Cannot use public key with bitbucket cloud

nicolasross November 7, 2018

I am a new bitbucket user, and I try to use ssh rsa keys to connect via ssh to any repo in my account.

I added a private repo (tryed a public one also), and ssh keys ton my account. No matter where I try, I cannot access the repo via ssh.

In sourcetree, I get :

git -c diff.mnemonicprefix=false -c core.quotepath=false --no-optional-locks -c credential.helper= -c credential.helper="C:/Users/nicolas/AppData/Local/ATLASS~1/SOURCE~1/GIT_EX~1/GIT-CR~1.EXE" push -v --tags --set-upstream bitbucket master:master
Pushing to ssh://git@bitbucket.org/nicolasross/REPONAME.git
FATAL ERROR: Server sent disconnect message
type 2 (protocol error):
"Connection blocked because server only allows public key authentication. Please contact your network administrator."
fatal: Could not read from remote repository.

In a linux box, at command line, I get equivalent message :

Received disconnect from 18.205.93.2 port 22:2: Connection blocked because server only allows public key authentication. Please contact your network administrator.
Authentication failed.

I am sure that my key is loaded into the agent in windows, and on my linux box, I did the test with :

ssh -i /home/nicolas/.ssh/id_rsa -T git@bitbucket.org

And it still complains I do not have a public key.

2 answers

1 accepted

0 votes
Answer accepted
nicolasross November 7, 2018

Ok, figured it out. We are doing ssl/ssh inspection at our border gateways, and it seemed to caused the problem. Disabling ssh inspection, or adding an excpetion for bitbucket's ips, I can now push and pull from my bitbucket repo.

0 votes
Shuhrat Dehkanov November 7, 2018

Did you upload your `id_rsa.pub` file to Bitbucket?

Go to your Bitbucket account settings page, navigate to SECURITY -> SSH keys (https://bitbucket.org/account/user/nicolasross/ssh-keys/), and use "Add key" button to add the public key.

nicolasross November 7, 2018

Yes I did. Both my windows key and my linux keys are there.

Shuhrat Dehkanov November 7, 2018

Try ssh with -vvvv flag, see if you can get any clue from the logs. If not, please post the output here  

nicolasross November 7, 2018

Hmm, more not...

 $ ssh -vvvvi /home/nicolas/.ssh/id_rsa -T git@bitbucket.org
OpenSSH_7.4p1, OpenSSL 1.0.2k-fips  26 Jan 2017
debug1: Reading configuration data /etc/ssh/ssh_config
debug1: /etc/ssh/ssh_config line 58: Applying options for *
debug2: resolving "bitbucket.org" port 22
debug2: ssh_connect_direct: needpriv 0
debug1: Connecting to bitbucket.org [18.205.93.2] port 22.
debug1: Connection established.
debug1: identity file /home/nicolas/.ssh/id_rsa type 1
debug1: key_load_public: No such file or directory
debug1: identity file /home/nicolas/.ssh/id_rsa-cert type -1
debug1: Enabling compatibility mode for protocol 2.0
debug1: Local version string SSH-2.0-OpenSSH_7.4
debug1: Remote protocol version 2.0, remote software version conker_1.1.15-49a70a8 app-131
debug1: no match: conker_1.1.15-49a70a8 app-131
debug2: fd 4 setting O_NONBLOCK
debug1: Authenticating to bitbucket.org:22 as 'git'
debug3: hostkeys_foreach: reading file "/home/nicolas/.ssh/known_hosts"
debug3: record_hostkey: found key type RSA in file /home/nicolas/.ssh/known_hosts:3
debug3: load_hostkeys: loaded 1 keys from bitbucket.org
debug3: order_hostkeyalgs: prefer hostkeyalgs: ssh-rsa-cert-v01@openssh.com,rsa-sha2-512,rsa-sha2-256,ssh-rsa
debug3: send packet: type 20
debug1: SSH2_MSG_KEXINIT sent
debug3: receive packet: type 20
debug1: SSH2_MSG_KEXINIT received
debug2: local client KEXINIT proposal
debug2: KEX algorithms: curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c
debug2: host key algorithms: ssh-rsa-cert-v01@openssh.com,rsa-sha2-512,rsa-sha2-256,ssh-rsa,ecdsa-sha2-nistp256-cert-v01@openssh.com,ecdsa-sha2-nistp384-cert-v01@openssh.com,ecdsa-sha2-nistp521-cert-v01@openssh.com,ssh-ed25519-cert-v01@openssh.com,ssh-dss-cert-v01@openssh.com,ecdsa-sha2-nistp256,ecdsa-sha2-nistp384,ecdsa-sha2-nistp521,ssh-ed25519,ssh-dss
debug2: ciphers ctos: chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,aes128-cbc,aes192-cbc,aes256-cbc
debug2: ciphers stoc: chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,aes128-cbc,aes192-cbc,aes256-cbc
debug2: MACs ctos: umac-64-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha1-etm@openssh.com,umac-64@openssh.com,umac-128@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1
debug2: MACs stoc: umac-64-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha1-etm@openssh.com,umac-64@openssh.com,umac-128@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1
debug2: compression ctos: none,zlib@openssh.com,zlib
debug2: compression stoc: none,zlib@openssh.com,zlib
debug2: languages ctos:
debug2: languages stoc:
debug2: first_kex_follows 0
debug2: reserved 0
debug2: peer server KEXINIT proposal
debug2: KEX algorithms: curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1
debug2: host key algorithms: ssh-dss,ssh-rsa
debug2: ciphers ctos: aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour128
debug2: ciphers stoc: aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour128
debug2: MACs ctos: hmac-sha2-256-etm@openssh.com,hmac-sha2-256,hmac-sha1,hmac-sha1-96
debug2: MACs stoc: hmac-sha2-256-etm@openssh.com,hmac-sha2-256,hmac-sha1,hmac-sha1-96
debug2: compression ctos: none
debug2: compression stoc: none
debug2: languages ctos:
debug2: languages stoc:
debug2: first_kex_follows 0
debug2: reserved 0
debug1: kex: algorithm: curve25519-sha256@libssh.org
debug1: kex: host key algorithm: ssh-rsa
debug1: kex: server->client cipher: chacha20-poly1305@openssh.com MAC: <implicit> compression: none
debug1: kex: client->server cipher: chacha20-poly1305@openssh.com MAC: <implicit> compression: none
debug1: kex: curve25519-sha256@libssh.org need=64 dh_need=64
debug1: kex: curve25519-sha256@libssh.org need=64 dh_need=64
debug3: send packet: type 30
debug1: expecting SSH2_MSG_KEX_ECDH_REPLY
debug3: receive packet: type 31
debug1: Server host key: ssh-rsa SHA256:JK08RPSiMWvADjaaIfMwLLD3XOfDAK3ekFp55kBpxVk
debug3: hostkeys_foreach: reading file "/home/nicolas/.ssh/known_hosts"
debug3: record_hostkey: found key type RSA in file /home/nicolas/.ssh/known_hosts:3
debug3: load_hostkeys: loaded 1 keys from bitbucket.org
debug3: hostkeys_foreach: reading file "/home/nicolas/.ssh/known_hosts"
debug3: record_hostkey: found key type RSA in file /home/nicolas/.ssh/known_hosts:3
debug3: load_hostkeys: loaded 1 keys from 18.205.93.2
debug1: Host 'bitbucket.org' is known and matches the RSA host key.
debug1: Found key in /home/nicolas/.ssh/known_hosts:3
debug3: send packet: type 21
debug2: set_newkeys: mode 1
debug1: rekey after 134217728 blocks
debug1: SSH2_MSG_NEWKEYS sent
debug1: expecting SSH2_MSG_NEWKEYS
debug3: receive packet: type 21
debug1: SSH2_MSG_NEWKEYS received
debug2: set_newkeys: mode 0
debug1: rekey after 134217728 blocks
debug2: key: rsa-key-20181014 (0x561f8e088610), agent
debug2: key: /home/nicolas/.ssh/id_rsa (0x561f8e0867a0), explicit
debug3: send packet: type 5
debug3: receive packet: type 6
debug2: service_accept: ssh-userauth
debug1: SSH2_MSG_SERVICE_ACCEPT received
debug3: send packet: type 50
debug3: receive packet: type 1
Received disconnect from 18.205.93.2 port 22:2: Connection blocked because server only allows public key authentication. Please contact your network administrator.
Authentication failed.

Suggest an answer

Log in or Sign up to answer
TAGS
AUG Leaders

Atlassian Community Events