Create
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Sign up Log in
Products
See all
Community resources
Top groups
Explore all groups
Community resources
Learn
Community resources
Events
Community resources

self-hosted linux runner unable to clone a repo git@bitbucket.org: Permission denied (publickey).

Daniele Cordioli
Daniele Cordioli May 23, 2022

Hi 

In a pipeline running on the self-hosted linux docker container I'm trying to clone a different repo from the one that owns the pipeline but I have the git clone command following error

git@bitbucket.org: Permission denied (publickey).

I have added the public key in both the repo under Settings->Access key (for both the main which owns the pipeline and the other which is required by the main repo)

I try to do what was suggested in that question

https://community.atlassian.com/t5/Bitbucket-questions/self-hosted-runner-mount-ssh-key/qaq-p/1890134

but even if I try to create the ssh folder or the .ssh folder under

/tmp/<runner-id>

and copy the private key in, I still have

git@bitbucket.org: Permission denied (publickey).
fatal: Could not read from remote repository.
Please make sure you have the correct access rights
and the repository exists.

I'm using runner image 1.323

If I run the same git clone command from linux I can clone the repo (I must be something with ssh key of the runner because the repo exists)

Could you help me please?

Answer
Watch
Like Be the first to like this
973 views

1 answer

0 votes
Patrik S
Patrik S
Atlassian Team
Atlassian Team members are employees working across the company in a wide variety of roles.
May 24, 2022

Hello @Daniele Cordioli ,

Thank you for reaching out to Atlassian Community.

In order for the SSH key to be available for the runner to use, you should add it to the Settings > Pipelines > SSH keys of the main repo (the one that owns the pipeline). The keys added to this section are automatically made available in the runner's container.

So, in order to clone a different repository in your pipelines you would have to do the following : 

In the repository that owns the pipeline

  1. Go to Settings > Pipelines > SSH keys
  2. In case you want Bitbucket to generate the keys for you, click on Generate Key. Otherwise, if you already have the keys, click on Use my own keys and paste both the private and public keys.

In the repository being cloned

  1. Go to Settings > General > Access keys
  2. Click on Add key, and paste the same public key you have configured in the repository that own the pipeline.

After completing the steps above, once you run your build again the key you have configured in the main repository will be made available to the runner container. Since you gave that key access to the repository being cloned by including it in the Access Keys, the clone should complete successfully.

You are also welcome to take a look at the following blog post which covers in more detail the same instructions I've shared above :

Hope that helps! Let me know in case you have any questions.

Thank you, @Daniele Cordioli 

Kind regards,

Patrik S

View More Comments
Daniele Cordioli
Daniele Cordioli May 25, 2022

Hi Patrik and thanks for your prompt reply

I have done what you have suggested but it's not working using a self hosted runner on linux.

The runner in linux is not able to clone the repo

git@bitbucket.org: Permission denied (publickey).
fatal: Could not read from remote repository.
Please make sure you have the correct access rights
and the repository exists.
Like
Patrik S
Patrik S
Atlassian Team
Atlassian Team members are employees working across the company in a wide variety of roles.
May 26, 2022

Hello @Daniele Cordioli ,

I tested in my own instance and it worked successfully using runners.

That said, for testing porpoise, could you please try using the key generated by Bitbucket, instead of providing your own key? To do that, in the repo that owns the pipeline you need to go to Settings > Pipelines > SSH keys, delete any existing key pair, and use the Generate Key button. You will be provided with a new public key.

Copy this public key and paste it in the repo you are trying to clone, under Settings > General > Access keys.

Then you can try re-running your build and check if it works.

In case it still doesn't work, I'd ask you to use the command below in your pipeline for cloning, as it will provide more verbose logs : 

GIT_TRACE_PACKET=1 GIT_TRACE=1 GIT_SSH_COMMAND="ssh -vvv" git clone git@bitbucket.org:<workspace>/<repository>.git

Once you run the pipeline with the command above, please share us the full output (please hide any sensitive information from the logs).

Thank you, @Daniele Cordioli .

Kind regards,

Patrik S

Like
Daniele Cordioli
Daniele Cordioli May 26, 2022

Hi @Patrik S 

following your suggestion I generated the key and paste into the right repo and now it's working!

 

Thanks so much

Like Patrik S likes this
Reply

Suggest an answer

Log in or Sign up to answer
Bitbucket
Bitbucket
TAGS
AUG Leaders

Atlassian Community Events

    See all events