Sourcetree support multiple SSH keys?

I have multiple bitbucket accounts/SSH keys. I edited my local config file according to http://dbushell.com/2013/01/27/multiple-accounts-and-ssh-keys/ so that I can use Git Bash for both accounts, and it works fine. However I can't get Sourcetree to recognize my other account/SSH key. When I try to clone a repo it says This is not a valid source path / URL. Does Sourcetree support multiple SSH keys? If so, how?

5 answers

1 accepted

It does depend on whether you're using PuTTY or OpenSSH too - SourceTree defaults to PuTTY which means you should have Pageant (the SSH agent) loaded and with your multiple keys loaded. If you're using OpenSSH (see Tools > Options to see which you've got SourceTree configured to use), then the standard .ssh/ folder configuration will apply.

I'm pretty sure my various identities are set up correctly. My config file looks as follows:

Host bitbucket.org
 User git
 Hostname bitbucket.org
 PreferredAuthentications publickey
 IdentityFile ~/.ssh/id_rsa

Host other
 User git
 Hostname bitbucket.org
 PreferredAuthentications publickey
 IdentitiesOnly yes
 IdentityFile ~/.ssh/id_rsa_home_computer

I have loaded my keys to each of my two BitBucket accounts, and I can clone repos via Git Bash successfully as:

$ git clone git@bitbucket.org:volume9inc/v9-ccu-landing-page.git test1
$ git clone git@other:greenhatwebsolutions/ironhammer.git test2

Regarding PuTTY or OpenSSH, I can do either but am having trouble with both.

For PuTTY, I first select PuTTY from Tools > Options and add my SSH key. Then when I go clone my repos, when I enter git@bitbucket.org:volume9inc/v9-ccu-landing-page.git in the Source Path, it works and says that it is a Git repository.

However when I enter in my other Source Path git@other:greenhatwebsolutions/ironhammer.git it says "This is not a valid source path"

For OpenSSH, I change the point my id_rsa file in Tools > Options. But when I enter a Source Path to clone, the spinner icon just stays spinning and says "Checking source".

So a common problem is when you have 2 users on Bitbucket, both with valid SSH keys. When you make a connection to a host under SSH, your SSH client will send the first key to the server. If that is accepted, it will be used, and Bitbucket will map that key to your user account (because the URL itself doesn't identify your user, the key does). So probably what's happening is that your first key is being accepted and mapping to account A, but actually you needed account B's access rights in order to access the repo. By that time, it's too late.

The answer to this for both PuTTY and OpenSSH is to set up host aliases so that your client sends the right key first. You appear to have done that for OpenSSH as shown in the file above, but there are a few points:

  1. That config file won't be picked up by PuTTY. There is a direct equivalent in PuTTY, but it involves setting up 'Saved Sessions' in the PuTTY GUI instead - you use the session name as an alias effectively and provide the host name, key to use and other details in the GUI.
  2. For OpenSSH, you should load all the keys into the ssh-agent that SourceTree starts. You can do this by using Tools > Add SSH Key... and browsing to the new key. In Tools > Options, the multiple keys will be remembered, separated by ';'

Beyond that, SourceTree should pick up your .ssh/config when using OpenSSH - the only reason it wouldn't is if your Bash HOME setting is different from the global environment. SourceTree will detect whether or not you have HOME defined in the global env and will define it for you when calling Git if not, which should resolve this - it defines HOME as either HOMEDRIVE + HOMEPATH, or if that isn't defined then USERPROFILE.

Hi Steve,

Thank you very much for your help, but this is getting too technical. My knowledge of SSH is limited to begin with and I struggled testing both PuTTY and OpenSSH yesterday. I'm able to use both accounts in Sourcetree if I use HTTPS for my second BitBucket account instead of SSH, so I think I'll just do that.

Actually do you a preference between the two? Maybe HTTPS is just as good as SSH anyway.

SSH tends to be a bit faster, so I'd advise using SSH for your primary account and HTTPS for any other accounts if you're having issues with multiple SSH keys.

Yes it does support multiple keys. It sounds like your configuration may not be working properly. Check that link for some tips.

Really check the URL. Bitbucke provides the proper clone URL at the top of each repo page. You might also need to review the Bitbucket documentation for:

Configuring Multiple SSH Identities for GitBash, Mac OSX, & Linux

The page might duplicate what you learned on that blog but it is regularly checked and updated by our team.

I'm testing with Windows 7, and sourcetree fails to authenticate with bitbucket.

Bitbucket account lists 2 ssh keys, the second recently created.

Sourcetree launches pageant on load, right-clicking -> view keys on pageant lists the new ssh key.

Trying to clone the repo on Sourcetree with ssh://username@bitbucket.org/users/username/reponame gives an ssh authentication key error.

I assume bitbucket only looks at the first ssh key. Or the process / instructions to add new ssh key access is flawed.

Thought it might be name and email issues, so i tried it with and without the checkbox on the "Allow Sourcetree to modify your local git and mercurial files", also tried with the correct name/email from the username on bitbuctket and without, none of them seemed to work.

After wasting an hour retrying and searching the internet I decided to give up and will just use TortoiseHg instead.

The issue is that when you use SSH with Bitbucket, the username in the URL is simply 'git@bitbucket.org' and your SSH key is used to idetify your username. If you have more than one SSH key and both of them are valid Bitbucket users, then the first one will be used to log you in and identify you. If that user doesn't have access then you will get an authorisation error.

To resolve this you have to set up aliases in PuTTY (or if you use OpenSSH, in your ~/.ssh/config file) which clearly state which SSH key you want to send in each context. You use one alias for logging in as one user, and another alias for logging in as another.

The simpler option is to use SSH for your primary user and HTTPS for any secondary ones, as presumably you've done for TortoiseHg. This setup with SSH is nothing to do with SourceTree, it's just related to how SSH / Bitbucket discovers what username you are identified as.

Decision for TortoiseHg was because they support https which seems to authenticate just fine. didn't try ssh there, jsyk.

SourceTree supports HTTPS too just fine BTW.

why does bitbucket accept multiple ssh keys if it only tries to authenticate the first one? that doesn't make much sense.

i had used https with sourcetree on mac, so i did find it odd that on windows it just kept asking me for my ssh key whenever i initiated or tried to clone the repo. thinking back now i'm not sure if i tried passing a https:// link on the clone form, that would probably have prompted the user password. thanks for the tip.

It's fine if you have multiple SSH keys on one account, any one of those SSH keys will then identify you as that user. The problem arises when you have multiple Bitbucket accounts, each with an SSH key, and you have more than one of those on your client. The SSH protocol just tries keys in order, and as soon as one is accepted, you're in - but if that's not the user you wanted to be then you can have permissions issues. That's why the way to resolve it is to configure your client so it knows which key to send first to identify you as the right user.

Suggest an answer

Log in or Sign up to answer
How to earn badges on the Atlassian Community

How to earn badges on the Atlassian Community

Badges are a great way to show off community activity, whether you’re a newbie or a Champion.

Learn more
Community showcase
Published 5 hours ago in Agile

What is ChatOps? A guide to its evolution, adoption, and significance

I am the product of AIM. I can hear that door swinging open and closed in my mind with absolute fidelity. I’d recognize that ding anywhere. At 15, as I typed away into AOL IM, I never imagined that ...

20 views 1 5
Read article

Atlassian User Groups

Connect with like-minded Atlassian users at free events near you!

Find a group

Connect with like-minded Atlassian users at free events near you!

Find my local user group

Unfortunately there are no AUG chapters near you at the moment.

Start an AUG

You're one step closer to meeting fellow Atlassian users at your local meet up. Learn more about AUGs

Groups near you