SSH connection fails ("Could not read from remote repository")

Mathias Bank October 3, 2017

Hello everybody,

Since today, it is not possible to connect to any repository with any user or any pc. I have tried to access the repositories with different users (with different ssh credentials), with different PCs and different repositories. https-access is working so far.

Yesterday, the ssh access worked without problems. As there was no software update on the server in the night, I have no clue what could be the reason. As the access problem exists on all clients, I think it must be a server issue. Therefore I tried to upgrade to the newest bitbucket software. The upgrade worked perfectly so far, however ssh access is still not possible.

According to netstat (sudo netstat -plnt), the port 7999, the port is listened.

tcp6 0 0 :::7999 :::* LISTEN 3683/java

 Has anyone any hint, why the ssh access is not possible any more?

 This is the result of the console:

ssh -p 7999 -vT git@***.com whoami
OpenSSH_7.1p1, OpenSSL 1.0.2d 9 Jul 2015
debug1: Reading configuration data /c/Users/Mathias/.ssh/config
debug1: /c/Users/Mathias/.ssh/config line 1: Applying options for ***.com
debug1: Reading configuration data /etc/ssh/ssh_config
debug1: Connecting to stash.repalogic.com [***] port 7999.
debug1: Connection established.
debug1: identity file /c/Users/Mathias/.ssh/id_rsa type 1
debug1: key_load_public: No such file or directory
debug1: identity file /c/Users/Mathias/.ssh/id_rsa-cert type -1
debug1: Enabling compatibility mode for protocol 2.0
debug1: Local version string SSH-2.0-OpenSSH_7.1
debug1: Remote protocol version 2.0, remote software version SSHD-UNKNOWN
debug1: no match: SSHD-UNKNOWN
debug1: Authenticating to ***.com:7999 as 'git'
debug1: SSH2_MSG_KEXINIT sent
debug1: SSH2_MSG_KEXINIT received
debug1: kex: server->client aes128-ctr hmac-sha2-256 none
debug1: kex: client->server aes128-ctr hmac-sha2-256 none
debug1: sending SSH2_MSG_KEX_ECDH_INIT
debug1: expecting SSH2_MSG_KEX_ECDH_REPLY
debug1: Server host key: ssh-rsa SHA256:***
debug1: Host '[***.com]:7999' is known and matches the RSA host key.
debug1: Found key in /c/Users/Mathias/.ssh/known_hosts:1
debug1: SSH2_MSG_NEWKEYS sent
debug1: expecting SSH2_MSG_NEWKEYS
debug1: SSH2_MSG_NEWKEYS received
debug1: Roaming not allowed by server
debug1: SSH2_MSG_SERVICE_REQUEST sent
debug1: SSH2_MSG_SERVICE_ACCEPT received
debug1: Authentications that can continue: publickey
debug1: Next authentication method: publickey
debug1: Offering RSA public key: /c/Users/Mathias/.ssh/id_rsa
debug1: Server accepts key: pkalg ssh-rsa blen 279
debug1: Authentication succeeded (publickey).
Authenticated to ***.com ([***]:7999).
debug1: channel 0: new [client-session]
debug1: Entering interactive session.
debug1: Sending command: whoami
debug1: client_input_channel_req: channel 0 rtype exit-status reply 0
debug1: channel 0: free: client-session, nchannels 1
Transferred: sent 3160, received 1672 bytes, in 0.1 seconds
Bytes per second: sent 22734.8, received 12029.3
debug1: Exit status 1

 

[Update]

I found an interesting log entry, however still no clue what happened:

c.a.b.i.ssh.server.SshCommandAdapter git was successfully authenticated via public key, but is no longer active in the underlying user directory. The request has been blocked

So that seems to be the reason why no ssh access is possible.  It seems that there was no connection to the jira server for a longer time (seems to be ssl problems) and that therefore the accounts have been blocked.

Mathias

1 answer

1 accepted

1 vote
Answer accepted
Mathias Bank October 4, 2017

Found the reason why no ssh login was possible any more.

The bitbucket server was connected to jira, however the ssl certificate was not trusted (the jira certificate was not in the truststore of the bitbucket server). Thus, no user directory synchronisation was possible. Bitbucket blocked now the ssh login. Reanabling the user synchronisation fixed the problem.

Mathias

Ana Retamal
Atlassian Team
Atlassian Team members are employees working across the company in a wide variety of roles.
October 4, 2017

Hi Mathias, I've seen that you found the answer to this yourself. Please let us know if you need anything else!

Cheers,

Ana

Mathias Bank October 4, 2017

Hi Ana,

yes, I think this issue should be documented in more detail. In especially as the http(s) login was still possible I first thought that something is wrong with regard to the ssh credentials. Blocking SSH but not http access is quite inconsistent.

Cheers

Mathias

Marakai October 26, 2017

You just saved my sanity! I had this very same problem, while Jira was down for maintenance. I was able to login to Bitbucket itself, but could not push into the repo(s).

The connection of SSH <-> Jira evades me.

pnelsonsr November 15, 2018

Same for me, JIRA was my authentication for Bitbucket.  And I did an OS upgrade and had the exact same error.  Once I got my certs back in place, everything worked again.

Suggest an answer

Log in or Sign up to answer
TAGS
AUG Leaders

Atlassian Community Events