Platform Notice: Cloud, Server, and Data Center- This article applies equally to allplatforms.
If you're having trouble with SSH, here are a few things you can try when troubleshooting. There are two types of problems you may have: uploading the ssh key to Bitbucket and connecting to Bitbucket. This article should help you with two links to more detailed information about the error you are having. You should also remember that this is trying to be, but it is not an exhaustive list of problems that you may have. There may be another, simpler KB article that matches your issue that isn't linked here. This KB article is also not intended to be a definitive explanation of ssh logs. We only intend to point out common problems that our users have seen. Places in the logs where we don't see any problems, the explanation is probably oversimplified.
If you are using Sourcetree, some of these solutions come with Sourcetree steps. However, it may be necessary to use the command line for others. From a sourcetree repository, you can find the command line by clickingTerminalin the upper right corner.
If your problem isn't linked here, keep the debug log output you see. The community or support will need you to provide more data and will want to document the bug.
These are issues when adding ssh public keys to Bitbucket.
Invalid SSH key
When adding an SSH public key to Bitbucket Cloud, the following error appears:Invalid SSH keyoInvalid SSH key (ssh-keygen). please, watch itInvalid SSH keyfor more details.
Has anyone already registered this SSH key?
please, watch itHas anyone already registered this SSH key?if you see the following error when trying to add a new SSH key on Bitbucket Cloud:
Someone already registered that SSH key.
If you're connecting to Bitbucket using ssh, you might see some of these issues. What is listed here is a debug log analysis that you can use to identify a specific problem.
This is the command we'll use to get debug data from your client. The -v is a verbose log level. The -T is for avoiding an interactive shell. This command can generate a large amount of data.
ssh -vvv -t bitbucket.org
You can also enable ssh debug logging when using git.
GIT_SSH_COMMAND="ssh -vvv" git <command>
From here, we'll take sections of the ssh debug output and explain what that means. For example, the first section has the command being executed and a debug log line. each section will have a different length.
Full unedited debug text
This is the full unedited debug text:
$ ssh -v -tbitbucket.org
OpenSSH_8.6p1, LibreSSL 3.3.6
debug1: Reading configuration data /Users/dlaser/.ssh/config
debug1: Reading configuration data /etc/ssh/ssh_config
debug1: /etc/ssh/ssh_config line 21: include /etc/ssh/ssh_config.d/* no files found
debug1: /etc/ssh/ssh_config line 54: Apply options for *
debug1: authentication provider $SSH_SK_PROVIDER not resolved; disable
debug1: Connecting tobitbucket.orgporta 22.
debug1: Connection established.
debug1: identity file /Users/dlaser/.ssh/id_rsa type -1
debug1: identity file /Users/dlaser/.ssh/id_rsa-cert type -1
debug1: identity file /Users/dlaser/.ssh/id_dsa type -1
debug1: identity file /Users/dlaser/.ssh/id_dsa-cert type -1
debug1: identity file /Users/dlaser/.ssh/id_ecdsa type -1
debug1: identity file /Users/dlaser/.ssh/id_ecdsa-cert type -1
debug1: identity file /Users/dlaser/.ssh/id_ecdsa_sk type -1
debug1: identity file /Users/dlaser/.ssh/id_ecdsa_sk-cert type -1
debug1: identity file /Users/dlaser/.ssh/id_ed25519 type 3
debug1: identity file /Users/dlaser/.ssh/id_ed25519-cert type -1
debug1: identity file /Users/dlaser/.ssh/id_ed25519_sk type -1
debug1: identity file /Users/dlaser/.ssh/id_ed25519_sk-cert type -1
debug1: identity file /Users/dlaser/.ssh/id_xmss type -1
debug1: identity file /Users/dlaser/.ssh/id_xmss-cert type -1
debug1: SSH-2.0-OpenSSH_8.6 local version chain
debug1: Remote protocol version 2.0, remote software version conker_74f550b922 f6f746d1987b
debug1: compat_banner: sin coincidencia: conker_74f550b922 f6f746d1987b
debug1: authentication forbitbucket.org:22 as 'laser'
debug1: load_hostkeys: fopen /Users/dlaser/.ssh/known_hosts2: No such file or directory
debug1: load_hostkeys: fopen /etc/ssh/ssh_known_hosts: No existe tal archivo o directorio
debug1: load_hostkeys: fopen /etc/ssh/ssh_known_hosts2: No existe tal archivo o directorio
debug1: sent SSH2_MSG_KEXINIT
debug1: SSH2_MSG_KEXINIT recibido
debug1: kex: algorithm:curve25519-sha256@libssh.org
debug1: kex: host key algorithm: rsa-sha2-512
debug1: kex: server->client encrypted:chacha20-poly1305@openssh.comMAC: <implicit> compression: none
debug1: kex: client->server encryption:chacha20-poly1305@openssh.comMAC: <implicit> compression: none
debug1: esperando SSH2_MSG_KEX_ECDH_REPLY
debug1: SSH2_MSG_KEX_ECDH_REPLY recibido
debug1: Chave do host do servidor: ssh-rsa SHA256:zzXQOXSRBEiUtuE8AikJYKwbHaxvSc0ojez9YXaGp1A
debug1: load_hostkeys: fopen /Users/dlaser/.ssh/known_hosts2: No such file or directory
debug1: load_hostkeys: fopen /etc/ssh/ssh_known_hosts: No existe tal archivo o directorio
debug1: load_hostkeys: fopen /etc/ssh/ssh_known_hosts2: No existe tal archivo o directorio
debug1: host 'bitbucket.org' is known and matches the RSA host key.
debug1: Key found in /Users/dlaser/.ssh/known_hosts:288
debug1: rewrite after 134217728 blocks
debug1: sent SSH2_MSG_NEWKEYS
debug1: esperando SSH2_MSG_NEWKEYS
debug1: SSH2_MSG_NEWKEYS recibido
debug1: rewrite after 134217728 blocks
debug1: will try the key: /Users/dlaser/.ssh/id_rsa
debug1: will try the key: /Users/dlaser/.ssh/id_dsa
debug1: will try the key: /Users/dlaser/.ssh/id_ecdsa
debug1: will try the key: /Users/dlaser/.ssh/id_ecdsa_sk
debug1: Will try key: /Users/dlaser/.ssh/id_ed25519 ED25519 SHA256:1ULdLheARnciJmwL80PAJ2Ao3dvfiTMS5E2vyEHcvGE
debug1: will try the key: /Users/dlaser/.ssh/id_ed25519_sk
debug1: will try the key: /Users/dlaser/.ssh/id_xmss
debug1: SSH2_MSG_EXT_INFO recibido
debug 1: kex_input_ext_info: server-sig-algs=<ecdsa-sha2-nistp256-cert-v01@abresh.com,ecdsa-sha2-nistp384-cert-v01@abresh.com,ecdsa-sha2-nistp521-cert-v01@abresh.com,rsa-sha2-256,rsa-sha2-512,ecdsa-sha2-nistp384,ecdsa-sha2-nistp521,ssh-dss-cert-v01@abresh.com,ssh-rsa,ssh-dss,ecdsa-sha2-nistp256,ssh-rsa-cert-v01@abresh.com>
debug1: SSH2_MSG_SERVICE_ACCEPT recibido
debug1: Authentications that can continue: public key
debug1: Next authentication method: public key
debug1: Testing private key: /Users/dlaser/.ssh/id_rsa
debug1: Testing private key: /Users/dlaser/.ssh/id_dsa
debug1: Testing private key: /Users/dlaser/.ssh/id_ecdsa
debug1: Testing private key: /Users/dlaser/.ssh/id_ecdsa_sk
debug1: provide public key: /Users/dlaser/.ssh/id_ed25519 ED25519 SHA256:1ULdLheARnciJmwL80PAJ2Ao3dvfiTMS5E2vyEHcvGE
debug1: Server accepts key: /Users/dlaser/.ssh/id_ed25519 ED25519 SHA256:1ULdLheARnciJmwL80PAJ2Ao3dvfiTMS5E2vyEHcvGE
debug1: Authentication successful (public key).
authenticated tobitbucket.org([18.205.93.1]:22).
debug1: channel 0: new [client-session]
debug1: join the interactive session.
debug1: promise: full filesystem
debug1: Sending environment.
debug1: canal 0: configurando env LANG = "en_US.UTF-8"
debug1: canal 0: configurando env LC_TERMINAL_VERSION = "3.5.0beta7"
debug1: channel 0: configuring environment LC_TERMINAL = "iTerm2"
PTY assignment request failed on channel 0
analyze debugging
This section has the ssh client debugging lines with the following parsing. Known issues will be linked to knowledge base articles. For more information about these records, you can refer toSecure Shell (SSH) protocol parameters.
$ ssh -v -T bitbucket.org OpenSSH_8.6p1, LibreSSL 3.3.6debug1: read configuration data /Users/user/.ssh/config
Start of ssh configuration. These logs show the versions of the SSH client that are used on your local system.
debug1: Read configuration data from /etc/ssh/ssh_configdebug1: /etc/ssh/ssh_config line 21: include /etc/ssh/ssh_config.d/* with no matching files debug1: /etc/ssh/ssh_config line 54: Apply options to * debug1 : Authentication provider $SSH_SK_PROVIDER is not resolved; disable
This section tells you which files were used to configure your local ssh client. This can change depending on the user making the connection.
debug1: Connecting to port 192.168.1.4 [192.168.1.4] 22.debug1: Connection established.
If you see "Connection established", it means that the tcp connection forbitbucket.orgis working. This is an example of a successful connection. Expand to see the errors:
- You may see a network timeout. please, watch itPort 22 is blocked on the local networkfor more details. Here are some examples:
ssh: connection to host bitbucket.org port 22: connection timed out ssh: connection to host bitbucket.org port 22: operation timed out fatal: remote end hung up unexpectedly Completed with errors, see above
debug1: identity file /Users/user/.ssh/id_rsa type -1debug1: identity file /Users/user/.ssh/id_rsa-cert type -1debug1: identity file /Users/user/.ssh/id_dsa type - 1debug1: identity file /Users/user/.ssh/id_dsa-cert type -1debug1: identity file /Users/user/.ssh/id_ecdsa type -1debug1: identity file /Users/user/.ssh/id_ecdsa-cert type -1debug1: identity file /Users/user/.ssh/id_ecdsa_sk type -1debug1: identity file /Users/user/.ssh/id_ecdsa_sk-cert type -1debug1: identity file /Users/user/.ssh/id_ed25519 type 3debug1: identity file /Users/user /.ssh/id_ed25519-cert type -1debug1: identity file /Users/user/.ssh/id_ed25519_sk type -1debug1: identity file /Users/user/.ssh/id_ed25519_sk-cert type -1debug1: identity file /Users/user/ .ssh/id_xmss type -1debug1: identity file /Users/user/.ssh/id_xmss-cert type -1
A -1 means an error. So either the file was not an ssh key or the file was not terminated. In this case, the identity chosen was /Users/user/.ssh/id_ed25519 because it had the maximum value, 3.
debug1: local version string SSH-2.0-OpenSSH_8.6debug1: remote protocol version 2.0, remote software version conker_a0c557575e c5189741741adebug1: compat_banner: no match: conker_a0c557575e c5189741741a
This section is part of the SSH protocol negotiations.
debug1: authenticate to bitbucket.org:22 as 'user' debug1: load_hostkeys: fopen /Users/user/.ssh/known_hosts2: no such file or directory debug1: load_hostkeys: fopen /etc/ssh/ssh_known_hosts: no such file or debugdirectory1: load_hostkeys: fopen /etc/ssh/ssh_known_hosts2: No such file or directory
This section displays data in the ssh_known_hosts files that are trying to be read. Most of the time this can be ignored.
debug1: SSH2_MSG_KEXINIT sent debug1: SSH2_MSG_KEXINIT received debug1: kex: algorithm: curve25519-sha256@libssh.orgdebug1: kex: host key algorithm: rsa-sha2-512debug1: kex: encrypted server->client: chacha20-poly1305@openssh. com MAC : Compression <implicit>: nonedebug1: kex: client->server cipher: chacha20-poly1305@openssh.com MAC: Compression <implicit>: nonedebug1: waiting for SSH2_MSG_KEX_ECDH_REPLYdebug1: received SSH2_MSG_KEX_ECDH_REPLY
This section contains more parts of the SSH protocol negotiations. This section explains the type of encryption that ssh will use for the session.
debug1: Server Host Key: ssh-rsa SHA256:zzXQOXSRBEiUtuE8AikJYKwbHaxvSc0ojez9YXaGp1Adebug1: load_hostkeys: fopen /Users/user/.ssh/known_hosts2: No such file or directory debug1: load_hostkeys: fopen /etc/ssh_host/ssh: No such files o directory debug1: load_hostkeys1: load_hostkeys: fopen /etc/ssh/ssh_known_hosts2: missing file or directory debug1: host 'bitbucket.org' is known and matches RSA host key.debug1: key found in /Users/user/ .ssh/known_hosts: 3
These log messages showbitbucket.orgServer key and where it belongs in the known_hosts file. In this case, the known_hosts file, /Users/user/.ssh/known_hosts, corresponded to the server key on line 3.
If you are not logged intobitbucket.orgbefore, thebitbucket.orghas been removed from the known_hosts file, see this article for more details:Unable to establish authenticity for host 'bitbucket.org (104.192.143.1)'.
Unable to establish authenticity of host "bitbucket.org (2406:da00:ff00::22cd:e0db)". The RSA key fingerprint is SHA256:zzXQOXSRBEiUtuE8AikJYKwbHaxvSc0ojez9YXaGp1A.
debug1: rewrite after 134217728 blocks debug1: SSH2_MSG_NEWKEYS sent debug1: waiting for SSH2_MSG_NEWKEYS debug1: SSH2_MSG_NEWKEYS received debug1: rewrite after 134217728 blocks
This section contains more parts of the SSH protocol negotiations. This is how ssh gets symmetric keys between client and server.
debug1 - will try key: /Users/user/.ssh/id_rsadebug1 - will try key: /Users/user/.ssh/id_dsadebug1 - will try key: /Users/user/.ssh/id_ecdsadebug1 - will try key: /Users /user/.ssh/id_ecdsa_skdebug1 - Will try key: /Users/user/.ssh/id_ed25519 ED25519 SHA256:1ULdLheARnciJmwL80PAJ2Ao3dvfiTMS5E2vyEHcvGEdebug1 - Will try key: /Users/user/.ssh/id_ed25519/_skdebug1. /Users/user/.ssh/id_ed25519_skdebug1: will try the key:/. ssh/id_xmssdebug1: received SSH2_MSG_EXT_INFO debug1: kex_input_ext_info: server-sig-algs=<ecdsa-sha2-nistp521,ssh-dss-cert-v01@openssh.com,ecdsa-sha2-nistp521-cert-v01@openssh.com,ssh - rsa,rsa-sha2-256,rsa-sha2-512,ecdsa-sha2-nistp256,ecdsa-sha2-nistp384,ssh-dss,ssh-rsa-cert-v01@openssh.com,ecdsa-sha2-nistp256-cert - v01@openssh.com,ecdsa-sha2-nistp384-cert-v01@openssh.com>debug1: SSH2_MSG_SERVICE_ACCEPT receivedebug1: Authentications can continue: publickeydebug1: Next Authentication Method: publickeydebug1: Next Authentication Method: publickeydebug1: Key Attempt private: /Users / user/.ssh/id_rsadebug1: Testing private key: /Users/user/.ssh/id_dsadebug1: Testing private key: /Users/user/.ssh/id_ecdsadebug1: Testing private key: /Users/user/. ssh/ id_ecdsa_skdebug1: Offering public key: /Users/user/.ssh/id_ed25519 ED25519 SHA256:1ULdLheARnciJmwL80PAJ2Ao3dvfiTMS5E2vyEHcvGEdebug1: server accepts key: /Users/user /.ssh/id_ed25519 ED25519 SHA256:1JULdwLheAR80nci PAJ2Ao3dvfiTMS5E2vyEHcvGEdebug1: authentication successful (public key). Authenticated at bitbucket.org ([18.205. 93.1]:22)
This section is how ssh clients identify the user. In this case, Bitbucket Cloud allows the client to attempt to identify itself using the ssh public key. The ssh client offered the id at /Users/user/.ssh/id_ed25519 to Bitbucket. If Bitbucket doesn't accept the key, you won't see Authentication Succeeded, you should see an error like: There are no more authentication methods to try.
If Bitbucket doesn't accept your key, you might get an error like this.
debug1: Trying private key: .ssh/aws/user.pemdebug1: Authentications can continue: publickeydebug1: No more authentication methods for try.user@bitbucket.org: Permission denied (public key).
See this link for more details:remote: No supported authentication methods to test!
debug1: channel 0: new [client session] debug1: login to interactive session.debug1: guarantee: filesystem completedebug1: push environment.debug1: channel 0: environment configuration LANG="en_US.UTF-8"debug1: channel 0: environment config LC_TERMINAL_VERSION = "3.5.0beta7" debug1: channel 0: config env LC_TERMINAL = "iTerm2" debug1: client_input_channel_req: channel 0 rtype exit-status response 0 authenticated via ssh key. You can use git to connect to Bitbucket. Shell access disabled debug1: channel 0: free: client session, channels 1 Transferred: sent 2284, received 1916 bytes, in 0.1 seconds Bytes per second: sent 22602.4, received 18960.7 debug1: exit status 0 $
This section is ssh setting up the terminal environment and configuring shell access. In this case, Bitbucket Cloud has interactive shells disabled. Only non-interactive shells are allowed. For security reasons, the only actions allowed over ssh are those required by git. So ssh exits the session while providing some data about the connection.
One potential issue is that if you have multiple SSH keys configured to access different Bitbucket accounts, you might encounter the following error when performing Git operations such as clone, push, etc.
The requested repository does not exist or you do not have access. If you believe this repository exists and you have access, make sure you are authenticated. fatal: cannot read from remote repository.
See this link for more details on how to confirm that ssh is using the correct key:Multiple SSH key configurations for different Bitbucket Cloud accounts
But it also provided non-debug data about how the user was authenticated. This was a successful ssh session.
Here is a list of the above references.
- Bitbucket Cloud complains that "network is down" and cannot execute commands via ssh
- Invalid SSH key
- Multiple SSH key configurations for different Bitbucket Cloud accounts
- Permission denied (public key)
- Port 22 is blocked on the local network
- Has anyone already registered this SSH key?
- Test your SSH authentication