SSH connection fails ("Could not read from remote repository") Edited

Hello everybody,

Since today, it is not possible to connect to any repository with any user or any pc. I have tried to access the repositories with different users (with different ssh credentials), with different PCs and different repositories. https-access is working so far.

Yesterday, the ssh access worked without problems. As there was no software update on the server in the night, I have no clue what could be the reason. As the access problem exists on all clients, I think it must be a server issue. Therefore I tried to upgrade to the newest bitbucket software. The upgrade worked perfectly so far, however ssh access is still not possible.

According to netstat (sudo netstat -plnt), the port 7999, the port is listened.

tcp6 0 0 :::7999 :::* LISTEN 3683/java

 Has anyone any hint, why the ssh access is not possible any more?

 This is the result of the console:

ssh -p 7999 -vT git@***.com whoami
OpenSSH_7.1p1, OpenSSL 1.0.2d 9 Jul 2015
debug1: Reading configuration data /c/Users/Mathias/.ssh/config
debug1: /c/Users/Mathias/.ssh/config line 1: Applying options for ***.com
debug1: Reading configuration data /etc/ssh/ssh_config
debug1: Connecting to stash.repalogic.com [***] port 7999.
debug1: Connection established.
debug1: identity file /c/Users/Mathias/.ssh/id_rsa type 1
debug1: key_load_public: No such file or directory
debug1: identity file /c/Users/Mathias/.ssh/id_rsa-cert type -1
debug1: Enabling compatibility mode for protocol 2.0
debug1: Local version string SSH-2.0-OpenSSH_7.1
debug1: Remote protocol version 2.0, remote software version SSHD-UNKNOWN
debug1: no match: SSHD-UNKNOWN
debug1: Authenticating to ***.com:7999 as 'git'
debug1: SSH2_MSG_KEXINIT sent
debug1: SSH2_MSG_KEXINIT received
debug1: kex: server->client aes128-ctr hmac-sha2-256 none
debug1: kex: client->server aes128-ctr hmac-sha2-256 none
debug1: sending SSH2_MSG_KEX_ECDH_INIT
debug1: expecting SSH2_MSG_KEX_ECDH_REPLY
debug1: Server host key: ssh-rsa SHA256:***
debug1: Host '[***.com]:7999' is known and matches the RSA host key.
debug1: Found key in /c/Users/Mathias/.ssh/known_hosts:1
debug1: SSH2_MSG_NEWKEYS sent
debug1: expecting SSH2_MSG_NEWKEYS
debug1: SSH2_MSG_NEWKEYS received
debug1: Roaming not allowed by server
debug1: SSH2_MSG_SERVICE_REQUEST sent
debug1: SSH2_MSG_SERVICE_ACCEPT received
debug1: Authentications that can continue: publickey
debug1: Next authentication method: publickey
debug1: Offering RSA public key: /c/Users/Mathias/.ssh/id_rsa
debug1: Server accepts key: pkalg ssh-rsa blen 279
debug1: Authentication succeeded (publickey).
Authenticated to ***.com ([***]:7999).
debug1: channel 0: new [client-session]
debug1: Entering interactive session.
debug1: Sending command: whoami
debug1: client_input_channel_req: channel 0 rtype exit-status reply 0
debug1: channel 0: free: client-session, nchannels 1
Transferred: sent 3160, received 1672 bytes, in 0.1 seconds
Bytes per second: sent 22734.8, received 12029.3
debug1: Exit status 1

 

[Update]

I found an interesting log entry, however still no clue what happened:

c.a.b.i.ssh.server.SshCommandAdapter git was successfully authenticated via public key, but is no longer active in the underlying user directory. The request has been blocked

So that seems to be the reason why no ssh access is possible.  It seems that there was no connection to the jira server for a longer time (seems to be ssl problems) and that therefore the accounts have been blocked.

Mathias

1 answer

1 accepted

Found the reason why no ssh login was possible any more.

The bitbucket server was connected to jira, however the ssl certificate was not trusted (the jira certificate was not in the truststore of the bitbucket server). Thus, no user directory synchronisation was possible. Bitbucket blocked now the ssh login. Reanabling the user synchronisation fixed the problem.

Mathias

Hi Mathias, I've seen that you found the answer to this yourself. Please let us know if you need anything else!

Cheers,

Ana

Hi Ana,

yes, I think this issue should be documented in more detail. In especially as the http(s) login was still possible I first thought that something is wrong with regard to the ssh credentials. Blocking SSH but not http access is quite inconsistent.

Cheers

Mathias

You just saved my sanity! I had this very same problem, while Jira was down for maintenance. I was able to login to Bitbucket itself, but could not push into the repo(s).

The connection of SSH <-> Jira evades me.

Suggest an answer

Log in or Join to answer
Community showcase
Piotr Plewa
Published Dec 27, 2017 in Bitbucket

Recipe: Deploying AWS Lambda functions with Bitbucket Pipelines

Bitbucket Pipelines helps me manage and automate a number of serverless deployments to AWS Lambda and this is how I do it. I'm building Node.js Lambda functions using node-lambda&nbsp...

683 views 0 4
Read article

Atlassian User Groups

Connect with like-minded Atlassian users at free events near you!

Find a group

Connect with like-minded Atlassian users at free events near you!

Find my local user group

Unfortunately there are no AUG chapters near you at the moment.

Start an AUG

You're one step closer to meeting fellow Atlassian users at your local meet up. Learn more about AUGs

Groups near you
Atlassian Team Tour

Join us on the Team Tour

We're bringing product updates and pro tips on teamwork to ten cities around the world.

Save your spot