Showing results for 
Search instead for 
Did you mean: 
Sign up Log in

Earn badges and make progress

You're on your way to the next level! Join the Kudos program to earn points and save your progress.

Deleted user Avatar
Deleted user

Level 1: Seed

25 / 150 points

Next: Root


1 badge earned


Participate in fun challenges

Challenges come and go, but your rewards stay with you. Do more to earn more!


Gift kudos to your peers

What goes around comes around! Share the love by gifting kudos to your peers.


Rise up in the ranks

Keep earning points to reach the top of the leaderboard. It resets every quarter so you always have a chance!


Determine which user owns a given SSH key

I have an SSH key found on a host while performing an audit. It has permission to read/write to repositories. I would very much like to know which Bitbucket user is associated with this SSH key so I may offer security guidance.

Is there any way to figure out which Bitbucket user was identified based on the SSH key, and which permissions are in effect? I've added the `LogLevel DEBUG` option to `~/.ssh/config` and I can see lots of interesting information, but not any message from Bitbucket about identity. I dunno, maybe the SSH protocol just doesn't afford arbitrary server content like this.

1 answer

1 accepted

0 votes
Answer accepted
Theodora Boudale
Atlassian Team
Atlassian Team members are employees working across the company in a wide variety of roles.
Nov 21, 2023

Hi Joseph!

I'm afraid that there is no way for users to determine where an SSH key has been added.

You can create a ticket with the support team and provide the public key. If this key is added to a user that is a member of a workspace you are an admin of, we can let you know which user this key belongs to.

You can create a ticket via, in "What can we help you with?" select "Technical issues and bugs" and then Bitbucket Cloud as product. When you are asked to provide the workspace URL, please make sure you enter the URL of the workspace that is on a paid billing plan to proceed with ticket creation.

Please feel free to reach out if you have any questions!

Kind regards,

Thank you for the information Theodora. I can understand why Bitbucket Security would be reluctant to disclose the authenticated user identity when an attacker has access to read/write to repositories, and might want additional information about the key upon which they've stumbled.

I'll keep the Atlassian support URL handy for the next time a mysterious SSH key is discovered being used to modify source code.

Suggest an answer

Log in or Sign up to answer
Site Admin
AUG Leaders

Atlassian Community Events