Create
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Sign up Log in
Products
See all
Community resources
Interests
See all
Community resources
Top groups
Explore all groups
Community resources
Celebration

Earn badges and make progress

You're on your way to the next level! Join the Kudos program to earn points and save your progress.

Deleted user Avatar
Deleted user

Level 1: Seed

25 / 150 points

Next: Root

Avatar

1 badge earned

Collect

Participate in fun challenges

Challenges come and go, but your rewards stay with you. Do more to earn more!

Challenges
Coins

Gift kudos to your peers

What goes around comes around! Share the love by gifting kudos to your peers.

Recognition
Ribbon

Rise up in the ranks

Keep earning points to reach the top of the leaderboard. It resets every quarter so you always have a chance!

Leaderboard

Join now to unlock these features and more

Come for the products,
stay for the community

The Atlassian Community can help you and your team get more value out of Atlassian products and practices.

Get started Tell me more
Atlassian Community about banner
4,559,138
Community Members
 
Community Events
184
Community Groups

Someone has already added that SSH key to another account

Edited
Chris Kitching
Chris Kitching Nov 02, 2022

This slightly daft policy is preventing me from adding my SSH key to my account.

 

Please can somebody identify which account is making use of the following public key, and clear it out? I would have asked tech support directly, but apparently that's not a thing. :D

 

It is not clear to me why this policy exists. Public keys are, you know, *public*. One must hold the private key in order to do anything interesting with them. Enforcing uniqueness in this fashion seems misguided (and is an obstacle in situations where "just generate a new keypair" is problematic).

 

Answer
Watch
Like Be the first to like this
138 views

2 answers

0 votes
Nic Brough -Adaptavist-
Nic Brough -Adaptavist-
Community Leader
Community Leader
Community Leaders are connectors, ambassadors, and mentors. On the online community, they serve as thought leaders, product experts, and moderators.
Become a leader
Nov 03, 2022

@Ben is going to get this sorted for you, so most of what I'd usually say here is not needed.

I wanted to pick up on the theme of "daft".  You're absolutely right about a public key being public - they're fine to share.  But not give them to different owners.  They should have a single owner (account).

The best analogy for this stuff iI have found s a padlock on a box. 

Your public/private keys are not keys, but a padlock and its key.  Your public key is a lock.  You give that to anyone you want - they can then lock up a box with it and send it where-ever, but only you, the owner of the private key, have the key to unlock it.

So, while it's possible for many people to use the key pair, you reduce your security by sharing public keys with many accounts. 

More importantly, you massively reduce trust.  Someone sending you something locked up with your padlock probably has a very good reason to use it, and they *really* would like to know that it is only you, on the intended account, that can open the box they send you.

Enforcing uniqueness by key is something more systems should be doing, it is the right thing to do.

But I would like a feature in Bitbucket to allow admins (rather than just Atlassian) to be able to identify the account that needs to stop sharing keys.

View More Comments
Chris Kitching
Chris Kitching Nov 03, 2022

A public key does not enable the creation of cryptographic signatures, only the verification thereof. An encrypted message alone is not proof of identity (that's what signatures are for).

It is simply untrue that a public key enables you to impersonate someone as outlined in your example.

Like
Reply
0 votes
Ben
Ben
Atlassian Team
Atlassian Team members are employees working across the company in a wide variety of roles.
Nov 03, 2022

Hi Chris,

Welcome to the Bitbucket Cloud community!

I have censored your post as per our policies regarding the protection of user-generated content, given that this is a public forum.

The copied SSH key appears to have been incorrectly formatted so I was unable to search this from my end.

I have opened a support ticket on your behalf - please check your email and we will continue to communicate there :)

Cheers!

- Ben (Bitbucket Cloud Support)

Reply

Suggest an answer

Log in or Sign up to answer
Bitbucket
Bitbucket
DEPLOYMENT TYPE
CLOUD
TAGS
AUG Leaders

Atlassian Community Events

See all events