You're on your way to the next level! Join the Kudos program to earn points and save your progress.
Level 1: Seed
25 / 150 points
1 badge earned
Challenges come and go, but your rewards stay with you. Do more to earn more!
What goes around comes around! Share the love by gifting kudos to your peers.
Keep earning points to reach the top of the leaderboard. It resets every quarter so you always have a chance!
Join now to unlock these features and more
When trying to add my server's ssh key to a repo's Access Key, I receive:
"Someone has already added that SSH key to another account."
I've checked through all my repos, and none of them currently have any access keys set.
UPDATE: This was solved.
The SSH Key WAS NOT used by another account.
I had the SSH Key saved in the account level SSH Keys of THIS account.
When I tried to add the key at the REPO level, it through the error saying another account was using it.
The error was misleading. It wasn't ANOTHER account using it. It was THIS account.
I am sorry, I did not explain that too well.
My previous experience is all with people sharing keys (which should never be done). The last time I added a key to a Bitbucket repository, and later added it to my profile, with the same account, it accepted it fine. But that was when it was called "Stash" and it was on Server, not Cloud.
So you have shown me that Bitbucket Cloud is less tolerant of potential security issues than an old server.
But, you absolutely should be stopped from using your key like this, Bitbucket is forcing us to think properly about access. I'm actually glad it's gone this way - I had security issues in Stash because it was not being this strict.
You can add keys to Bitbucket at two levels - account and repository. An account-level key grants you access to everything your user might be configured for, and repo access does what it says, giving you access to a single repository.
Where I think Bitbucket falls down when you've already added a key is when you have been added to a repo, and then you come to add a global one. It should just accept that.
All I was saying was, if I already have the ssh key added at an account level, it shouldn't stop me from adding it at the repo level (which was the exact case that started this thread). Since I have SSH access at the expanded level (account), I should be able to add it at the finite level (repo).
If I have access at the repo level, it should definitely stop me from adding it at the account level (the reverse of the current situation). The reason for this is that it would be granting access at a higher level than original agreement (going from finite to expanded).
I think you're right about the layers and, most importantly, not granting extra access inappropriately.
The bit I am stuck on is:
>if I already have the ssh key added at an account level, it shouldn't stop me from adding it at the repo level
Technically, it should, you don't want potentially misleading access points, but the solution there is not erroring, it's killing off the redundant key.
But. If your key is there on the account, why do you need to add it to the repo level? I'm not sure that is a question for us, more one for Atlassian?
It's not the repository, it's the account.
You are not supposed to share keys with other people or accounts. You have, somewhere, another account that has already used that key (so your current account should not be trying to use it).
You'll need to log in to the old account, go to profile -> Settings -> keys and remove the key, or generate and use a new key for your more recent account.
There's no way to establish that, other than knowing who you shared the key with.
If you have a fully supported Bitbucket account (11+ users) you can raise a support request with Atlassian, who can tell you some basic info without breaching privacy.
>so, someone else may be using my ssh key, and there is no way to find out who, and I can't even get support from the company to find out who?
You, or someone else, has used your ssh key with a different account.
>I would never share my ssh key
Right thing to do in theory, but you have shared it. From what you've said, you've shared it only with yourself, as a human, but the computers do not know that we humans might log in with different accounts.
You really do need to go back to the first account you shared the key with and remove it.
I believe I've mentioned before that I am unaware of any other account.
The server running the ssh key was rebuilt 1 year ago. The key has only been in existence for 1 year. I have been using this (my only) account for much longer than that.
I DON'T HAVE ANOTHER ACCOUNT!
Now that that is settled, can we please come up with a solution that doesn't involve you thinking I'm an idiot and have some unknown account flying around somewhere?