Hello,
I'm unable to clone my repository using access keys.
Details:
1 - create repository on bitbucket
2 - create new ssh key on my AWS server "ssh-keygen"
3 - Go to access keys section in repository settings and add the new public key (id_rsa.pub)
4 - copy/paste the clone line from bitbucket (git clone git@bitbucket.org:xxx/xxx.git)
I get "git@bitbucket.org: Permission denied (publickey)."
I've run the clone in verbose, and also checked with ssh -T. No matter what I try, I get a permission denied. However, the correct public key IS setup as the repository access key.
Can anybody help with some troubleshooting steps?
Thanks!
Hello,
A few things to check:
1. What is the output of the following command, executed on your AWS server:
ssh -Tvvv git@bitbucket.org
This will give us verbose output and should show us what repos this access key has access to, or if authentication fails, an indication of what may be going wrong. If you could copy-paste it here, I can take a look.
2. Could you perhaps share the public SSH key, so I can check in our system and see what repos it is associated with?
3. What are the permissions of the .ssh directory, the private and the public key on the AWS server?
4. Do you have more more than one SSH key pairs in the .ssh directory?
5. Another thing to check would be the config file in the .ssh directory, see if there is any entry for bitbucket.org, specifying an IdentityFile other than the one you generated?
Kind regards,
Theodora
Hi Theodora, Thanks for the help.
I'll respond to your questions in order
1) Output is pasted here: https://pastebin.ubuntu.com/p/WCQyhTzNXF/
2) Public key is:
ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQDfn+yjPwwsXA90mDi1N6OoMSntxyFjdqT3yw0BQQZIsi58zp1hib9NqV3+MBU/nvLMaccvsoWyNx+Wq6DOZB9Z0a7N/3/wpWWPuoQLx3uHcla/PznSxPkfXkJIG43udrdTY+QnQnMa9/4xEjOpu4cAu5aHlUIUohLolk+4moYLALFJ4PqF02vCEuFfTq5bkVqq3jKGVlbf+IwlcSU1H25KEhcdygiQHQz73rx639uOEENe6zX4E+o4s4QX1pdmSc8WHxUpbRs+yQmYzyQWfW/nDDhZ06nYKZv0tmxXx5Kkbdbs55vbgDgj+2jXpkhOsBhK6clkY6mfuydOT+9nuuU1JINHe+hpk5s6LxOGFlZGC7jYkGpgmzpz0LozKTZ8AWn8gCqZcfZLP1FLxrxsJCfBgnMIpLYUIgpDvwWkk//cAMqTfGSc3VngZGgHbc/kB8L3Pk54bL/0g5E4b9qx/hiR8WHShTfMWUCpXcAPYVODRNImnAZPQYfLvBmTHRDPVR8=
3) .ssh directory permissions are: drwx------
4) There is only one key in the .ssh directory
5) No config file in the .ssh directory.
Note: The public key I pasted above is set at the Access key for the repository that I want to clone. (It is NOT set as SSH key for user account. I've use this same setup for other projects and never had a problem before. )
Thank You!
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
Hello,
Thank you for the info. Looking at the verbose output, I believe the line that indicates the issue is the following one:
debug1: send_pubkey_test: no mutual signature algorithm
after the public SSH key is offered.
I see similar issues reported by other users also from Fedora, and the issue seems to be related to the PubkeyAcceptedKeyTypes in the client machine, as certain types may not be included in the configuration.
If you'd like to attach here the following two config files from that server, I can have a look:
In most cases the issue is resolved by adding a config file in the .ssh folder with the following content:
Host bitbucket.org
Hostname bitbucket.org
IdentityFile ~/.ssh/id_rsa
PubkeyAcceptedKeyTypes +ssh-rsa
or the following:
Host bitbucket.org
Hostname bitbucket.org
IdentityFile ~/.ssh/id_rsa
PubkeyAcceptedKeyTypes +rsa-sha2-256,rsa-sha2-512
So you can give it a try with creating a config file in the .ssh folder and then see if you are able to connect to Bitbucket, please feel free to let me know how it goes.
Kind regards,
Theodora
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
That's great to hear, you are very welcome!
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.