Create
cancel
Showing results for 
Search instead for 
Did you mean: 
Sign up Log in

Permission denied (publickey).

DevOps
I'm New Here
I'm New Here
Those new to the Atlassian Community have posted less than three times. Give them a warm welcome!
March 30, 2023

Hello all! I've ran through the steps in the following docs but have been uncessful in troubleshooting this issue:

https://confluence.atlassian.com/bitbucket/set-up-ssh-for-git-728138079.html
https://confluence.atlassian.com/bbkb/permission-denied-publickey-302811860.html

I am trying to connect my AWS Jenkins host to BitBucket so that we can pull from BitBucket's repo and start building projects.

I created a test repo  and am using the clone url as the repo url on the jenkins host:
git@bitbucket.org:testcompany/test.git

I get the following output when I run ssh -vT bitbucket.org:
debug1: Reading configuration data /etc/ssh/ssh_config
debug1: /etc/ssh/ssh_config line 58: Applying options for *
debug1: Connecting to bitbucket.org [18.205.93.2] port 22.
debug1: Connection established.
debug1: identity file /home/ec2-user/.ssh/id_rsa type 1
debug1: key_load_public: No such file or directory
debug1: identity file /home/ec2-user/.ssh/id_rsa-cert type -1
debug1: key_load_public: No such file or directory
debug1: identity file /home/ec2-user/.ssh/id_dsa type -1
debug1: key_load_public: No such file or directory
debug1: identity file /home/ec2-user/.ssh/id_dsa-cert type -1
debug1: key_load_public: No such file or directory
debug1: identity file /home/ec2-user/.ssh/id_ecdsa type -1
debug1: key_load_public: No such file or directory
debug1: identity file /home/ec2-user/.ssh/id_ecdsa-cert type -1
debug1: key_load_public: No such file or directory
debug1: identity file /home/ec2-user/.ssh/id_ed25519 type -1
debug1: key_load_public: No such file or directory
debug1: identity file /home/ec2-user/.ssh/id_ed25519-cert type -1
debug1: Enabling compatibility mode for protocol 2.0
debug1: Local version string SSH-2.0-OpenSSH_7.4
debug1: Remote protocol version 2.0, remote software version conker_a218b73743 4e246b89e9a8
debug1: no match: conker_a218b73743 4e246b89e9a8
debug1: Authenticating to bitbucket.org:22 as 'ec2-user'
debug1: SSH2_MSG_KEXINIT sent
debug1: SSH2_MSG_KEXINIT received
debug1: kex: algorithm: curve25519-sha256@libssh.org
debug1: kex: host key algorithm: rsa-sha2-512
debug1: kex: server->client cipher: chacha20-poly1305@openssh.com MAC: <implicit> compression: none
debug1: kex: client->server cipher: chacha20-poly1305@openssh.com MAC: <implicit> compression: none
debug1: kex: curve25519-sha256@libssh.org need=64 dh_need=64
debug1: kex: curve25519-sha256@libssh.org need=64 dh_need=64
debug1: expecting SSH2_MSG_KEX_ECDH_REPLY
debug1: Server host key: ssh-rsa SHA256:zzXQOXSRBEiUtuE8AikJYKwbHaxvSc0ojez9YXaGp1A
debug1: Host 'bitbucket.org' is known and matches the RSA host key.
debug1: Found key in /home/ec2-user/.ssh/known_hosts:3
debug1: rekey after 134217728 blocks
debug1: SSH2_MSG_NEWKEYS sent
debug1: expecting SSH2_MSG_NEWKEYS
debug1: SSH2_MSG_NEWKEYS received
debug1: rekey after 134217728 blocks
debug1: SSH2_MSG_EXT_INFO received
debug1: kex_input_ext_info: server-sig-algs=<ssh-rsa,ssh-dss,ecdsa-sha2-nistp384,ecdsa-sha2-nistp256-cert-v01@openssh.com,ssh-rsa-cert-v01@openssh.com,ssh-dss-cert-v01@openssh.com,ecdsa-sha2-nistp384-cert-v01@openssh.com,ecdsa-sha2-nistp521-cert-v01@openssh.com,rsa-sha2-256,rsa-sha2-512,ecdsa-sha2-nistp256,ecdsa-sha2-nistp521>
debug1: SSH2_MSG_SERVICE_ACCEPT received
debug1: Authentications that can continue: publickey
debug1: Next authentication method: publickey
debug1: Offering RSA public key: /home/ec2-user/.ssh/id_rsa
debug1: Authentications that can continue: publickey
debug1: Offering RSA public key: /home/ec2-user/.ssh/id_rsa
debug1: Authentications that can continue: publickey
debug1: Trying private key: /home/ec2-user/.ssh/id_dsa
debug1: Trying private key: /home/ec2-user/.ssh/id_ecdsa
debug1: Trying private key: /home/ec2-user/.ssh/id_ed25519
debug1: No more authentication methods to try.
Permission denied (publickey).

 

Please advise

1 answer

0 votes
Theodora Boudale
Atlassian Team
Atlassian Team members are employees working across the company in a wide variety of roles.
April 25, 2023

Hi @DevOps,

Does the name of your private SSH key (whose public key you have added to Bitbucket) match with the name of any of the keys that are being offered (see the output of ssh -vT bitbucket.org you shared)?

If not, I would suggest creating a file named config in the ~/.ssh folder of this machine and adding the following lines (if the file exists, just add the following content)

Host bitbucket.org
        AddKeysToAgent yes
        IdentityFile ~/.ssh/id_rsa


where ~/.ssh/id_rsa replace with the path and name of the private SSH key, whose public key you have uploaded to Bitbucket.

This will ensure that this specific SSH key is offered every time you clone/pull/push to a Bitbucket Cloud repo.

I would also suggest double-checking permissions: permissions should be 700 for the ~/.ssh directory, 644 for the public SSH key, and 600 for the private key.

Please feel free to let us know how it goes and if you need any further help!

Kind regards,
Theodora

Suggest an answer

Log in or Sign up to answer
DEPLOYMENT TYPE
CLOUD
PERMISSIONS LEVEL
Site Admin
TAGS
AUG Leaders

Atlassian Community Events