• Tìm kiếm

Permission denied (publickey) | Bitbucket Cloud

avatar
admin
03:10 14/12/2024

Platform Notice: Cloud - This article applies to tướng Atlassian products on the cloud platform.

Problem

When attempting to tướng clone, push or pull over SSH with Git, you receive the message

Permission denied (publickey).

OR

remote: Permission denied (publickey)

OR

abort: Permission denied: (project name)

Diagnosis

You are receiving this message because Bitbucket Cloud could not authenticate you with any of the keys that were offered to tướng it by your SSH agent. To verify this is the case, bởi the following 

ssh -t -vvv [email protected]

This will attempt to tướng create a connection to tướng Bitbucket Cloud for git. You should receive a response similar to tướng the following if your key is correctly loaded

$ ssh -t -vvv [email protected] 
authenticated via ssh key.

You can use git to tướng connect to tướng Bitbucket. Shell access is disabled

From here you can proceed with your work as normal. If you bởi not see a message similar to tướng the above, read on.
If you see the message "debug3: no such identity: : No such tệp tin or directory" refer to tướng Error "No such tệp tin or directory" when running verbose git SSH commands.

Resolution

This can be caused by a couple of factors, but these are the most common:

- Your public key isn't loaded into Bitbucket Cloud

To kiểm tra to tướng see if your public key is loaded into Bitbucket Cloud, bởi the following:

  1. Open a browser and log into Bitbucket Cloud.
  2. Select the Settings cog and select Personal Bitbucket settings from the profile menu

    The system displays the personal settings page.

  3. Click SSH keys in the Security section.
    The SSH Keys page displays. It shows a list of any existing keys. Alternatively, you can directly access this URL - https://bitbucket.org/account/settings/ssh-keys/ to tướng list/add/delete SSH keys under your profile. 

  4. If you bởi not have any keys listed, follow Set up an SSH key to phối one up.

If your SSH agent doesn't know how to tướng offer Bitbucket Cloud a key, the connection will fail. To find out what keys your SSH Agent currently is offering, and add them, bởi the following:

Windows
  1. Double-click Pageant to tướng view loaded keys (Pageant is a PuTTY authentication agent).
  2. Click 'Add Key' to tướng add any key not found in the list.

If you see an invalid format error, make sure you remove all of the new line characters and spaces from the key.  In the example above, the last character should be 6.

On GitBash, MacOS or Linux


Then, if you don't see your key listed, add it by 

Remember that if the key was generated with a different name you should change the 'id_rsa' on the command to tướng the name of the key. For more information, kiểm tra out our full Troubleshoot SSH issues guide.

- Your identity isn’t loaded into PuTTYgen 


If using PuTTYgen application:

  1. Open PuTTYgen;

  2. Click on ‘File > Load private key’;

  3. Choose your *.ppk tệp tin from a directory;

  4. Click on ‘Conversions > Export OpenSSH key’;

  5. Save the tệp tin in ‘C:\Users\\.ssh thư mục with 'id_rsa’ name.

- Git bash for Windows/Pageant is not using the correct keys 

This can be confirmed by running the following command:

If you see that your SSH agent isn’t using the key you want to tướng, it’s likely because of Windows Environment Variables. To configure those, follow the steps outlined below:

1. Access your Environment Variables by opening up System Properties and navigating to tướng Advanced System Settings
2. Add a new System variable with the following structure

Variable Name: GIT_SSH
Variable Value: full path to tướng pageant.exe (you may also have plink.exe, puttygen.exe and other agents, i.e. C:\Program Files (x86)\Atlassian\SourceTree\tools\putty\plink.exe)

(info) An easy way of finding the path for the agent is to tướng open Task Manager, find the process, and open the thư mục location to tướng get the path to tướng your agent.

After creating the new variable make sure to tướng restart your terminals sánh that they receive the new values. If you’re running bash from an IDE, make sure to tướng restart the IDE itself as well.

- You bởi not have permission to tướng create the repository on your local filesystem

If you get the error "Permission denied", it is also possible that git doesn't have permission to tướng create the project thư mục locally. Check permissions for the directory where you're attempting to tướng kiểm tra out the project, and make sure you have write access.

- Your private key tệp tin permissions are too open

Your ssh-agent might not use your private key if the tệp tin permissions for your private key are too open. The key needs to tướng be read-writable only to tướng you:

On GitBash, MacOS, or Linux
Alternatively the key can be only readable to tướng you:
On Windows

File permissions can be phối by right-mouse clicking on the relevant tệp tin, going into properties, and then selecting the "Security" tab, leaving only the SYSTEM, Administrators, and the user as read-writable to tướng.

- Your security algorithm has been deprecated or is different than vãn Bitbucket’s accepted methods 

This can be confirmed by running the following command:

If you see the debug1: send_pubkey_test: no mutual signature algorithm message then this is the case.

The RSA SHA-1 hash algorithm is being quickly deprecated across operating systems and SSH clients because of various security vulnerabilities, with many of these technologies now outright denying the use of this algorithm.

(info) For example - here is the announcement from OpenSSH regarding their upcoming deprecation of the ssh-rsa algorithm.

If you are using an operating system or SSH client whose version has this algorithm disabled, any SSH keys previously generated using this algorithm may no longer be accepted by these technologies. 

If you are getting an error in Pipelines while using an RSA key, it might be because the Pipelines image is using an older version of OpenSSH that still uses SHA1 as the mặc định algorithm for RSA keys. Switch your image to atlassian/default-image:4 with the following line in your bitbucket-pipelines.yml tệp tin -

image: atlassian/default-image:4

The default-image:4 is based off of Ubuntu 22.04 which has a newer version of OpenSSH installed that uses SHA256 instead of SHA1 for RSA keys. This is a more secure algorithm and accepted everywhere. If you bởi not specify any image, atlassian/default-image:1 is used which uses an older version of OpenSSH that still uses SHA1 for RSA keys.


The preferred resolution is to tướng re-generate the keys using an updated algorithm, which can be done using the following command:

ssh-keygen -t ed25519 -C "[email protected]

If generating a new key doesn’t work, you can also re-enable the RSA algorithm by adding the following line to tướng your ssh-agent config file:

PubkeyAcceptedKeyTypes +rsa-sha2-256,rsa-sha2-512

The config tệp tin can usually be found on the following path: ~/.ssh/config

If none of the solutions above worked you can always liên hệ our tư vấn team via the tư vấn portal at https://support.atlassian.com/. Feel miễn phí to tướng open a ticket with us containing as much information as possible, especially which repository are you trying to tướng access as well as your public SSH key, which can be found by using the following command:

This will copy the contents of your public SSH key and will be ready to tướng be pasted on the tư vấn ticket.