Showing results for 
Search instead for 
Did you mean: 
Sign up Log in

Earn badges and make progress

You're on your way to the next level! Join the Kudos program to earn points and save your progress.

Deleted user Avatar
Deleted user

Level 1: Seed

25 / 150 points

Next: Root


1 badge earned


Participate in fun challenges

Challenges come and go, but your rewards stay with you. Do more to earn more!


Gift kudos to your peers

What goes around comes around! Share the love by gifting kudos to your peers.


Rise up in the ranks

Keep earning points to reach the top of the leaderboard. It resets every quarter so you always have a chance!


Come for the products,
stay for the community

The Atlassian Community can help you and your team get more value out of Atlassian products and practices.

Atlassian Community about banner
Community Members
Community Events
Community Groups

Trying to add ssh key to Access Key repo settings

When trying to add my server's ssh key to a repo's Access Key, I receive:

"Someone has already added that SSH key to another account."

I've checked through all my repos, and none of them currently have any access keys set.

Please help

2 answers

2 accepted

2 votes
Answer accepted

UPDATE: This was solved.

The SSH Key WAS NOT used by another account.

I had the SSH Key saved in the account level SSH Keys of THIS account.

When I tried to add the key at the REPO level, it through the error saying another account was using it.

The error was misleading. It wasn't ANOTHER account using it. It was THIS account.

Ah, that makes sense, thank you.

I've only ever run into this problem when people have been sharing keys before.  

While it somewhat makes sense, I don't believe I should be stopped from using my ssh key within the same account, even at a lower level (like the repo level). It's still within the confines of the same account.

I am sorry, I did not explain that too well.

My previous experience is all with people sharing keys (which should never be done).  The last time I added a key to a Bitbucket repository, and later added it to my profile, with the same account, it accepted it fine.  But that was when it was called "Stash" and it was on Server, not Cloud.

So you have shown me that Bitbucket Cloud is less tolerant of potential security issues than an old server.

But, you absolutely should be stopped from using your key like this, Bitbucket is forcing us to think properly about access.  I'm actually glad it's gone this way - I had security issues in Stash because it was not being this strict.

You can add keys to Bitbucket at two levels - account and repository.  An account-level key grants you access to everything your user might be configured for, and repo access does what it says, giving you access to a single repository.

Where I think Bitbucket falls down when you've already added a key is when you have been added to a repo, and then you come to add a global one.  It should just accept that.

All I was saying was, if I already have the ssh key added at an account level, it shouldn't stop me from adding it at the repo level (which was the exact case that started this thread). Since I have SSH access at the expanded level (account), I should be able to add it at the finite level (repo).

If I have access at the repo level, it should definitely stop me from adding it at the account level (the reverse of the current situation). The reason for this is that it would be granting access at a higher level than original agreement (going from finite to expanded).

Like Nic Brough -Adaptavist- likes this

I think you're right about the layers and, most importantly, not granting extra access inappropriately. 

The bit I am stuck on is:

>if I already have the ssh key added at an account level, it shouldn't stop me from adding it at the repo level 

Technically, it should, you don't want potentially misleading access points, but the solution there is not erroring, it's killing off the redundant key.

But.  If your key is there on the account, why do you need to add it to the repo level?  I'm not sure that is a question for us, more one for Atlassian?

0 votes
Answer accepted

It's not the repository, it's the account.

You are not supposed to share keys with other people or accounts.  You have, somewhere, another account that has already used that key (so your current account should not be trying to use it).

You'll need to log in to the old account, go to profile -> Settings -> keys and remove the key, or generate and use a new key for your more recent account.

How do I know what account it is?

As far as I know, this is my only account.

How can I see what account is using my ssh keys??!

There's no way to establish that, other than knowing who you shared the key with.

If you have a fully supported Bitbucket account (11+ users) you can raise a support request with Atlassian, who can tell you some basic info without breaching privacy.

so, someone else may be using my ssh key, and there is no way to find out who, and I can't even get support from the company to find out who?

You would think Atlassian would want to promote security a little better.

And just for the record, I didn't share the key with anyone. I'm not an idiot. I don't share my passwords, and I would never share my ssh keys.

But it doesn't stop nefarious people from finding ways of obtaining the info they're looking for.

>so, someone else may be using my ssh key, and there is no way to find out who, and I can't even get support from the company to find out who?


You, or someone else, has used your ssh key with a different account.

 >I would never share my ssh key

Right thing to do in theory, but you have shared it.  From what you've said, you've shared it only with yourself, as a human, but the computers do not know that we humans might log in with different accounts.  

You really do need to go back to the first account you shared the key with and remove it.

I believe I've mentioned before that I am unaware of any other account.

The server running the ssh key was rebuilt 1 year ago. The key has only been in existence for 1 year. I have been using this (my only) account for much longer than that.


Now that that is settled, can we please come up with a solution that doesn't involve you thinking I'm an idiot and have some unknown account flying around somewhere?

Suggest an answer

Log in or Sign up to answer

Atlassian Community Events