Come for the products,
stay for the community

The Atlassian Community can help you and your team get more value out of Atlassian products and practices.

Atlassian Community about banner
4,294,333
Community Members
 
Community Events
165
Community Groups

self-hosted linux runner unable to clone a repo git@bitbucket.org: Permission denied (publickey).

Edited

Hi 

In a pipeline running on the self-hosted linux docker container I'm trying to clone a different repo from the one that owns the pipeline but I have the git clone command following error

git@bitbucket.org: Permission denied (publickey).

I have added the public key in both the repo under Settings->Access key (for both the main which owns the pipeline and the other which is required by the main repo)

I try to do what was suggested in that question

https://community.atlassian.com/t5/Bitbucket-questions/self-hosted-runner-mount-ssh-key/qaq-p/1890134

but even if I try to create the ssh folder or the .ssh folder under

/tmp/<runner-id>

and copy the private key in, I still have

git@bitbucket.org: Permission denied (publickey).
fatal: Could not read from remote repository.
Please make sure you have the correct access rights
and the repository exists.

I'm using runner image 1.323

If I run the same git clone command from linux I can clone the repo (I must be something with ssh key of the runner because the repo exists)

Could you help me please?

1 answer

0 votes
Patrik S Atlassian Team May 24, 2022

Hello @Daniele Cordioli ,

Thank you for reaching out to Atlassian Community.

In order for the SSH key to be available for the runner to use, you should add it to the Settings > Pipelines > SSH keys of the main repo (the one that owns the pipeline). The keys added to this section are automatically made available in the runner's container.

So, in order to clone a different repository in your pipelines you would have to do the following : 

In the repository that owns the pipeline

  1. Go to Settings > Pipelines > SSH keys
  2. In case you want Bitbucket to generate the keys for you, click on Generate Key. Otherwise, if you already have the keys, click on Use my own keys and paste both the private and public keys.

In the repository being cloned

  1. Go to Settings > General > Access keys
  2. Click on Add key, and paste the same public key you have configured in the repository that own the pipeline.

After completing the steps above, once you run your build again the key you have configured in the main repository will be made available to the runner container. Since you gave that key access to the repository being cloned by including it in the Access Keys, the clone should complete successfully.

You are also welcome to take a look at the following blog post which covers in more detail the same instructions I've shared above :

Hope that helps! Let me know in case you have any questions.

Thank you, @Daniele Cordioli 

Kind regards,

Patrik S

Hi Patrik and thanks for your prompt reply

I have done what you have suggested but it's not working using a self hosted runner on linux.

The runner in linux is not able to clone the repo

git@bitbucket.org: Permission denied (publickey).
fatal: Could not read from remote repository.
Please make sure you have the correct access rights
and the repository exists.
Patrik S Atlassian Team May 26, 2022

Hello @Daniele Cordioli ,

I tested in my own instance and it worked successfully using runners.

That said, for testing porpoise, could you please try using the key generated by Bitbucket, instead of providing your own key? To do that, in the repo that owns the pipeline you need to go to Settings > Pipelines > SSH keys, delete any existing key pair, and use the Generate Key button. You will be provided with a new public key.

Copy this public key and paste it in the repo you are trying to clone, under Settings > General > Access keys.

Then you can try re-running your build and check if it works.

In case it still doesn't work, I'd ask you to use the command below in your pipeline for cloning, as it will provide more verbose logs : 

GIT_TRACE_PACKET=1 GIT_TRACE=1 GIT_SSH_COMMAND="ssh -vvv" git clone git@bitbucket.org:<workspace>/<repository>.git

Once you run the pipeline with the command above, please share us the full output (please hide any sensitive information from the logs).

Thank you, @Daniele Cordioli .

Kind regards,

Patrik S

Hi @Patrik S 

following your suggestion I generated the key and paste into the right repo and now it's working!

 

Thanks so much

Like Patrik S likes this

Suggest an answer

Log in or Sign up to answer
TAGS
Community showcase
Published in Bitbucket

Git push size limits are coming to Bitbucket Cloud starting April 4th, 2022

Beginning on April 4th, we will be implementing push limits. This means that your push cannot be completed if it is over 3.5 GB. If you do attempt to complete a push that is over 3.5 GB, it will fail...

2,155 views 2 9
Read article

Community Events

Connect with like-minded Atlassian users at free events near you!

Find an event

Connect with like-minded Atlassian users at free events near you!

Unfortunately there are no Community Events near you at the moment.

Host an event

You're one step closer to meeting fellow Atlassian users at your local event. Learn more about Community Events

Events near you