Create
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Sign up Log in
Products
See all
Community resources
Top groups
Explore all groups
Community resources
Learn
Community resources
Events
Community resources

Fully disabling HTTP(S) SCM hosting

Brandon Williams
Brandon Williams January 10, 2019

I have a self-hosted BitBucket instance that I do not want accessed via https - all scm access will be via ssh. I've turned off HTTP(S) SCM, which does prevent un-authenticated scm access via https, which works:

fatal: remote error: SCM access over HTTP(S) has been disabled

However, if I attempt to git clone a non-existent repository, I instead get the message

fatal: remote error: Repository not found
The requested repository does not exist, or you do not have permission to
access it.

 

If I explicitly disable https scm access, why is BitBucket even reporting that the repository doesn't exist? I would have expected the first message (https disabled) instead.

An unauthenticated, random remote user shouldn't be able to confirm the presence/absence of my repositories this way.

Or am I missing something?

Thanks!

Answer
Watch
Like Julius Davies _bit-booster_com_ likes this
1517 views

1 answer

0 votes
Julius Davies _bit-booster_com_
Julius Davies _bit-booster_com_
Rising Star
Rising Star
Rising Stars are recognized for providing high-quality answers to other users. Rising Stars receive a certificate of achievement and are on the path to becoming Community Leaders.
Get recognized
January 12, 2019

 

I think you've found a legitimate security bug in Bitbucket Server.  You can create a new issue in the BSERV Jira tracker:   https://jira.atlassian.com/projects/BSERV

Note:  sometimes it can take a while before the Bitbucket team completes tickets in that tracker, but they have gotten much better about this over the last couple years.

View More Comments
Brandon Williams
Brandon Williams January 14, 2019

Actually, this was user error! I didn't realize that Git for Windows had cached the credentials in the Credentials Manager. When those are removed, everything works as expected.

Thanks!

Like
Julius Davies _bit-booster_com_
Julius Davies _bit-booster_com_
Rising Star
Rising Star
Rising Stars are recognized for providing high-quality answers to other users. Rising Stars receive a certificate of achievement and are on the path to becoming Community Leaders.
Get recognized
January 16, 2019

 

Ah, thanks for clarifying the issue!

Like
Reply

Suggest an answer

Log in or Sign up to answer
Bitbucket
Bitbucket
TAGS
AUG Leaders

Atlassian Community Events

    See all events