Permission denied for SSH on Pipelines

maximilianruediger August 9, 2018

Hi there,

I followed this guideline to create a new SSH key for my repo:

https://confluence.atlassian.com/bitbucket/use-ssh-keys-in-bitbucket-pipelines-847452940.html

I created it in the repo settings (also added the server to the known hosts) and added the public key on the remote server.

 

Now, I want to access my remote server in a Bitbucket Pipeline via:

ssh -T user@XX.XX.XX.XX rm testfile

But I stuck on that:

Permission denied, please try again.
Permission denied, please try again.
Permission denied (publickey,password).

 

Where is the fault that I cannot access my remote server to execute the command?

 

Thanks a lot

4 answers

1 accepted

1 vote
Answer accepted
Philip Hodder
Atlassian Team
Atlassian Team members are employees working across the company in a wide variety of roles.
August 16, 2018

Hi Max,

Can you try do a quick check that the connection works:

$ ssh -qT user@downhost exit
$ echo $?
// Should be 0

Your user may not have permission to modify files, so it'll be good to remove that factor first. If you get a 0, then double check the permissions of the user you're SSH'ing as.

If not, you can also double check you have whitelisted the necessary Pipelines IP's.

Thanks,

Phil

Olusiji David October 27, 2018

Hi Philip,

Im having this same issue, i ran the commands you stated and i got a 0, but i still get the permission denied error. Please any suggestions what might be wrong?

Philip Hodder
Atlassian Team
Atlassian Team members are employees working across the company in a wide variety of roles.
October 28, 2018

@Olusiji David,

Can you try run this instead. I forgot there's an edge case with the way error codes work.

$ ssh -qT user@downhost exit; echo $?

Thanks

Sebastian Erdt March 29, 2019

Hi Philip,

Where exactly is this command to be executed? In the bitbucket-pipelines.yml file or on the  remote computer? Do I have to customize user@downhost or leave it in the command?

$ ssh -qT user@downhost exit
$ echo $?
// Should be 0

 

When I run this on the remote computer I get a value of 255. What should I do afterwards?

Sorry for the many questions, but I am still a beginner in the field.

Thanks,

Sebastian 

Like SDA Media likes this
5 votes
Mark Drew November 23, 2018

I struggled with this for a day and followed all the comments without it working.

The one thing that eventually worked for me was letting bitbucket create the private and public keys and using those instead of the ones I created myself. 

I then added the public key (as it says ) to the server's `~/.ssh/authorized_keys` file (as a new line) 

It all then worked.

panter122 September 4, 2019

Thank you, helped me a lot!

Like Mark Drew likes this
ewertoncardoso January 4, 2020

Thank you! Works for me!

Like Mark Drew likes this
William Odiomonafe February 18, 2020

Also worked for me too

Like Mark Drew likes this
John Kabiu July 21, 2020

Hello.. how do i let bitbucket create the ssh. i not that good with Atlassian products

Surya Van Lierde November 18, 2020

@John Kabiu 

On the repository -> Repository Settings -> Scroll to Pipelines / SSH keys -> Generate

Like ewertoncardoso likes this
Shashikumar January 11, 2021

Thank you!

Mohan G June 9, 2021

I was almost struggling for a couple of hours to transfer files through scp.. Finally, I could solve the issue based on Mark's response. Thanks.

Points to note:

1) I didn't remove my existing public key which I used to login

2) I generated one more key pair using the ssh key generator provided by bitbucket and appended that key to the authorized_keys under ~./ssh directory. So, now bitbucket pipelines will be using the keypair that was generated by using bitbucket cloud rather than the earlier key that I had provided.

3) Permissions I had set: 700 for .ssh dir and 600 for authorized_keys under .ssh directory

Like Mark Drew likes this
Daniel Bello May 11, 2022

Hello team

I keep getting the same error, but with a GitHub repo, while running npm install https://shero.d.pr/l6fHt7

I have created the bitbucket keys but am not sure where to upload these on Github.

2 votes
wuppr April 6, 2023

This may be applicable to many individuals who are using newer operating system versions.

To determine whether this applies to you, it is recommended that you check your SSH logs. You can locate these logs at /var/log/auth.log (for Ubuntu) and search for the following message:
"userauth_pubkey: key type ssh-rsa not in PubkeyAcceptedAlgorithms [preauth]".

If you come across this log message, it is likely that you will need to upgrade your SSH key (used in the pipeline) to a newer and more stringent algorithm, such as ED25519. You can generate a new ED25519 key and add both the public and private keys to the Repo settings -> Pipelines -> SSH Keys. Finally, use the public key in the authorized_keys of your remote server.

I hope this information is helpful. I spent several hours searching for this problem and ultimately found it by examining the SSH logs.

 More info: https://confluence.atlassian.com/bitbucketserverkb/ssh-rsa-key-rejected-with-message-no-mutual-signature-algorithm-1026057701.html

Angelos Naoum July 19, 2023

Thank god! I was struggling for hours...this is the issue I had as well

mortenbak January 12, 2024

Thank you! This was exactly what I needed!

0 votes
misobelica December 2, 2019

For me, the problem was at the target server. I needed to set `chmod 0775 ~/.ssh` so the server started accepting the SSH auth for the user.

jfranklin August 27, 2021

user beware: this locked me out of my server

Suggest an answer

Log in or Sign up to answer
TAGS
AUG Leaders

Atlassian Community Events