QnQnMa9/4xEjOpu4cAu5aHlUIUohLolk+4moYLALFJ4PqF02vCEuFfTq5bkVqq3jKGVlbf+IwlcSU1H25KEhcdygiQHQz73rx639uOEENe6zX4E+o4s4QX1pdmSc8WHxUpbRs+yQmYzyQWfW/nDDhZ06nYKZv0tmxXx5Kkbdbs55vbgDgj+2jXpkhOsBhK6clkY6mfuydOT+9nuuU1JINHe+hpk5s6LxOGFlZGC7jYkGpgmzpz0LozKTZ8AWn8gCqZcfZLP1FLxrxsJCfBgnMIpLYUIgpDvwWkk//cAMqTfGSc3VngZGgHbc/kB8L3Pk54bL/0g5E4b9qx/hiR8WHShTfMWUCpXcAPYVODRNImnAZPQYfLvBmTHRDPVR8=

 

3) .ssh directory permissions are:  drwx------

 

4) There is only one key in the .ssh directory

 

5) No config file in the .ssh directory.

 

Note:  The public key I pasted above is set at the Access key for the repository that I want to clone.  (It is NOT set as SSH key for user account.  I've use this same setup for other projects and never had a problem before. )

Thank You!

Like
Theodora Boudale
Theodora Boudale
Atlassian Team
Atlassian Team members are employees working across the company in a wide variety of roles.
November 6, 2020

Hello,

Thank you for the info. Looking at the verbose output, I believe the line that indicates the issue is the following one:

debug1: send_pubkey_test: no mutual signature algorithm

after the public SSH key is offered.

I see similar issues reported by other users also from Fedora, and the issue seems to be related to the PubkeyAcceptedKeyTypes in the client machine, as certain types may not be included in the configuration.

If you'd like to attach here the following two config files from that server, I can have a look:

  • /etc/ssh/ssh_config
  • /etc/crypto-policies/back-ends/openssh.config

In most cases the issue is resolved by adding a config file in the .ssh folder with the following content:

Host bitbucket.org
    Hostname bitbucket.org
    IdentityFile ~/.ssh/id_rsa
    PubkeyAcceptedKeyTypes +ssh-rsa

or the following:

Host bitbucket.org
    Hostname bitbucket.org
    IdentityFile ~/.ssh/id_rsa
    PubkeyAcceptedKeyTypes +rsa-sha2-256,rsa-sha2-512

So you can give it a try with creating a config file in the .ssh folder and then see if you are able to connect to Bitbucket, please feel free to let me know how it goes.

Kind regards,
Theodora

Like Ros Spolyak likes this
nsilverman
nsilverman November 6, 2020

Brilliant!

That fixed it.  Thank you very much!

Like
Theodora Boudale
Theodora Boudale
Atlassian Team
Atlassian Team members are employees working across the company in a wide variety of roles.
November 9, 2020

That's great to hear, you are very welcome!

Like
Reply

Suggest an answer

Log in or Sign up to answer
Bitbucket
Bitbucket
TAGS
AUG Leaders

Atlassian Community Events

    See all events