Permission denied (publickey) when verify SSHKeys setup.

Yangchun Jia February 10, 2023

I generated SSHKeys by command line in Mac

  • ssh-keygen
  • also start Agent and add key
  • sh-add -K ~/.ssh/id_rsa
  • ssh-add -l

The .ssh/config is:

Host *
IdentityFile ~/.ssh/id_rsa
AddKeysToAgent yes
UseKeychain yes
PubkeyAcceptedKeyTypes +rsa-sha2-256,rsa-sha2-512

Also add SSHpublic keys in Manage account->SSH Keys

But when doing "ssh -Tvvv git@bitbucket.org"

I got "git@bitbucket.org: Permission denied (publickey)." error, can't access server.

I also tried ed25519 format key, the same error.

Does anyone can help?  Thanks.

The log is:

yajia-58ae7:.ssh yajia$ ssh -Tvvv git@bitbucket.org
OpenSSH_8.1p1, LibreSSL 2.7.3
debug1: Reading configuration data /Users/yajia/.ssh/config
debug1: /Users/yajia/.ssh/config line 1: Applying options for *
debug1: Reading configuration data /etc/ssh/ssh_config
debug1: /etc/ssh/ssh_config line 47: Applying options for *
debug1: Connecting to bitbucket.org port 22.
debug1: Connection established.
debug1: identity file /Users/yajia/.ssh/id_rsa type 0
debug1: identity file /Users/yajia/.ssh/id_rsa-cert type -1
debug1: Local version string SSH-2.0-OpenSSH_8.1
debug1: Remote protocol version 2.0, remote software version conker_7e57468e48 40657e7a095a
debug1: no match: conker_7e57468e48 40657e7a095a
debug3: fd 5 is O_NONBLOCK
debug1: Authenticating to bitbucket.org:22 as 'git'
debug3: hostkeys_foreach: reading file "/Users/yajia/.ssh/known_hosts"
debug3: record_hostkey: found key type RSA in file /Users/yajia/.ssh/known_hosts:1
debug3: load_hostkeys: loaded 1 keys from bitbucket.org
debug2: languages ctos:
debug2: languages stoc: ......
debug3: receive packet: type 6
debug2: service_accept: ssh-userauth
debug1: SSH2_MSG_SERVICE_ACCEPT received
debug3: send packet: type 50
debug3: receive packet: type 51
debug1: Authentications that can continue: publickey
debug3: start over, passed a different list publickey
debug3: preferred publickey,keyboard-interactive,password
debug3: authmethod_lookup publickey
debug3: remaining preferred: keyboard-interactive,password
debug3: authmethod_is_enabled publickey
debug1: Next authentication method: publickey
debug1: Offering public key: /Users/yajia/.ssh/id_rsa RSA SHA256:KK0EMREf46l44LtCOW+vL0+nJC0IEqTJzWej3fjMFsY explicit agent
debug3: send packet: type 50
debug2: we sent a publickey packet, wait for reply
debug3: receive packet: type 51
debug1: Authentications that can continue: publickey
debug2: we did not send a packet, disable method
debug1: No more authentication methods to try.
git@bitbucket.org: Permission denied (publickey).

1 answer

0 votes
Alex Koxaras _Relational_
Community Leader
Community Leader
Community Leaders are connectors, ambassadors, and mentors. On the online community, they serve as thought leaders, product experts, and moderators.
February 10, 2023
Yangchun Jia February 13, 2023

Thanks Alex, I have read above articles, I have some differences with all of them, 

1. I can get the source code by HTTPS, means I an sync code from git server by HTTPS, but I got "yarn install" fail for one repo, which needs ssh to install dependencies.

2. I can get source code by SourceTree as well, just need to use HTTPS url. I can't use SSH. Seems my public key doesn't work.

Yangchun Jia February 13, 2023

BTW,  does any way I can reach out to Atlassian administrator? As I see below in some document, just want to make sure my Atlassian account having "SSH Access"setup on server side? Thanks.

 

Enabling SSH access

To enable SSH access:

  1. Go to the Bitbucket Server administration area and click Server settings (under 'Settings').
  2. Under 'SSH access', check SSH enabled.
  3. Enter values for SSH port and SSH base URL, according to the information in the sections below.
  4. Click Save
Yangchun Jia February 13, 2023

Attached full level 1 log, hope this help.

yajia-58ae7:.ssh yajia$ ssh-add -l

2048 SHA256:+07IxbQHaAerAVhKY2oz8wdoXAxvZ7dM396N1xWQVXw yajia@yajia-58ae7 (RSA)

yajia-58ae7:.ssh yajia$ ssh -Tv  git@bitbucket.org

OpenSSH_8.1p1, LibreSSL 2.7.3

debug1: Reading configuration data /Users/yajia/.ssh/config

debug1: /Users/yajia/.ssh/config line 1: Applying options for *

debug1: Reading configuration data /etc/ssh/ssh_config

debug1: /etc/ssh/ssh_config line 47: Applying options for *

debug1: Connecting to bitbucket.org port 22.

debug1: Connection established.

debug1: identity file /Users/yajia/.ssh/id_rsa_2048 type 0

debug1: identity file /Users/yajia/.ssh/id_rsa_2048-cert type -1

debug1: Local version string SSH-2.0-OpenSSH_8.1

debug1: Remote protocol version 2.0, remote software version conker_7e57468e48 0fa76520218a

debug1: no match: conker_7e57468e48 0fa76520218a

debug1: Authenticating to bitbucket.org:22 as 'git'

debug1: SSH2_MSG_KEXINIT sent

debug1: SSH2_MSG_KEXINIT received

debug1: kex: algorithm: curve25519-sha256@libssh.org

debug1: kex: host key algorithm: rsa-sha2-512

debug1: kex: server->client cipher: chacha20-poly1305@openssh.com MAC: <implicit> compression: none

debug1: kex: client->server cipher: chacha20-poly1305@openssh.com MAC: <implicit> compression: none

debug1: expecting SSH2_MSG_KEX_ECDH_REPLY

debug1: Server host key: ssh-rsa SHA256:zzXQOXSRBEiUtuE8AikJYKwbHaxvSc0ojez9YXaGp1A

debug1: Host 'bitbucket.org' is known and matches the RSA host key.

debug1: Found key in /Users/yajia/.ssh/known_hosts:1

debug1: rekey out after 134217728 blocks

debug1: SSH2_MSG_NEWKEYS sent

debug1: expecting SSH2_MSG_NEWKEYS

debug1: SSH2_MSG_NEWKEYS received

debug1: rekey in after 134217728 blocks

debug1: Will attempt key: /Users/yajia/.ssh/id_rsa_2048 RSA SHA256:+07IxbQHaAerAVhKY2oz8wdoXAxvZ7dM396N1xWQVXw explicit agent

debug1: SSH2_MSG_EXT_INFO received

debug1: kex_input_ext_info: server-sig-algs=<ssh-dss,ecdsa-sha2-nistp256,ecdsa-sha2-nistp521,ssh-dss-cert-v01@openssh.com,ecdsa-sha2-nistp256-cert-v01@openssh.com,ecdsa-sha2-nistp384-cert-v01@openssh.com,rsa-sha2-256,rsa-sha2-512,ecdsa-sha2-nistp384,ssh-rsa-cert-v01@openssh.com,ecdsa-sha2-nistp521-cert-v01@openssh.com,ssh-rsa>

debug1: SSH2_MSG_SERVICE_ACCEPT received

debug1: Authentications that can continue: publickey

debug1: Next authentication method: publickey

debug1: Offering public key: /Users/yajia/.ssh/id_rsa_2048 RSA SHA256:+07IxbQHaAerAVhKY2oz8wdoXAxvZ7dM396N1xWQVXw explicit agent

debug1: Authentications that can continue: publickey

debug1: No more authentication methods to try.

git@bitbucket.org: Permission denied (publickey).

Patrik S
Atlassian Team
Atlassian Team members are employees working across the company in a wide variety of roles.
February 14, 2023

Hello @Yangchun Jia ,

Thank you for reaching out to Atlassian Community!

From the ssh logs you have shared, the following section says that SSH is offering a key located in /Users/yajia/.ssh/id_rsa_2048 : 

debug1: Offering public key: /Users/yajia/.ssh/id_rsa_2048 RSA SHA256:+07IxbQHaAerAVhKY2oz8wdoXAxvZ7dM396N1xWQVXw explicit agent

Later in the log, we see that bitbucket didn't recognize this key having access to any repository : 

git@bitbucket.org: Permission denied (publickey).

This error usually happens when the key being offered by SSH is not the same key you have added to your Bitbucket cloud account.

In this case, could you please confirm if the id_rsa_2048.pub is indeed the right key you have added to your Bitbucket account (Click on your avatar in the top right > Personal settings > SSH keys ) ?

Thank you, @Yangchun Jia !

Patrik S

Suggest an answer

Log in or Sign up to answer
TAGS
AUG Leaders

Atlassian Community Events