2

I have multiple ssh keys, using one key for one project. I have successfully assigned the public ssh keys to the relevant repositories inside my bitbucket account.

They are stored in the following location:

~/.ssh/rsa_generic_repos
~/.ssh/rsa_generic_repos.pub
~/.ssh/rsa_project1
~/.ssh/rsa_project1.pub

I then add these keys to my ssh-agent before attempting any git access:

ssh-add ~/.ssh/rsa_generic_repos
ssh-add ~/.ssh/rsa_project1

ssh-add -l - Displays:

4096 SHA256:XXXXXXXXXXXXXXXXXXXXXXXXXXX/XXXXXXXXXXXX Generic Repo Key (RSA)
4096 SHA256:XXXXXXXXXXXXXXXXXXXXXXXXXXX/XXXXXXXXXXXX Project 1 Key (RSA)

My Problem:

This works correctly (clones the repo):

git clone [email protected]:Myusername/generic-repo.com.git

This does not work:

git clone [email protected]:Myusername/project1.com.git

Error:

Cloning into 'project1'...
repository access denied. deployment key is not associated with the requested repository.
fatal: Could not read from remote repository.
Please make sure you have the correct access rights and the repository exists.

Yet if I run:

ssh-add -D
ssh-add ~/.ssh/rsa_project1
git clone [email protected]:Myusername/project1.com.git

It successfully clones the repo which it previously wouldn't. This suggests firstly that the public key is set up on bitbucket correctly and that the ssh daemon is not attempting to use any ssh key other than the first entry therefore resulting in the above error.

If anyone could help me with a way to get ssh to go through all the keys stored in the ssh-agent session I would be tremendously grateful.

Thank you for your help and time.

Improve this question
10
  • Though the SSH protocol supports multiple keys, it also can be configured on the server side to only allow a limited number of login attempts. If bit bucket is configured that way, it should be changed. Maybe a support ticket? Commented Dec 12, 2017 at 1:04
  • Good idea, I've created a support ticket with Bitbucket. I will post back here with what they have to say. Commented Dec 12, 2017 at 1:13
  • This is what you need gist.github.com/jexchan/2351996. Read the first comment. Commented Dec 12, 2017 at 1:15
  • Why did you add these keys to specific repos instead of to your account? Commented Dec 12, 2017 at 1:23
  • 1
    @GustavMahler, if you're going to put all the keys in the same place anyway, you may as well add one key to the three repos. With git, I create service accounts for least principle because of the limitation of each deploy key being globally unique ( a choice I do not begin to understand ) - but if at all possible, I combine entities with equivalent access. Your automation could always create a dedicated agent and set the ssh key for each project, too. Commented Dec 12, 2017 at 2:34

3 Answers 3

Reset to default
1

The proper way to use multiple ssh keys would be to ~/.ssh/config file, as I describe here

Host bbgeneric
    Hostname bitbucket.org
    IdentityFile ~/.ssh/rsa_generic_repos
    User git

Host bbproject1
    Hostname bitbucket.org
    IdentityFile ~/.ssh/rsa_project1
    User git

And you would use ssh url like

bbgeneric:Myusername/generic-repo.com.git
bbproject1:Myusername/project1.com.git

Using one deployment key is indeed easier, but I wanted to illustrate the config ssh feature which allows you to use any number of keys.

Improve this answer
Sign up to request clarification or add additional context in comments.

1 Comment

Fantastic answer, thanks for showing me the .ssh/config! For others reading this you will find this page very helpful too: stackoverflow.com/questions/7927750/…
1

Thanks to VonC's answer.
Here is the working solution I could have used:

~/.ssh/config 

Host bitbucket-generic-repos
    HostName bitbucket.org
    IdentityFile ~/.ssh/rsa_generic_repos

Host bitbucket-project1
    HostName bitbucket.org
    IdentityFile ~/.ssh/rsa_project1

The following command gave me an error:

git clone [email protected]:<MyUsername>/project1.com.git

Replacing the bitbucket.org with the ssh alias defined in ~/.ssh/config in the git command results in the desired behaviour with no errors:

git clone git@bitbucket-project1:<MyUsername>/project1.com.git (works!)
git clone git@bitbucket-generic-repos:<MyUsername>/project1.com.git (also works!)
Improve this answer

1 Comment

Well done. +1. Note that by adding User git in your ~/.ssh/config file, you can remove the git@ part in your URLs.
0

This is how I resolved the issue for MacOS, It could help you: check this link.

Improve this answer

Comments

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.