Background:
Some time ago I started using OpenSSH and key-based authentication when logging in to some Linux computers on my home network. I followed the instructions here:
and here:
https://learn.microsoft.com/en-us/windows-server/administration/openssh/openssh_keymanagement
to generate the key-pair and store the private key inside the ssh-agent using ssh-add. After doing I so, I deleted the private key file without encountering any problems. "ssh-add -l" lists my private key. The public key is stored in default location
Users\[MyUserName]\.ssh\id_icdsa.pub
I most likely copied it to my raspberry Pi computers because the key-based authentication works when connecting to them, as previously stated.
Problem:
When trying to connect to my repositories on bitbucket.org to clone or push it won't work. The repositories were originally created using the web interface and I had no problem cloning or pushing to them when using the "git push <remote_server> <branch_name>" approach, providing my password when prompted.
I have looked for solutions in several different forums and articles both on bitbucket.org and other places.
I have uploaded my public key using the web interface -> cog icon -> personal bitbucket settings -> ssh keys
I have tried troubleshooting using the command "ssh -vvv -t bitbucket.org" and the last row reads:
"XXX@bitbucket.org: Permission denied (publickey)." ,
regardless if I use Windows command prompt or MINGW64 Bash version of ssh.
My public key file on my local computer has [WindowsUserName]@[ComputerName] at the end, which is not the same as my username/workspace ID on bitbucket nor is it the same as the username in my windows command prompt. When I uploaded my public key using the web interface and saved it, that last part was removed though. When I choose to edit/view the key in the web interface on bitbucket.org it's not showing anymore.
Debug printout from using "ssh -vvv -t bitbucket.org" in Windows command prompt, with some personal info edited out. Also added row numbers to facilitate discussion:
1 - C:\Users\[myWindowsUserName]>ssh -vvv -t bitbucket.org
2 - OpenSSH_for_Windows_8.1p1, LibreSSL 3.0.2
3 - debug3: Failed to open file:C:/Users/[myWindowsUserName]/.ssh/config error:2
4 - debug3: Failed to open file:C:/ProgramData/ssh/ssh_config error:2
5 - debug2: resolving "bitbucket.org" port 22
6 - debug2: ssh_connect_direct
7 - debug1: Connecting to bitbucket.org [2406:da00:ff00::22c3:9b0a] port 22.
8 - debug1: Connection established.
9 - debug3: Failed to open file:C:/Users/[myWindowsUserName]/.ssh/id_rsa error:2
10 - debug3: Failed to open file:C:/Users/[myWindowsUserName]/.ssh/id_rsa.pub error:2
11 - debug1: identity file C:\\Users\\[myWindowsUserName]/.ssh/id_rsa type -1
12 - debug3: Failed to open file:C:/Users/[myWindowsUserName]/.ssh/id_rsa-cert error:2
13 - debug3: Failed to open file:C:/Users/[myWindowsUserName]/.ssh/id_rsa-cert.pub error:2
14 - debug1: identity file C:\\Users\\[myWindowsUserName]/.ssh/id_rsa-cert type -1
15 - debug3: Failed to open file:C:/Users/[myWindowsUserName]/.ssh/id_dsa error:2
16 - debug3: Failed to open file:C:/Users/[myWindowsUserName]/.ssh/id_dsa.pub error:2
17 - debug1: identity file C:\\Users\\[myWindowsUserName]/.ssh/id_dsa type -1
18 - debug3: Failed to open file:C:/Users/[myWindowsUserName]/.ssh/id_dsa-cert error:2
19 - debug3: Failed to open file:C:/Users/[myWindowsUserName]/.ssh/id_dsa-cert.pub error:2
20 - debug1: identity file C:\\Users\\[myWindowsUserName]/.ssh/id_dsa-cert type -1
21 - debug3: Failed to open file:C:/Users/[myWindowsUserName]/.ssh/id_ecdsa error:2
22 - debug1: identity file C:\\Users\\[myWindowsUserName]/.ssh/id_ecdsa type 2
23 - debug3: Failed to open file:C:/Users/[myWindowsUserName]/.ssh/id_ecdsa-cert error:2
24 - debug3: Failed to open file:C:/Users/[myWindowsUserName]/.ssh/id_ecdsa-cert.pub error:2
25 - debug1: identity file C:\\Users\\[myWindowsUserName]/.ssh/id_ecdsa-cert type -1
26 - debug3: Failed to open file:C:/Users/[myWindowsUserName]/.ssh/id_ed25519 error:2
27 - debug3: Failed to open file:C:/Users/[myWindowsUserName]/.ssh/id_ed25519.pub error:2
28 - debug1: identity file C:\\Users\\[myWindowsUserName]/.ssh/id_ed25519 type -1
29 - debug3: Failed to open file:C:/Users/[myWindowsUserName]/.ssh/id_ed25519-cert error:2
20 - debug3: Failed to open file:C:/Users/[myWindowsUserName]/.ssh/id_ed25519-cert.pub error:2
30 - debug1: identity file C:\\Users\\[myWindowsUserName]/.ssh/id_ed25519-cert type -1
31 - debug3: Failed to open file:C:/Users/[myWindowsUserName]/.ssh/id_xmss error:2
32 - debug3: Failed to open file:C:/Users/[myWindowsUserName]/.ssh/id_xmss.pub error:2
33 - debug1: identity file C:\\Users\\[myWindowsUserName]/.ssh/id_xmss type -1
34 - debug3: Failed to open file:C:/Users/[myWindowsUserName]/.ssh/id_xmss-cert error:2
35 - debug3: Failed to open file:C:/Users/[myWindowsUserName]/.ssh/id_xmss-cert.pub error:2
36 - debug1: identity file C:\\Users\\[myWindowsUserName]/.ssh/id_xmss-cert type -1
37 - debug1: Local version string SSH-2.0-OpenSSH_for_Windows_8.1
38 - debug1: Remote protocol version 2.0, remote software version conker_a18a18c76f 29187104b0d6
39 - debug1: no match: conker_a18a18c76f 29187104b0d6
39 - debug2: fd 3 setting O_NONBLOCK
40 - debug1: Authenticating to bitbucket.org:22 as 'XXX'
41 - debug3: hostkeys_foreach: reading file "C:\\Users\\[myWindowsUserName]/.ssh/known_hosts"
42 - debug3: record_hostkey: found key type ECDSA in file C:\\Users\\[myWindowsUserName]/.ssh/known_hosts:7
43 - debug3: load_hostkeys: loaded 1 keys from bitbucket.org
44 - debug3: Failed to open file:C:/Users/[myWindowsUserName]/.ssh/known_hosts2 error:2
45 - debug3: Failed to open file:C:/ProgramData/ssh/ssh_known_hosts error:2
46 - debug3: Failed to open file:C:/ProgramData/ssh/ssh_known_hosts2 error:2
47 - debug3: order_hostkeyalgs: prefer hostkeyalgs: ecdsa-sha2-nistp256-cert-v01@openssh.com,ecdsa-sha2-nistp384-cert-v01@openssh.com,ecdsa-sha2-nistp521-cert-v01@openssh.com,ecdsa-sha2-nistp256,ecdsa-sha2-nistp384,ecdsa-sha2-nistp521
48 - debug3: send packet: type 20
49 - debug1: SSH2_MSG_KEXINIT sent
50 - debug3: receive packet: type 20
51 - debug1: SSH2_MSG_KEXINIT received
52 - debug2: local client KEXINIT proposal
53 - debug2: KEX algorithms: curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c
54 - debug2: host key algorithms: ecdsa-sha2-nistp256-cert-v01@openssh.com,ecdsa-sha2-nistp384-cert-v01@openssh.com,ecdsa-sha2-nistp521-cert-v01@openssh.com,ecdsa-sha2-nistp256,ecdsa-sha2-nistp384,ecdsa-sha2-nistp521,ssh-ed25519-cert-v01@openssh.com,rsa-sha2-512-cert-v01@openssh.com,rsa-sha2-256-cert-v01@openssh.com,ssh-rsa-cert-v01@openssh.com,ssh-ed25519,rsa-sha2-512,rsa-sha2-256,ssh-rsa
55 - debug2: ciphers ctos: chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com
56 - debug2: ciphers stoc: chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com
57 - debug2: MACs ctos: umac-64-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha1-etm@openssh.com,umac-64@openssh.com,umac-128@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1
58 - debug2: MACs stoc: umac-64-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha1-etm@openssh.com,umac-64@openssh.com,umac-128@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1
59 - debug2: compression ctos: none,zlib@openssh.com,zlib
60 - debug2: compression stoc: none,zlib@openssh.com,zlib
61 - debug2: languages ctos:
62 - debug2: languages stoc:
63 - debug2: first_kex_follows 0
64 - debug2: reserved 0
65 - debug2: peer server KEXINIT proposal
66 - debug2: KEX algorithms: curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-s
67 - debug2: host key algorithms: ssh-ed25519,ecdsa-sha2-nistp256,ssh-rsa,rsa-sha2-256,rsa-sha2-512
68 - debug2: ciphers ctos: aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,chacha20-poly1305@openssh.com
69 - debug2: ciphers stoc: aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,chacha20-poly1305@openssh.com
70 - debug2: MACs ctos: hmac-sha2-256-etm@openssh.com,hmac-sha2-256,hmac-sha1,hmac-sha1-96
71 - debug2: MACs stoc: hmac-sha2-256-etm@openssh.com,hmac-sha2-256,hmac-sha1,hmac-sha1-96
72 - debug2: compression ctos: none
73 - debug2: compression stoc: none
74 - debug2: languages ctos:
75 - debug2: languages stoc:
76 - debug2: first_kex_follows 0
77 - debug2: reserved 0
78 - debug1: kex: algorithm: curve25519-sha256@libssh.org
79 - debug1: kex: host key algorithm: ecdsa-sha2-nistp256
80 - debug1: kex: server->client cipher: chacha20-poly1305@openssh.com MAC: <implicit> compression: none
81 - debug1: kex: client->server cipher: chacha20-poly1305@openssh.com MAC: <implicit> compression: none
82 - debug3: send packet: type 30
83 - debug1: expecting SSH2_MSG_KEX_ECDH_REPLY
84 - debug3: receive packet: type 31
85 - debug1: Server host key: ecdsa-sha2-nistp256 SHA256:FC73VB6C4OQLSCrjEayhMp9UMxS97caD/Yyi2bhW/J0
86 - debug3: hostkeys_foreach: reading file "C:\\Users\\[myWindowsUserName]/.ssh/known_hosts"
87 - debug3: record_hostkey: found key type ECDSA in file C:\\Users\\[myWindowsUserName]/.ssh/known_hosts:7
88 - debug3: load_hostkeys: loaded 1 keys from bitbucket.org
89 - debug3: Failed to open file:C:/Users/[myWindowsUserName]/.ssh/known_hosts2 error:2
90 - debug3: Failed to open file:C:/ProgramData/ssh/ssh_known_hosts error:2
91 - debug3: Failed to open file:C:/ProgramData/ssh/ssh_known_hosts2 error:2
92 - debug3: hostkeys_foreach: reading file "C:\\Users\\[myWindowsUserName]/.ssh/known_hosts"
93 - debug3: record_hostkey: found key type ECDSA in file C:\\Users\\[myWindowsUserName]/.ssh/known_hosts:12
94 - debug3: load_hostkeys: loaded 1 keys from 2406:da00:ff00::22c3:9b0a
95 - debug3: Failed to open file:C:/Users/[myWindowsUserName]/.ssh/known_hosts2 error:2
96 - debug3: Failed to open file:C:/ProgramData/ssh/ssh_known_hosts error:2
97 - debug3: Failed to open file:C:/ProgramData/ssh/ssh_known_hosts2 error:2
98 - debug1: Host 'bitbucket.org' is known and matches the ECDSA host key.
99 - debug1: Found key in C:\\Users\\[myWindowsUserName]/.ssh/known_hosts:7
100 - debug3: send packet: type 21
101 - debug2: set_newkeys: mode 1
102 - debug1: rekey out after 134217728 blocks
103 - debug1: SSH2_MSG_NEWKEYS sent
104 - debug1: expecting SSH2_MSG_NEWKEYS
105 - debug3: receive packet: type 21
106 - debug1: SSH2_MSG_NEWKEYS received
107 - debug2: set_newkeys: mode 0
108 - debug1: rekey in after 134217728 blocks
109 - debug1: Will attempt key: C:\\Users\\[myWindowsUserName]/.ssh/id_ecdsa ECDSA SHA256:CENSORED agent
110 - debug1: Will attempt key: C:\\Users\\[myWindowsUserName]/.ssh/id_rsa
111 - debug1: Will attempt key: C:\\Users\\[myWindowsUserName]/.ssh/id_dsa
112 - debug1: Will attempt key: C:\\Users\\[myWindowsUserName]/.ssh/id_ed25519
113 - debug1: Will attempt key: C:\\Users\\[myWindowsUserName]/.ssh/id_xmss
114 - debug2: pubkey_prepare: done
115 - debug3: send packet: type 5
116 - debug3: receive packet: type 7
117 - debug1: SSH2_MSG_EXT_INFO received
118 - debug1: kex_input_ext_info: server-sig-algs=<ecdsa-sha2-nistp256,ecdsa-sha2-nistp384,ssh-rsa-cert-v01@openssh.com,ssh-dss-cert-v01@openssh.com,rsa-sha2-512,ssh-dss,ecdsa-sha2-nistp521,ecdsa-sha2-nistp256-cert-v01@openssh.com,ecdsa-sha2-nistp384-cert-v01@openssh.com,ecdsa-sha2-nistp521-cert-v01@openssh.com,ssh-rsa,rsa-sha2-256>
119 - debug3: receive packet: type 6
120 - debug2: service_accept: ssh-userauth
121 - debug1: SSH2_MSG_SERVICE_ACCEPT received
122 - debug3: send packet: type 50
123 - debug3: receive packet: type 51
124 - debug1: Authentications that can continue: publickey
125 - debug3: start over, passed a different list publickey
126 - debug3: preferred publickey,keyboard-interactive,password
127 - debug3: authmethod_lookup publickey
128 - debug3: remaining preferred: keyboard-interactive,password
129 - debug3: authmethod_is_enabled publickey
130 - debug1: Next authentication method: publickey
131 - debug1: Offering public key: C:\\Users\\[myWindowsUserName]/.ssh/id_ecdsa ECDSA SHA256:CENSORED agent
132 - debug3: send packet: type 50
133 - debug2: we sent a publickey packet, wait for reply
134 - debug3: receive packet: type 51
135 - debug1: Authentications that can continue: publickey
136 - debug1: Trying private key: C:\\Users\\[myWindowsUserName]/.ssh/id_rsa
137 - debug3: no such identity: C:\\Users\\[myWindowsUserName]/.ssh/id_rsa: No such file or directory
138 - debug1: Trying private key: C:\\Users\\[myWindowsUserName]/.ssh/id_dsa
139 - debug3: no such identity: C:\\Users\\[myWindowsUserName]/.ssh/id_dsa: No such file or directory
140 - debug1: Trying private key: C:\\Users\\[myWindowsUserName]/.ssh/id_ed25519
141 - debug3: no such identity: C:\\Users\\[myWindowsUserName]/.ssh/id_ed25519: No such file or directory
142 - debug1: Trying private key: C:\\Users\\[myWindowsUserName]/.ssh/id_xmss
143 - debug3: no such identity: C:\\Users\\[myWindowsUserName]/.ssh/id_xmss: No such file or directory
144 - debug2: we did not send a packet, disable method
145 - debug1: No more authentication methods to try.
146 - XXX@bitbucket.org: Permission denied (publickey).
Row 40 - debug1: Authenticating to bitbucket.org:22 as 'XXX'
Should this not be my username on bitbucket? As of now it's the username in my local public key file, listed at the end.
Row 43 - debug3: load_hostkeys: loaded 1 keys from bitbucket.org
Does this mean I'm trying to use my private key to unlock a message encrypted with public key of user XXX, referenced on row 40?
Row 85 - The fingerprint/id for bitbucket server, available on their public website, therefor not CENSORED.
Row 109 - debug1: Will attempt key: C:\\Users\\[myWindowsUserName]/.ssh/id_ecdsa ECDSA SHA256:CENSORED agent
This is actually the key that shows if i run "ssh-add -l" in command prompt.
I hope it means it tries to decode msg from bitbucket.org using this key, not that it is the "publickey" referred to on row 135 and row 146.
Row 131 - debug1: Offering public key: C:\\Users\\[myWindowsUserName]/.ssh/id_ecdsa ECDSA SHA256:CENSORED agent
Now this is unsettling, does my ssh client try to offer my private key to bitbucket.org??? It's the same key as row 109.
Another weird detail is the fact that the username in the public key file on my local computer is the same as the logged in User under Users tab in task manager, it is also the same as the username on row 40 and row 146. However it's not the same as my username in the command window prompt/path, also not the same as my bitbucket username/workspace ID.
I would greatly appreciate it if someone with a deeper understanding of ssh, key-based authentication and bitbucket could help me troubleshoot the issue. Sorry for the behemoth post.
G'day, @perkr674
Welcome to the community!
To start with, which key did you use to add to Bitbucket cloud? Is it this key "id_icdsa.pub" that was stored in Users\[MyUserName]\.ssh\?
If yes, this is a simple fix; you just have to point SSH to this key. You can do so by creating a config file in the \.ssh\ folder and adding the following line:
Host bitbucket.org
AddKeysToAgent yes
IdentityFile Users\[MyUserName]\.ssh\id_icdsa.pub
Adding this line in the config will inform SSH to now look for that specific public key in the following path when connecting to Bitbucket.org
Let me know how it goes
Regards,
Syahrul
Hi @Syahrul ,
Thank you for getting back to me so quickly. I'm sorry I haven't been able to test your suggested solution until now, many things have come in between.
To answer your first question, yes I added the key in id_ecdsa.pub and checked it several times.
I tried creating the config file you suggested and running the same command as in the picture above. Early on it opens the new config file and uses it, but it still fails with the message "XXX@bitbucket.org: Permission denied (publickey)." on last row. If you compare this image with row 3 in the image above, it's clear the config file is read by the ssh client now at least.
I found a few new guides on support.atlassian.com that I'm going to try out during the week. At least one of them seemed promising. I will also check out the configuration on my raspberry pi computers and compare it to the Windows one, since I can connect to them using the same ssh client.
I will update the post once I know more.
Regards,
Per
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.