Missed Team ’24? Catch up on announcements here.

Showing results for 
Search instead for 
Did you mean: 
Sign up Log in

SSH keys with ssh-run when using runners

Maxim Andersen September 5, 2023

I am struggling with permission denied message when invoking "echo hello" on a remote host using ssh-run 0.5.0. The documentation is poor, the forum is small, answers to similar questions are far in-between and are usually "two liners" without giving good understanding, links to docs seem to be out of sync.  I am so disappointed that I am about to tell all my dev friends to go for GitLab and abandon Bitbucket for good. I am talking to managers here, not devs (I know devs do their work fine) If you are an a business of providing a tech service, how can you be so amateur in the core instructional documentation?

When using a custom SSH_KEY for the ssh-run , am I to use the the Repository variables to set the actual  ssh keys? if so then what do I make a variable of, the private or the public key? If am I using the default ssh key, is it from Settings->Pipelines ->SSH Keys section? If so, do I need to copy the public key to the HOST used at the ssh-run clause in my bitbucket-pipelines.yml file?




2 answers

1 vote
Theodora Boudale
Atlassian Team
Atlassian Team members are employees working across the company in a wide variety of roles.
September 6, 2023

Hi Maxim,

You can use an SSH key pair that you generate from Repository settings > Pipelines > SSH Keys.

You need to add the public SSH key to the ~/.ssh/authorized_keys of the server you want to connect to with the pipe.

You also need to remove the variable SSH_KEY from the pipe definition in your bitbucket-pipelines.yml file, so that the pipe will use the SSH keys from Repository settings > Pipelines > SSH Keys.

I would also recommend using the latest version of the Linux Docker runner, as the default SSH keys are not supported with some older versions. You can find instructions on how to update the runner here, in Step 4: https://support.atlassian.com/bitbucket-cloud/docs/set-up-and-use-runners-for-linux/#Starting-your-runner

If you don't want to use the SSH key pair from Repository settings > Pipelines > SSH Keys, then you can use the SSH_KEY variable in the pipe.

First, you need to generate an SSH key pair locally. Afterwards, base-64 encode the private SSH key. Then, you can create a Repository variable named e.g. SSH_KEY_1 with value the base-64 encoded string.

Make sure to add the variable SSH_KEY in the pipe's definition in your bitbucket-pipelines.yml file.

The commands to generate an SSH key pair and to base-64 encode the private SSH key are provided here:

Please keep in mind that there are security risks associated with passing private SSH keys as repository variables, there are more details on the page I linked.

The public SSH key needs to be added to the ~/.ssh/authorized_keys of the server you want to connect to.

I hope this helps, please feel free to let me know how it goes. If you're still having issues, please feel free to let me know and we can look into it.

Kind regards,

0 votes
Kesab Nandi September 5, 2023


You need to add the SSH key using pageant (PUTTY authentication agent) to allow logging in to the host. Also, check if root user can directly login using the key, you ma need to replace "root"with "ec2-user".

Suggest an answer

Log in or Sign up to answer
Site Admin
AUG Leaders

Atlassian Community Events