We noticed that suddenly the entire team was not able to access the bit bucket repository. We did suspect the issue could be with the ssh keys. A brief explanation about what SSH keys mean in this context.
SSH keys can be used to establish a secure connection with Bitbucket Server for:
a) when you are performing Git operations from your local machine
b) when another system or process needs access to repositories in Bitbucket Server (for example your build server)
The SSH key needs to be added to Bitbucket Server, and your Bitbucket Server administrator must have enabled SSH access to Git repositories before you can make use of the key.
Bitbucket Server supports DSA, RSA2, and Ed25519 key types. RSA1 is not supported
Even though Bit bucket says RSA2 key type is supported, all our RSA2 keys were failed to be honored by bit bucket. It worked after we created the ed25519 key and added it to the bit bucket profile.
Here is the steps to do the same:
1. Check for existing SSH keys
You should check for existing SSH keys on your local computer. You can use an existing SSH key with Bitbucket Server if you want, in which case you can go straight to either SSH user keys for personal use or SSH access keys for system use.
Open a terminal and run the following:
cd ~/.ssh
- If you see “No such file or directory, then there aren’t any existing keys: go to step 3.
- Check to see if you have a key already:
ls id_*
- If there are existing keys, you may want to use them; go to either SSH user keys for personal use or SSH access keys for system use.
2. Back up old SSH keys
If you have existing SSH keys, but you don’t want to use them when connecting to Bitbucket Server, you should back those up.
Do this in a terminal on your local computer, by running:
mkdir key_backup
cp id_ed25519* key_backup
3. Generate a new key
If you don’t have an existing SSH key that you wish to use, generate one as follows:
- Open a terminal on your local computer and enter the following:
ssh-keygen -t ed25519 -C "your_email@example.com"
Associating the key with your email address helps you to identify the key later on.You’ll see a response similar to this:chaiss@C02FP1JWMD6V ~ % ssh-keygen -t ed25519 -C chaiss@email.com Generating public/private ed25519 key pair. Enter file in which to save the key (/Users/chaiss/.ssh/id_ed25519):
- Just press <Enter> to accept the default location and file name. If the
.ssh
directory doesn’t exist, the system creates one for you. - Enter, and re-enter, a passphrase when prompted. The whole interaction will look similar to this:
chaiss@C02FP1JWMD6V ~ % ssh-keygen -t ed25519 -C chaiss@email.com Generating public/private ed25519 key pair. Enter file in which to save the key (/Users/chaiss/.ssh/id_ed25519): Enter passphrase (empty for no passphrase): Enter same passphrase again: Your identification has been saved in /Users/chaiss/.ssh/id_ed25519. Your public key has been saved in /Users/chaiss/.ssh/id_ed25519.pub. The key fingerprint is: SHA256:gTVWKbn41z6JgBNu3wYjLC4H6oW5bmhaXyaVABwmEtE chaiss@email.com The key's randomart image is: +--[ED25519 256]--+ |==+. +o.. | |.oE. +o.. | | . ...o | | .o... | | oo+S . | | + ..B = . . | |.+.+.oo+ * o . | |o++.o+ . + + | |B+ o. . . | +----[SHA256]-----+ chaiss@C02FP1JWMD6V ~ %
- You’re done! Now go to either SSH user keys for personal use or SSH access keys for system use.
If you are facing a similar problem at your organization, please go ahead and create the new key as described in this blog.
Please share your comments or share it if you liked the blog.