Create
cancel
Showing results for 
Search instead for 
Did you mean: 
Sign up Log in

Next challenges

Recent achievements

Recognition

  • Give kudos
  • My kudos

Leaderboard

  • Global

Trophy case

Kudos (beta program)

Kudos logo

You've been invited into the Kudos (beta program) private group. Chat with others in the program, or give feedback to Atlassian.

View group

It's not the same without you

Join the community to find out what other Atlassian users are discussing, debating and creating.

Atlassian Community Hero Image Collage

git@bitbucket.org: Permission denied (publickey). Edited

The sh-Tv command doesn't work git@bitbucket.org

outstanding result

debug1: /root/.ssh/config line 1: Applying options for bitbucket.org
debug1: Reading configuration data /etc/ssh/ssh_config
debug1: /etc/ssh/ssh_config line 19: Applying options for *
debug1: Connecting to bitbucket.org [18.234.32.157] port 22.
debug1: Connection established.
debug1: permanently_set_uid: 0/0
debug1: identity file /root/.ssh/authorized_keys type 0
debug1: key_load_public: No such file or directory
debug1: identity file /root/.ssh/authorized_keys-cert type -1
debug1: Local version string SSH-2.0-OpenSSH_7.6p1 Ubuntu-4ubuntu0.3
debug1: Remote protocol version 2.0, remote software version conker_c123b90d72-dirty conker-3005
debug1: no match: conker_c123b90d72-dirty conker-3005
debug1: Authenticating to bitbucket.org:22 as 'git'
debug1: SSH2_MSG_KEXINIT sent
debug1: SSH2_MSG_KEXINIT received
debug1: kex: algorithm: curve25519-sha256@libssh.org
debug1: kex: host key algorithm: ssh-rsa
debug1: kex: server->client cipher: chacha20-poly1305@openssh.com MAC: <implicit> compression: none
debug1: kex: client->server cipher: chacha20-poly1305@openssh.com MAC: <implicit> compression: none
debug1: expecting SSH2_MSG_KEX_ECDH_REPLY
debug1: Server host key: ssh-rsa SHA256:zzXQOXSRBEiUtuE8AikJYKwbHaxvSc0ojez9YXaGp1A
debug1: Host 'bitbucket.org' is known and matches the RSA host key.
debug1: Found key in /root/.ssh/known_hosts:1
debug1: rekey after 134217728 blocks
debug1: SSH2_MSG_NEWKEYS sent
debug1: expecting SSH2_MSG_NEWKEYS
debug1: SSH2_MSG_NEWKEYS received
debug1: rekey after 134217728 blocks
debug1: SSH2_MSG_SERVICE_ACCEPT received
debug1: Authentications that can continue: publickey
debug1: Next authentication method: publickey
debug1: Offering public key: RSA SHA256:DMEUMt83IdFNcKAmA2t/K3EH9lfpjVWijIu0zH8LtlI /root/.ssh/authorized_keys
debug1: Authentications that can continue: publickey
debug1: No more authentication methods to try.
git@bitbucket.org: Permission denied (publickey).

in SSH keys, I created a key and added it to authorized_keys.

also bitbucket.org added to known_hosts.

my config:

Host bitbucket.org
Hostname bitbucket.org
User git
PreferredAuthentications publickey
IdentityFile ~/.ssh/authorized_keys 

 

5 answers

2 accepted

0 votes
Answer accepted

1.Can you adjust the content of the config file as follows and see if this helps?

didn't help.

ls -ld /root/.ssh

drwx------ 2 root root 4096 Sep 25 17:33 /root/.ssh

 

ssh -Tvvv git@bitbucket.org

OpenSSH_7.6p1 Ubuntu-4ubuntu0.3, OpenSSL 1.0.2n 7 Dec 2017
debug1: Reading configuration data /root/.ssh/config
debug1: /root/.ssh/config line 1: Applying options for bitbucket.org
debug1: Reading configuration data /etc/ssh/ssh_config
debug1: /etc/ssh/ssh_config line 19: Applying options for *
debug2: resolving "bitbucket.org" port 22
debug2: ssh_connect_direct: needpriv 0
debug1: Connecting to bitbucket.org [18.234.32.157] port 22.
debug1: Connection established.
debug1: permanently_set_uid: 0/0
debug1: identity file /root/.ssh/id_rsa_bitbuket type 0
debug1: key_load_public: No such file or directory
debug1: identity file /root/.ssh/id_rsa_bitbuket-cert type -1
debug1: Local version string SSH-2.0-OpenSSH_7.6p1 Ubuntu-4ubuntu0.3
debug1: Remote protocol version 2.0, remote software version conker_c123b90d72-dirty conker-3008
debug1: no match: conker_c123b90d72-dirty conker-3008
debug2: fd 3 setting O_NONBLOCK
debug1: Authenticating to bitbucket.org:22 as 'git'
debug3: hostkeys_foreach: reading file "/root/.ssh/known_hosts"
debug3: record_hostkey: found key type RSA in file /root/.ssh/known_hosts:1
debug3: load_hostkeys: loaded 1 keys from bitbucket.org
debug3: order_hostkeyalgs: prefer hostkeyalgs: ssh-rsa-cert-v01@openssh.com,rsa-sha2-512,rsa-sha2-256,ssh-rsa
debug3: send packet: type 20
debug1: SSH2_MSG_KEXINIT sent
debug3: receive packet: type 20
debug1: SSH2_MSG_KEXINIT received
debug2: local client KEXINIT proposal
debug2: KEX algorithms: curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c
debug2: host key algorithms: ssh-rsa-cert-v01@openssh.com,rsa-sha2-512,rsa-sha2-256,ssh-rsa,ecdsa-sha2-nistp256-cert-v01@openssh.com,ecdsa-sha2-nistp384-cert-v01@openssh.com,ecdsa-sha2-nistp521-cert-v01@openssh.com,ssh-ed25519-cert-v01@openssh.com,ecdsa-sha2-nistp256,ecdsa-sha2-nistp384,ecdsa-sha2-nistp521,ssh-ed25519
debug2: ciphers ctos: chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com
debug2: ciphers stoc: chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com
debug2: MACs ctos: umac-64-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha1-etm@openssh.com,umac-64@openssh.com,umac-128@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1
debug2: MACs stoc: umac-64-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha1-etm@openssh.com,umac-64@openssh.com,umac-128@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1
debug2: compression ctos: none,zlib@openssh.com,zlib
debug2: compression stoc: none,zlib@openssh.com,zlib
debug2: languages ctos:
debug2: languages stoc:
debug2: first_kex_follows 0
debug2: reserved 0
debug2: peer server KEXINIT proposal
debug2: KEX algorithms: curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1
debug2: host key algorithms: ssh-dss,ssh-rsa
debug2: ciphers ctos: aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,chacha20-poly1305@openssh.com
debug2: ciphers stoc: aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,chacha20-poly1305@openssh.com
debug2: MACs ctos: hmac-sha2-256-etm@openssh.com,hmac-sha2-256,hmac-sha1,hmac-sha1-96
debug2: MACs stoc: hmac-sha2-256-etm@openssh.com,hmac-sha2-256,hmac-sha1,hmac-sha1-96
debug2: compression ctos: none
debug2: compression stoc: none
debug2: languages ctos:
debug2: languages stoc:
debug2: first_kex_follows 0
debug2: reserved 0
debug1: kex: algorithm: curve25519-sha256@libssh.org
debug1: kex: host key algorithm: ssh-rsa
debug1: kex: server->client cipher: chacha20-poly1305@openssh.com MAC: <implicit> compression: none
debug1: kex: client->server cipher: chacha20-poly1305@openssh.com MAC: <implicit> compression: none
debug3: send packet: type 30
debug1: expecting SSH2_MSG_KEX_ECDH_REPLY
debug3: receive packet: type 31
debug1: Server host key: ssh-rsa SHA256:zzXQOXSRBEiUtuE8AikJYKwbHaxvSc0ojez9YXaGp1A
debug3: hostkeys_foreach: reading file "/root/.ssh/known_hosts"
debug3: record_hostkey: found key type RSA in file /root/.ssh/known_hosts:1
debug3: load_hostkeys: loaded 1 keys from bitbucket.org
debug3: hostkeys_foreach: reading file "/root/.ssh/known_hosts"
debug3: record_hostkey: found key type RSA in file /root/.ssh/known_hosts:2
debug3: load_hostkeys: loaded 1 keys from 18.234.32.157
debug1: Host 'bitbucket.org' is known and matches the RSA host key.
debug1: Found key in /root/.ssh/known_hosts:1
debug3: send packet: type 21
debug2: set_newkeys: mode 1
debug1: rekey after 134217728 blocks
debug1: SSH2_MSG_NEWKEYS sent
debug1: expecting SSH2_MSG_NEWKEYS
debug3: receive packet: type 21
debug1: SSH2_MSG_NEWKEYS received
debug2: set_newkeys: mode 0
debug1: rekey after 134217728 blocks
debug2: key: /root/.ssh/id_rsa_bitbuket (0x55a4ee24b1c0), explicit
debug3: send packet: type 5
debug3: receive packet: type 6
debug2: service_accept: ssh-userauth
debug1: SSH2_MSG_SERVICE_ACCEPT received
debug3: send packet: type 50
debug3: receive packet: type 51
debug1: Authentications that can continue: publickey
debug3: start over, passed a different list publickey
debug3: preferred publickey
debug3: authmethod_lookup publickey
debug3: remaining preferred:
debug3: authmethod_is_enabled publickey
debug1: Next authentication method: publickey
debug1: Offering public key: RSA SHA256:JZ/TMr2RR5jlNqT8ALlT6jK6zUHSCTNr29JiqN4QOmE /root/.ssh/id_rsa_bitbuket
debug3: send_pubkey_test
debug3: send packet: type 50
debug2: we sent a publickey packet, wait for reply
debug3: receive packet: type 51
debug1: Authentications that can continue: publickey
debug2: we did not send a packet, disable method
debug1: No more authentication methods to try.
git@bitbucket.org: Permission denied (publickey).

 2. Can you perhaps share the public SSH key here, so I can check whether it is uploaded in your Bitbucket Cloud account?

ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQDfJdZ12xmKK4NU2e1MUalmoi0JQr0mGKpqgguKuGUifLE41hc/fnF0BJciX3RaJUSW3N39e1woRfHzNASCMSjMtYrmIA3JrFmh47vx/X8nmpjczJwZJiIvIBSW8YkHbywenSGabQNe22J7rHazJ+6K4S7MOKleR8niJRjO3BGXjpsiE+hcByFHeK5X0XTYXlAqQ1B87NA3HTIL2oHduzyYDq+lLnhb8yIIxZ1UzVBKRHDmk3oruuUhdrEL/ubor7gGMMxftbdt6jwykUtRH79c4poxhT2gWb+nL6mBf/7WgmLwkvQ5QCip86akfOzIUCnWXDSzPkkijH2XLCSUld/zE3HdK20EAdYSLWWrnMlbIFYTV0v474Rpq7vDatD11VyUJULM1HaAudi3Lzl04mUl0LWRcSP1/qOhtSc9dHabpk9+NldChN16tPmVoI1exJpgSZm//Vk2FcW9AzwCFssv3+IU7JGbZYnx0W9/3J/J+2DZpvNWy28bsg2956MDKwz7a5x+vsR8Ho657Pb8rQwO3WJ6EfcPZUW/muHrNN2ESZjkQz+0DPqygFRdz25hze/QVcC8iwKeowMr6CIBYcQXDAS4L7RjaX95RNqTj/gumNqVnfN972dJFpcQZX/3F2uFk8vYvr/n3UGQjY02tFcRzuu0v96gpKeS8tgTv8lLzw== team@webdevep.ru

Hello,

Thank you for the info. The permissions for the .ssh directory seem to be ok.

However, I can see that this public SSH key is not associated with any Bitbucket Cloud account.

Can you upload it to your Bitbucket Cloud account and give it another try?

You can upload the key if you:

  1. Log in to https://bitbucket.org/
  2. Select your avatar (bottom left corner) > Personal settings
  3. In the new page that opens, select SSH keys
  4. In there, you can add your public SSH key

Afterwards, you can execute the command ssh -Tvvv git@bitbucket.org again and please feel free to let me know how it goes.

Kind regards,
Theodora

0 votes
Answer accepted

However, I can see that this public SSH key is not associated with any Bitbucket Cloud account.

you mean here? https://take.ms/Y9TXd

what's this for, then? https://take.ms/uVerz

Hello,

Thank you for your reply, I believe I misunderstood the issue. I assumed that you were trying to set up SSH for your Bitbucket Cloud account rather than in Pipelines, since you mentioned issues with the command ssh -Tv git@bitbucket.org. My apologies for the misunderstanding.

For SSH keys in Pipelines, you are right about adding the public SSH key to your server's authorized_keys file, and also updating the known hosts in the SSH keys page of the repository.

I am unsure why you are trying to test connectivity to Bitbucket with the command ssh -Tv git@bitbucket.org. This is a command used to test the SSH connection from your machine to Bitbucket, when you set up SSH for your Bitbucket Cloud account.

If you want to use SSH in your Pipelines build in order to connect to your server, I assume that you want to test the SSH connection from the build to your server? In order to do that, you would need to add in your bitbucket-pipelines.yml file a command like the following:

ssh user@host

where
user replace with the username of the user you connect to in your server
host replace with the IP of your server

Is this something that works for you?

Kind regards,
Theodora

0 votes

Hello,

If you are trying to connect from your own machine to Bitbucket Cloud (https://bitbucket.org/) you don't need an authorized_keys file. The authorized_keys file is used if you want to connect e.g. to a server of yours via SSH.

For Bitbucket Cloud, if you want to connect an SSH key to your Bitbucket Cloud account, then you add the public key to your Bitbucket account Settings:

  1. After you log in to https://bitbucket.org/, go to your avatar (bottom left corner) > Personal settings
  2. Select SSH keys
  3. Add in there the public SSH key you generated

Is this an action you have performed?

I see in your config the line

IdentityFile ~/.ssh/authorized_keys

Is authorized_keys the name of the SSH key you generated? Or the name of a file you created, containing the public key?

Could you let us know what is the output of

ls -lah /root/.ssh/

so we can see the contents of this folder and also the permissions of the files there?

Kind regards,
Theodora

no, I'm connecting from my server on ubuntu

ssh-add -l

4096 SHA256:fsdfdgdfgfdgdg /root/.ssh/id_rsa_bitbuket (RSA)

accordingly I generated the key in the bitbucket and added it

ssh -Tv git@bitbucket.org

OpenSSH_7.6p1 Ubuntu-4ubuntu0.3, OpenSSL 1.0.2n 7 Dec 2017
debug1: Reading configuration data /root/.ssh/config
debug1: /root/.ssh/config line 1: Applying options for bitbucket.org
debug1: Reading configuration data /etc/ssh/ssh_config
debug1: /etc/ssh/ssh_config line 19: Applying options for *
debug1: Connecting to bitbucket.org [18.234.32.155] port 22.
debug1: Connection established.
debug1: permanently_set_uid: 0/0
debug1: identity file /root/.ssh/id_rsa_bitbuket type 0
debug1: key_load_public: No such file or directory
debug1: identity file /root/.ssh/id_rsa_bitbuket-cert type -1
debug1: Local version string SSH-2.0-OpenSSH_7.6p1 Ubuntu-4ubuntu0.3
debug1: Remote protocol version 2.0, remote software version conker_c123b90d72-dirty conker-3007
debug1: no match: conker_c123b90d72-dirty conker-3007
debug1: Authenticating to bitbucket.org:22 as 'git'
debug1: SSH2_MSG_KEXINIT sent
debug1: SSH2_MSG_KEXINIT received
debug1: kex: algorithm: curve25519-sha256@libssh.org
debug1: kex: host key algorithm: ssh-rsa
debug1: kex: server->client cipher: chacha20-poly1305@openssh.com MAC: <implicit> compression: none
debug1: kex: client->server cipher: chacha20-poly1305@openssh.com MAC: <implicit> compression: none
debug1: expecting SSH2_MSG_KEX_ECDH_REPLY
debug1: Server host key: ssh-rsa SHA256:zzXQOXSRBEiUtuE8AikJYKwbHaxvSc0ojez9YXaGp1A
debug1: Host 'bitbucket.org' is known and matches the RSA host key.
debug1: Found key in /root/.ssh/known_hosts:1
debug1: rekey after 134217728 blocks
debug1: SSH2_MSG_NEWKEYS sent
debug1: expecting SSH2_MSG_NEWKEYS
debug1: SSH2_MSG_NEWKEYS received
debug1: rekey after 134217728 blocks
debug1: SSH2_MSG_SERVICE_ACCEPT received
debug1: Authentications that can continue: publickey
debug1: Next authentication method: publickey
debug1: Offering public key: RSA SHA256:JZ/TMr2RR5jlNqT8ALlT6jK6zUHSCTNr29JiqN4QOmE /root/.ssh/id_rsa_bitbuket
debug1: Authentications that can continue: publickey
debug1: No more authentication methods to try.
git@bitbucket.org: Permission denied (publickey).

 

ls -lah /root/.ssh/

total 24K
drwx------ 2 root root 4.0K Sep 25 17:33 .
drwx------ 6 root root 4.0K Sep 25 17:24 ..
-rw-r--r-- 1 root root 55 Sep 25 17:29 config
-rw------- 1 root root 3.2K Sep 25 17:33 id_rsa_bitbuket
-rw-r--r-- 1 root root 742 Sep 25 17:33 id_rsa_bitbuket.pub
-rw-r--r-- 1 root root 1.8K Sep 25 17:35 known_hosts
cat /root/.ssh/config

Host bitbucket.org
IdentityFile ~/.ssh/id_rsa_bitbuket
  

Hello,

Thank you for your reply.

I can see that now you have an SSH key pair named id_rsa_bitbuket and the file permissions seem to be ok.

1. Can you adjust the content of the config file as follows and see if this helps?

Host bitbucket.org
HostName bitbucket.org
User your-Bitbcuket-username
PreferredAuthentications publickey
IdentityFile /root/.ssh/id_rsa_bitbuket

Replace your-Bitbcuket-username above with your own Bitbucket username.

2. Can you perhaps share the public SSH key here, so I can check whether it is uploaded in your Bitbucket Cloud account?

You can get the contents of the public key with

cat /root/.ssh/id_rsa_bitbuket.pub

If you don't feel comfortable sharing that publicly, please feel free to let me know and I can open a ticket for you with our support team.

3. Could you also please let me know what are the permissions on the .ssh directory?

ls -ld /root/.ssh

4. Can you run the ssh command as follows and share the output? This will give us more verbose output and possibly an indication of what may going wrong.

ssh -Tvvv git@bitbucket.org

Kind regards,
Theodora

i try, but it not work https://take.ms/X6xlQ

Hello,

I see in your screenshot that you are using the atlassian/ssh-run pipe.

I can see from a previous screenshot that you updated the known hosts in the repository Settings > SSH keys.

You also mentioned that you have added the public SSH key in the authorized_keys file.

Can you confirm if the public SSH key has been added to the .ssh/authorized_keys files for the user root in your server?

A possible reason for this error would be if the key has been added to .ssh/authorized_keys of a different user instead of root.

Kind regards,
Theodora

I added it to root, I don't have any other users.

Hi @webdevep_ru ,

A few things we can check:

1. Permissions of the .ssh folder and .ssh/authorized_keys file on your server.

Can you set permissions as follows?

chmod 700 ~/.ssh
chmod 600 ~/.ssh/authorized_keys

for the root user on your server

2. The SSH key pair you use, did you generate it from the SSH keys page of the repo?
Or did you generate it in one of your own machines, and then added it in the SSH keys page?

If you generated in one of your own machines, did you create a passphrase?

One possibility is that authentication is failing because the SSH key pair has a passphrase.

Kind regards,
Theodora

Suggest an answer

Log in or Sign up to answer
DEPLOYMENT TYPE
CLOUD
TAGS
Community showcase
Published in Bitbucket

Powering DevOps with Bitbucket Server & Data Center

Hi everyone, The Cloud team recently announced 12 new DevOps features that help developers ship better code, faster   ! While we’re all excited about the new improvements to Bitbucket ...

1,922 views 0 7
Read article

Community Events

Connect with like-minded Atlassian users at free events near you!

Find an event

Connect with like-minded Atlassian users at free events near you!

Unfortunately there are no Community Events near you at the moment.

Host an event

You're one step closer to meeting fellow Atlassian users at your local event. Learn more about Community Events

Events near you