https://confluence.atlassian.com/bitbucket/set-up-an-ssh-key-728138079.html
How do I - or what is best practice - for setting up SSH public/private keys for a web server "user"?
A developer sets up a SSH key pair (public/private key) just like the first link you sent. That's all in place and has to be in place for the repo to be used properly from a command line.
When a dev "pushes" code to the repo he is sending his changed source code to BB. When he "pulls" he is grabbing code from BB including any changes from other devs on branches, etc.
During that process BB and the GIT client on the dev machine negotiate credentials using the public key / private key pair.
The webserver needs a pair also. I can easily add a second pair to my account, but that would give the webserver the same rights as I have. THAT CAN BE CATASTROPHIC
The webserver "user" should only have read rights at BB. That way if the server is ever compromised, it doesn't matter. If the webserver "user" had the same rights as me, it would mean that the hacker would have the power to torch our repository and that is the first place they would look is the key ring on the web server.
