Recently I had to set up a private Bitbucket repo with SSH for one of our internal projects. I have already done the same in the past, so when I got bumped up with nagging “Error: Permission denied (public key)”, I had to revisit and rework all the steps all over again to make things straight. This blog is all about the step by step processes I followed to fix things up for read-write repo access.
Following are the two mostly adopted procedures for establishing SSH connection with Bitbucket repositories in Windows:
- TortoiseGit client
Before you proceed further please ensure that you have already installed the following applications on your system:
- Git for windows with Git Bash
- TortoiseGit Client
Create a new SSH key:
- Check for “GIT_SSH” environment variable (Computer -> Properties -> Advanced System Settings -> Environment Variables…) and remove it if found.
- Open “Git Bash” from Start menu
- Run the command ssh-keygen -t rsa -C “email@example.com” This will create a new SSH key, using the provided email as a label.
- When you’re prompted to “Enter a file in which to save the key,” press Enter. This accepts the default file location (.ssh folder within your HOME directory)
- At the prompt, type a secure passphrase or just press Enter and Re-Enter to continue.
- This will create 2 SSH keys in your .ssh folder within your default HOME directory. One private key with the default name id_rsa and the other one as public key with name id_rsa.pub will be created for you. You can change the names of these keys, but in that case, you have to pass the complete path of the file at step 4 mentioned above.
- Copy your public key id_rsa.pub and add it as a SSH keys under your Bitbucket Settings (Right click on your bitbucket Avatar to get it)
8. Next, add the following items to your ~/.ssh/config file to specify what identity to use for what host (create this file in case it is not already created)
Note that there is a space before all 3 lines added above and blank line after Host bitbucket.org is not required.
9. Save your config file
Adding your private SSH key to the ssh-agent
1. Open Git Bash and run the following command to ensure that the ssh-agent is running on your system:
$ eval $(ssh-agent -s)
It should something like “Agent pid 13152” if the agent is running.
2. Add your SSH private key to the ssh-agent by running the below-given command. Replace id_rsa with the name of your private key file in case you have saved it with a different name.
$ ssh-add ~/.ssh/id_rsa
Check your connection:
- Run Git Bash, and enter the command: ssh firstname.lastname@example.org replacing accountname with your own bitbucket account name.You should encounter a message like this:
The authenticity of host ‘accountname.bitbucket.org (220.127.116.11)’ can’t be established.
RSA key fingerprint is SHA256:zzXQOXSRBEiUtuE8AikJYKwbHaxvSc0ojez9YXaGp1A.
Are you sure you want to continue connecting (yes/no)?
- Enter yesYou should see a success message similar to the one given below:
Warning: Permanently added ‘accountname.bitbucket.org,18.104.22.168’ (RSA) to the list of known hosts.
PTY allocation request failed on channel 0
logged in as accountname.
You can use git or hg to connect to Bitbucket. Shell access is disabled.
Connection to accountname.bitbucket.org closed.
Check your TortoiseGit installation (in my case it is v22.214.171.124):
Ensure that your TortoiseGit installation installs the following additional tools looking at the bin folder within the installation directory:
Add GIT_SSH variable to the environment:
After TortoiseGit client installation is done, add GIT_SSH variable to your system environment in case it is not added already. This variable should point to the TortoiseGitPlink.exe. In my case it was like:
Generate SSH keys with PuTTygen
Run PuTTygen.exe, to generate a SSH-2 RSA public/private keypair. Once generated, save the public and private keys to a folder of your preference. Copy the generated public key and paste it into SSH Keys in your Bitbucket Settings like we did for OpenSSH.
Please note that when you generate a key with PuTTygen, the public key that you copy from PuTTygen and the public key you save to a file are not in the exact same format.
Add your private key to Pageant
Run Pageant from Start menu. You will see a small icon in your system tray, which indicates Pageant is started. Click on the Pageant icon from your system tray and click “Add Keys” (alternatively right click on the icon and add keys) . Select and add the private key that was generated by PuTTygen in the previous step. The private key should have extension .ppk. After you add the SSH key, you should see it in Pageant key list.
Check your connection
1. Create a new folder which will complement your bitbucket repo.
2. Right-click on the folder and select the item as shown below:
3. Click OK without checking the check box
4. Click OK
5. Right Click on the folder again and select TortoiseGit -> Settings as shown below:
6. Click OK
7. You should see the Git tab as shown below:
8. Click on Remote at the left pane and fill URL and Push URL fields with your SSH bitbucket repo path (e.g. email@example.com:sheikhiqbal_hossain/repo.git). Remote field should be populated with origin by default. Select your previously generated private key in your Putty Key field.
Click Add New/Save.
9. Select Yes to fetch files from bitbucket remote you have just added:
10. Click OK
11. In case of successful connection you should see a dialog as shown below:
12. In case of successful fetch you should see a dialog as shown below:
Note: Organizations that use SAML single sign-on (SSO) cannot be accessed with SSH. To access repositories in organizations that use SAML SSO, use an authorized personal access token instead of the password with HTTPS.
In case you want to establish only read access to the Bitbucket repo, please add your SSH public key into Access keys of your individual repo Settings instead of adding through your Bitbucket settings. Using this deployment key you will be able to fetch & pull changes from your repository but you won’t be able to push any of your changes back in the repo.