Showing results for 
Search instead for 
Did you mean: 
Sign up Log in

Earn badges and make progress

You're on your way to the next level! Join the Kudos program to earn points and save your progress.

Deleted user Avatar
Deleted user

Level 1: Seed

25 / 150 points

Next: Root


1 badge earned


Participate in fun challenges

Challenges come and go, but your rewards stay with you. Do more to earn more!


Gift kudos to your peers

What goes around comes around! Share the love by gifting kudos to your peers.


Rise up in the ranks

Keep earning points to reach the top of the leaderboard. It resets every quarter so you always have a chance!


Come for the products,
stay for the community

The Atlassian Community can help you and your team get more value out of Atlassian products and practices.

Atlassian Community about banner
Community Members
Community Events
Community Groups

Someone has already added that SSH key to another account


This slightly daft policy is preventing me from adding my SSH key to my account.


Please can somebody identify which account is making use of the following public key, and clear it out? I would have asked tech support directly, but apparently that's not a thing. :D


It is not clear to me why this policy exists. Public keys are, you know, *public*. One must hold the private key in order to do anything interesting with them. Enforcing uniqueness in this fashion seems misguided (and is an obstacle in situations where "just generate a new keypair" is problematic).


2 answers

0 votes
Nic Brough -Adaptavist-
Community Leader
Community Leader
Community Leaders are connectors, ambassadors, and mentors. On the online community, they serve as thought leaders, product experts, and moderators.
Nov 03, 2022

@Ben is going to get this sorted for you, so most of what I'd usually say here is not needed.

I wanted to pick up on the theme of "daft".  You're absolutely right about a public key being public - they're fine to share.  But not give them to different owners.  They should have a single owner (account).

The best analogy for this stuff iI have found s a padlock on a box. 

Your public/private keys are not keys, but a padlock and its key.  Your public key is a lock.  You give that to anyone you want - they can then lock up a box with it and send it where-ever, but only you, the owner of the private key, have the key to unlock it.

So, while it's possible for many people to use the key pair, you reduce your security by sharing public keys with many accounts. 

More importantly, you massively reduce trust.  Someone sending you something locked up with your padlock probably has a very good reason to use it, and they *really* would like to know that it is only you, on the intended account, that can open the box they send you.

Enforcing uniqueness by key is something more systems should be doing, it is the right thing to do.

But I would like a feature in Bitbucket to allow admins (rather than just Atlassian) to be able to identify the account that needs to stop sharing keys.

A public key does not enable the creation of cryptographic signatures, only the verification thereof. An encrypted message alone is not proof of identity (that's what signatures are for).

It is simply untrue that a public key enables you to impersonate someone as outlined in your example.

0 votes
Atlassian Team
Atlassian Team members are employees working across the company in a wide variety of roles.
Nov 03, 2022

Hi Chris,

Welcome to the Bitbucket Cloud community!

I have censored your post as per our policies regarding the protection of user-generated content, given that this is a public forum.

The copied SSH key appears to have been incorrectly formatted so I was unable to search this from my end.

I have opened a support ticket on your behalf - please check your email and we will continue to communicate there :)


- Ben (Bitbucket Cloud Support)

Suggest an answer

Log in or Sign up to answer
AUG Leaders

Atlassian Community Events