Missed Team ’24? Catch up on announcements here.

×
Create
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Sign up Log in
Products
See all
Community resources
Top groups
Explore all groups
Community resources
Learn
Community resources
Events
Community resources

Using multiple ssh keys results in permission denied error

Janis Cimbulis
Janis Cimbulis
I'm New Here
I'm New Here
Those new to the Atlassian Community have posted less than three times. Give them a warm welcome!
Get involved
December 23, 2018

Hi there! 

I've followed the steps described here, under the `Set up additional ssh keys for Git` - https://confluence.atlassian.com/bitbucket/set-up-additional-ssh-keys-271943168.html

However on push, terminal spits out:

myrepo git:(master) git push --set-upstream origin master
Warning: Permanently added the RSA host key for IP address 'x.x.x.x' to the list of known hosts.
mynewuser@bitbucket.org: Permission denied (publickey).
fatal: Could not read from remote repository.

Please make sure you have the correct access rights
and the repository exists.

The news public/private keys are in place, new public key is added to Bitbucket, what else am I missing?

Any thoughts, ideas?

Answer
Watch
Like Be the first to like this
1789 views

1 answer

2 votes
Rafael Pinto Sperafico
Rafael Pinto Sperafico
Rising Star
Rising Star
Rising Stars are recognized for providing high-quality answers to other users. Rising Stars receive a certificate of achievement and are on the path to becoming Community Leaders.
Get recognized
December 27, 2018

Hi @Janis Cimbulis,

Perhaps, we could start by reviewing the steps you have followed.

It is important to review where the SSH keys are stored in your box and where they have been placed in Bitbucket Cloud.

Lets start by Bitbucket Cloud:

If you visit your repository in Bitbucket Cloud, then under Settings >> Access keys, whatever SSH key you add there will only allow users to read from the repository, meaning users will not have access to push data to the repository.

If you want to grant users access to push code, then you have to go to your User Account in Bitbucket Cloud, Settings >> Security >> SSH Keys, then you can push code the whatever repository you have been granted permission to under Settings >> User and groups access

Now, lets review where you have stored the SSH key(s) in your box:

When issuing the command to generate SSH keypair, you are prompted to specify where the SSH key generated will be stored in your box. Usually, the SSH is stored under your User's account (~/.ssh directory).

For this purpose, lets say you have created the following SSH keys and they are located under ~/.ssh directory:

id_rsa
id_rsa.pub
friend_rsa
friend_rsa.pub

 And you have two repositories in Bitbucket Cloud:

  • git@bitbucket.org:YOU/repositoryA.git
  • git@bitbucket.org:FRIEND/repositoryB.git

Then, let's say:

  • id_rsa will be used to connect to your repositories
  • friend_rsa will be used to connect to someone else's repository

For that you can specify which SSH key will be used to authenticate against a given URL / repository by following Using different SSH keys for multiple Bitbucket accounts

Create a ~/.ssh/config file and place the following content:

# your repository
Host bitbucket.org-your
 HostName bitbucket.org
 User git
 IdentityFile ~/.ssh/id_rsa
 IdentitiesOnly yes

# friend repository
Host bitbucket.org-friend
 HostName bitbucket.org
 User git
 IdentityFile ~/.ssh/friend_rsa
 IdentitiesOnly yes

Then, configure your Git repository so it know which SSH will be using to authenticate against repository.

git clone git@bitbucket.org-your:YOU/repositoryA.git
git clone git@bitbucket.org-friend:FRIEND/repositoryB.git

Now, when you perform the "git clone" command, Git will review the configuration you have created and when cloning from "bitbucket.org-your", it will:

  • look up the Host bitbucket.org-your entry 
  • attempt on establish communicate with HostName bitbucket.org
  • making use of IdentityFile ~/.ssh/id_rsa key with User git 

If you already have a copy of the repository, you will need to update the origin by running:

git remote set-url origin git@bitbucket.org-your:YOU/repositoryA.git

Perhaps you should review the hosts entries pointing to Bitbucket Cloud under ~/.ssh/known_hosts and exclude them, so the next time you issue a Git command against a repository, a new entry will be created.

If you want to review which SSH key is being used to authenticate against a given repository, you could run the following commands from Terminal:

export GIT_TRACE_PACKET=1
export GIT_TRACE=1 
export GIT_CURL_VERBOSE=1

More information on Debug logging for Git operations on the client

Kind regards,

Rafael

Reply

Suggest an answer

Log in or Sign up to answer
Bitbucket
Bitbucket
TAGS
AUG Leaders

Atlassian Community Events

    See all events