Trying to add ssh key to Access Key repo settings

funkywaddle June 9, 2022

When trying to add my server's ssh key to a repo's Access Key, I receive:

"Someone has already added that SSH key to another account."

I've checked through all my repos, and none of them currently have any access keys set.

Please help

2 answers

2 accepted

2 votes
Answer accepted
funkywaddle June 9, 2022

UPDATE: This was solved.

The SSH Key WAS NOT used by another account.

I had the SSH Key saved in the account level SSH Keys of THIS account.

When I tried to add the key at the REPO level, it through the error saying another account was using it.

The error was misleading. It wasn't ANOTHER account using it. It was THIS account.

Nic Brough -Adaptavist-
Community Leader
Community Leader
Community Leaders are connectors, ambassadors, and mentors. On the online community, they serve as thought leaders, product experts, and moderators.
June 10, 2022

Ah, that makes sense, thank you.

I've only ever run into this problem when people have been sharing keys before.  

funkywaddle June 10, 2022

While it somewhat makes sense, I don't believe I should be stopped from using my ssh key within the same account, even at a lower level (like the repo level). It's still within the confines of the same account.

Nic Brough -Adaptavist-
Community Leader
Community Leader
Community Leaders are connectors, ambassadors, and mentors. On the online community, they serve as thought leaders, product experts, and moderators.
June 10, 2022

I am sorry, I did not explain that too well.

My previous experience is all with people sharing keys (which should never be done).  The last time I added a key to a Bitbucket repository, and later added it to my profile, with the same account, it accepted it fine.  But that was when it was called "Stash" and it was on Server, not Cloud.

So you have shown me that Bitbucket Cloud is less tolerant of potential security issues than an old server.

But, you absolutely should be stopped from using your key like this, Bitbucket is forcing us to think properly about access.  I'm actually glad it's gone this way - I had security issues in Stash because it was not being this strict.

You can add keys to Bitbucket at two levels - account and repository.  An account-level key grants you access to everything your user might be configured for, and repo access does what it says, giving you access to a single repository.

Where I think Bitbucket falls down when you've already added a key is when you have been added to a repo, and then you come to add a global one.  It should just accept that.

funkywaddle June 10, 2022

All I was saying was, if I already have the ssh key added at an account level, it shouldn't stop me from adding it at the repo level (which was the exact case that started this thread). Since I have SSH access at the expanded level (account), I should be able to add it at the finite level (repo).

If I have access at the repo level, it should definitely stop me from adding it at the account level (the reverse of the current situation). The reason for this is that it would be granting access at a higher level than original agreement (going from finite to expanded).

Like Nic Brough -Adaptavist- likes this
Nic Brough -Adaptavist-
Community Leader
Community Leader
Community Leaders are connectors, ambassadors, and mentors. On the online community, they serve as thought leaders, product experts, and moderators.
June 10, 2022

I think you're right about the layers and, most importantly, not granting extra access inappropriately. 

The bit I am stuck on is:

>if I already have the ssh key added at an account level, it shouldn't stop me from adding it at the repo level 

Technically, it should, you don't want potentially misleading access points, but the solution there is not erroring, it's killing off the redundant key.

But.  If your key is there on the account, why do you need to add it to the repo level?  I'm not sure that is a question for us, more one for Atlassian?

0 votes
Answer accepted
Nic Brough -Adaptavist-
Community Leader
Community Leader
Community Leaders are connectors, ambassadors, and mentors. On the online community, they serve as thought leaders, product experts, and moderators.
June 9, 2022

It's not the repository, it's the account.

You are not supposed to share keys with other people or accounts.  You have, somewhere, another account that has already used that key (so your current account should not be trying to use it).

You'll need to log in to the old account, go to profile -> Settings -> keys and remove the key, or generate and use a new key for your more recent account.

funkywaddle June 9, 2022

How do I know what account it is?

As far as I know, this is my only account.

How can I see what account is using my ssh keys??!

Nic Brough -Adaptavist-
Community Leader
Community Leader
Community Leaders are connectors, ambassadors, and mentors. On the online community, they serve as thought leaders, product experts, and moderators.
June 9, 2022

There's no way to establish that, other than knowing who you shared the key with.

If you have a fully supported Bitbucket account (11+ users) you can raise a support request with Atlassian, who can tell you some basic info without breaching privacy.

funkywaddle June 9, 2022

so, someone else may be using my ssh key, and there is no way to find out who, and I can't even get support from the company to find out who?

You would think Atlassian would want to promote security a little better.

funkywaddle June 9, 2022

And just for the record, I didn't share the key with anyone. I'm not an idiot. I don't share my passwords, and I would never share my ssh keys.

But it doesn't stop nefarious people from finding ways of obtaining the info they're looking for.

Nic Brough -Adaptavist-
Community Leader
Community Leader
Community Leaders are connectors, ambassadors, and mentors. On the online community, they serve as thought leaders, product experts, and moderators.
June 9, 2022

>so, someone else may be using my ssh key, and there is no way to find out who, and I can't even get support from the company to find out who?

No.

You, or someone else, has used your ssh key with a different account.

 >I would never share my ssh key

Right thing to do in theory, but you have shared it.  From what you've said, you've shared it only with yourself, as a human, but the computers do not know that we humans might log in with different accounts.  

You really do need to go back to the first account you shared the key with and remove it.

funkywaddle June 9, 2022

I believe I've mentioned before that I am unaware of any other account.

The server running the ssh key was rebuilt 1 year ago. The key has only been in existence for 1 year. I have been using this (my only) account for much longer than that.

I DON'T HAVE ANOTHER ACCOUNT!

Now that that is settled, can we please come up with a solution that doesn't involve you thinking I'm an idiot and have some unknown account flying around somewhere?

Suggest an answer

Log in or Sign up to answer
DEPLOYMENT TYPE
CLOUD
TAGS
AUG Leaders

Atlassian Community Events