Create
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Sign up Log in
Products
See all
Groups
Explore all groups
Community resources

download entire repository without logging in!!????!!!?!?!

Jordan Thompson1
Jordan Thompson Jan 31, 2015

So I just found out that you can get the entire repository without logging into bitbucket.  Obviously I don't want that happening.  I have set up SSH keys to use with Git and that works fine. 

How can I prevent anyone from accessing my stuff?

Answer
Watch
Like Be the first to like this

3 answers

1 accepted

0 vote
Jordan Thompson1
Jordan Thompson Jan 31, 2015

OK, I'm feeling pretty foolish rightabout now...  It turns out that the browser on the remote machine was logged in already by someone at the keyboard and I didn't notice.  I tried logging them out and repeating the process and it failed (as it rightly should.)

View More Comments
John Garcia [At
John Garcia [Atlassian] Jan 31, 2015

You should probably destroy that key and make a new one if it's been transmitted over the network.

Reply
0 vote
John Garcia [At
John Garcia [Atlassian] Jan 31, 2015

Hey there,

When you set up SSH for your Bitbucket account, you're able to use the SSH private key for authentication. This means that it's as important to make sure you keep your private key private as it is to keep your password and username private, combined.

To directly answer your question, you prevent people from accessing your stuff by keeping that private key private. For instance, never, ever transmit the private key over the network; if you ever think your private key is compromised, destroy it, revoke its access, and make a fresh one.

Reply
0 vote
Jordan Thompson1
Jordan Thompson Jan 31, 2015

This is not a key-pair issue:

I was getting ready to set up the keys on another machine (I had nothing configured on that machine at all, not even Git.)  I was remotely connected to this computer from one that was logged into bitbucket.

Without thinking, I copied the url from a file in my download (the private key!) on one computer and pasted it into my browser on the other (that was not set up yet.)  I was able to download the file(!)  So for grins, I copied the URL for the zip file (Download Repository) from the first computer and pasted it into the browser on the second and low and behold, I was able to download the entire contents of my repository without ever logging in!

Reply

Suggest an answer

Log in or Sign up to answer
How to earn badges on the Atlassian Community

How to earn badges on the Atlassian Community

Badges are a great way to show off community activity, whether you’re a newbie or a Champion.

Learn more
Community showcase
John Paz
John Paz
Posted Jun 12, 2018 in Bitbucket

Do you use any Atlassian products for your personal projects?

After spinning my wheels trying to get organized enough to write a book for National Novel Writing Month (NaNoWriMo) I took my affinity for Atlassian products from my work life and decided to tr...

181 views 20 8
Join discussion

Atlassian User Groups

Connect with like-minded Atlassian users at free events near you!

Find a group

Connect with like-minded Atlassian users at free events near you!

Find my local user group

Unfortunately there are no AUG chapters near you at the moment.

Start an AUG

You're one step closer to meeting fellow Atlassian users at your local meet up. Learn more about AUGs

Groups near you