Create
cancel
Showing results for 
Search instead for 
Did you mean: 
Sign up Log in

Cannot connect to bitbucket with newly created ed25519 or ecdsa key

mspasova June 26, 2023

I tried to convert to the usage of the new bitbucket keys because it didn't happen automatically. I removed my rsa key from the bitbucket account, from .ssh in my home directory and deleted the bitbucket records from the file known_hosts.

I created a new ed25519 key and linked it to my bitbucket account - strictly following what is written in https://support.atlassian.com/bitbucket-cloud/docs/set-up-personal-ssh-keys-on-windows/ 

On the last step:

ssh -T git@bitbucket.org

I get this:
key.PNG

And when I say yes in known_hosts it adds:

ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBPIQmuzMBuKdWeF4+a2sjSSpBK0iqitSQ+5BM9KhpexuGt20JpTVM7u5BDZngncgrqDMbWdxMWWOGtZ9UgbqgZE=

for the bitbucket key. I know that the public key, set in the file known_hosts is the new ЕCDSA key, mentioned in https://bitbucket.org/blog/ssh-host-key-changes.  

When I try to clone a repo, I get this:Clone.PNG
Probably this happens because the public key that I manually created doesn't match the key in the known_hosts. But without using the manually created private and public key it doesn't work as well.

I tried to create ЕCDSA (not ed25519 as initially) key following https://support.atlassian.com/bitbucket-cloud/docs/set-up-personal-ssh-keys-on-windows/ but again in the known_hosts it puts 

ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBPIQmuzMBuKdWeF4+a2sjSSpBK0iqitSQ+5BM9KhpexuGt20JpTVM7u5BDZngncgrqDMbWdxMWWOGtZ9UgbqgZE=

instead of the public key that I created.

Now I cannot use my terminal for operations in bitbucket, 
I can push and clone only through SourceTree because there I can add the path to the public key that I manually created.

How could I connect to bitbucket successfully and fixe the the upper issues?

1 answer

0 votes
Theodora Boudale
Atlassian Team
Atlassian Team members are employees working across the company in a wide variety of roles.
June 26, 2023

Hi @mspasova and welcome to the community!

There is no requirement for users to change the SSH keys they have configured for their Bitbucket account.

The change announced in out blog post is related to the host key of Bitbucket Cloud which is used to establish the authenticity of Bitbucket Cloud. This is irrelevant to the SSH keys you have configured for your account, it shouldn't be an issue if you have changed them though.

The "Permission denied" error is also not related to the change we made and it means that your private SSH key is not being offered when you ssh to bitbucket.org. This is also not related to the known_hosts file, and you shouldn't change the SSH key in the known_hosts file with the key you generated for your Bitbucket Cloud account.

First, run the following command:

ssh -Tv git@bitbucket.org

and the first line in the output will show you which SSH client you are using. If you see OpenSSH, then you can create a file named config in your ~/.ssh directory and add the following lines:

Host bitbucket.org
AddKeysToAgent yes
IdentityFile ~/.ssh/{ssh-key-name}

where {ssh-key-name} replace with the name of the private SSH key whose public key you have added to your Bitbucket Cloud account. If the config file exists, you can simply add this content to it.

Please feel free to let me know how it goes and if you need further assistance.

Kind regards,
Theodora

mspasova June 26, 2023

@Theodora Boudale,

I use these:

ssh -Tv git@bitbucket.org
OpenSSH_8.4p1, OpenSSL 1.1.1h 22 Sep 2020

I have the config file all the time and it didn't help me fixing the issue.

Best regards

Theodora Boudale
Atlassian Team
Atlassian Team members are employees working across the company in a wide variety of roles.
June 26, 2023

Hi,

I assume that you are now using the ЕCDSA SSH key you generated for your Bitbucket Cloud account?

1. Is its public key added here https://bitbucket.org/account/settings/ssh-keys/ ?

2. Does the ~/.ssh/config for Host bitbucket.org have as IdentityFile the ЕCDSA private key and not any of the previous keys?

3. Are there any other entries in the ~/.ssh/config with Host or HostName bitbucket.org or *, that specify a different IdentityFile?

4. Can you please try cloning using the following command and then post the full output here?

GIT_SSH_COMMAND="ssh -vvv" git clone <ssh-repo-url>

where <ssh-repo-url> replace with the SSH URL of the repo you are trying to clone.

This will give more verbose output and it will show us which SSH key your client is trying to use, so we can further troubleshoot the issue.

Please make sure to remove any private/sensitive data from the output, like the repo details, if they appear in the output.

Kind regards,
Theodora

mspasova June 26, 2023

@Theodora Boudale I verified that I haven't missed anything for 1,2,3,

When I ran the command in 4 in the output I saw that it was searching for key id_ecdsa but in my .ssh folder the keys were named ecdsa (without the prefix id). Therefore, I renamed them to id_ecdsa. Then I ran the command again 

GIT_SSH_COMMAND="ssh -vvv" git clone <ssh-repo-url> 

and it cloned the repo. However,  the short command git clone does not work yet:Clone1.PNG

mspasova June 26, 2023

@Theodora Boudale 

This is the output of the command 

GIT_SSH_COMMAND="ssh -vvv" git clone <ssh-repo-url>
 
mspasova June 26, 2023

It seems that my Intelij Idea terminal works already for pushing/cloning. The issue with git clone in git bash persists, unfortunately.

Theodora Boudale
Atlassian Team
Atlassian Team members are employees working across the company in a wide variety of roles.
June 27, 2023

Hi,

It's good to hear that this works now from one terminal.

Regarding Git Bash, even though we see a "Permission denied" error, the most important error is the one before this:

ssh_askpass: posix_spawnp: Unknown error

This is referring to the utility that asks for the passphrase of the SSH key during the clone operation and which seems to fail, leading to the authentication error later. This is not related to Bitbucket's Host key change or to your own SSH keys, it's a failure to start the process that asks for a passphrase.

Looking at other posts with the same error from other users, this may have to do with the version of SSH used by Git Bash. You can read for example this post and how this user resolved the issue:

A similar post that may be helpful here:

Kind regards,
Theodora

Suggest an answer

Log in or Sign up to answer
DEPLOYMENT TYPE
CLOUD
TAGS
AUG Leaders

Atlassian Community Events