You may know Bitbucket disables using Basic authentication with the Bitbucket API or Git over HTTPS. This effect starts on March 1, 2022. In order to continue access to Bitbucket from your computer, you have two choices. One is using app passwords. Another one is using the SSH key. In this post, I will share with you how to set up the SSH key for accessing the repo from the Bitbucket cloud.
Setup an SSH key for one bitbucket account
The concept of the SSH key is to create a key pair that contains a private key that will save to your local computer and another key is a public key that will add to the Bitbucket cloud.
Note that, you can use one key pair for one account only. You can not use the same key pair for other accounts. Meaning you must create a new key pair for each Bitbucket account.
Setup SSH for Git on Windows
On Windows, by default, the new key will be created and saved into the “/Users/<username>/.ssh” directory.
Setup your default key pair (via PowerShell or CMD)
- Open “Windows PowerShell” as Administrator or Command Prompt (CMD) as Administrator
- Enter the `ssh-keygen` command
- The result will look like this below
$ ssh-keygen
Generating public/private rsa key pair.
Enter file in which to save the key (/c/Users/AppleRinquest/.ssh/id_rsa):
- Acccept the default key and path (/c/Users/AppleRinquest/.ssh/id_rsa) by pressing enter
- After pressing enter, it will prompt you for typing your passphrase. You should write down your passphrase somewhere. We will use it later.
- Then re-enter your passphrase again for confirmation.
The command (ssh-keygen) creates your default identity with public and private keys. Here is a sample of the steps you will see in your terminal.
$ ssh-keygen
Generating public/private rsa key pair.
Enter file in which to save the key (/c/Users/AppleRinquest/.ssh/id_rsa):
Created directory '/c/Users/AppleRinquest/.ssh'.
Enter passphrase (empty for no passphrase):
Enter same passphrase again:
Your identification has been saved in /c/Users/AppleRinquest/.ssh/id_rsa.
Your public key has been saved in /c/Users/AppleRinquest/.ssh/id_rsa.pub.
The key fingerprint is: e7:94:d1:a3:02:ee:38:6e:a4:5e:26:a3:a9:f4:95:d4 AppleRinquest@XHGPSLO-PC
The key's randommart image is:
- You can list the files under the .ssh directory using `dir .ssh` as shown below.
$ dir .ssh
id_rsa id_rsa.pub
id_rsa file is the private file. id_rsa.pub is the public file.
Add the public key to your Bitbucket account settings
- From the Bitbucket cloud, click on your avatar and choose “Personal settings“.
- Then click on “SSH keys” and click on the “Add key” button
- Now, open your id_rsa.pub file with notepad and copy its content and paste the content into the “Key” Textarea field.
- Give the label you want such as “Default public key”
- Next click on the “Add key” button on the “Add SSH key” modal
Back to your command line(PowerShell or CMD), and enter the command below for verifying your configuration and username.
$ ssh -T git@bitbucket.org
If you get any error message with permission denied (public key) then check this troubleshooting.
Last step
Now you should be able to access the repo from Bitbucket via SSH. So next time you clone a repo, make sure you clone over SSH.
For the local copy, if you already have a local copy, you will need to update the origin as below.
$ git remote set-url origin YOUR-REMOTE-REPO.git
The origin URL can be found on the Source page in Bitbucket. Please look for the Clone button. You will see clone over HTTPS and SSH choices. Just choose the SSH choice and copy the origin URL from there and update the remote URL in your local copy. Then check the remote repo your set by using the command below.
$ git remote show origin
For the first time, you run the git command that requests the remote repo response, you will need to enter the passphrase. Read more from Additional.
Setup another SSH key for another Bitbucket account
The method above works for one key pair and one account. What if you have two accounts in Bitbucket? One is for your private projects and the other is for your clients. You will need to create another set of key pairs for another account.
In order to create the different SSH keys for another Bitbucket account, you will do three things.
- One is to generate new key pairs and keep them in a different file instead of id_rsa which we already created following the tutorial above.
- Two is to create the config file for all SSH keys you create.
- And finally, run the git config command in the terminal in your local repo.
Let’s continue.
Setup another SSH key
Basically, the steps will be the same as setting up an SSH key above. But instead of using the default filename as id_rsa, you will save it to any filename you like such as id_rsa1.
- generate SSH key using `ssh-keygen` command
$ ssh-keygen
- Let says you want to save the SSH Key in the id_rsa1 file. You need to enter the full path including the new filename you want. In this sample, we save the new SSH key to “/c/Users/AppleRinquest/.ssh/id_rsa1“. Please see the command below.
$ ssh-keygen
Generating public/private rsa key pair.
Enter file in which to save the key (/c/Users/AppleRinquest/.ssh/id_rsa): /c/Users/AppleRinquest/.ssh/id_rsa1
Enter passphrase (empty for no passphrase):
Enter same passphrase again:
Your identification has been saved in /c/Users/AppleRinquest/.ssh/id_rsa1.
Your public key has been saved in /c/Users/AppleRinquest/.ssh/id_rsa1.pub.
The key fingerprint is: e7:94:d1:a3:02:ee:38:6e:a4:5e:26:a3:a9:f4:95:d4 AppleRinquest@XHGPSLO-PC
The key's randommart image is:
- List all ssh keys files under .ssh directory with `dir .ssh` command
C:\Users\AppleRinquest\dir .ssh
You will see all ssh key files under the .ssh directory. If you use git with SSH before, you will see the known_hosts file as well. The known_hosts file is used to store the SSH server key fingerprints of the servers that you have connected to in the past. See additional – known_hosts
Add the public key to your other Bitbucket account settings
- From the Bitbucket cloud, click on your avatar and choose “Personal settings“.
- Then click on “SSH keys” and click on the “Add key” button
- Now, open your id_rsa1.pub file with notepad and copy its content and paste the content into the “Key” Textarea field.
- Give the label you want such as “Default public key”
- Now click on the “Add key” button on the “Add SSH key” modal
Create a config file
- Create a new config file (no extension) under the .ssh directory using notepad
- Now add the configure SSH of all Bitbucket accounts that we create the SSH key for as shown below.
#Bitbucket account 1
Host bitbucket.org-YourBitbucketUserName1
HostName bitbucket.org
User git
IdentityFile ~/.ssh/id_rsa
IdentitiesOnly yes
#Bitbucket account 2
Host bitbucket.org-YourBitbucketUserName2
HostName bitbucket.org
User git
IdentityFile ~/.ssh/id_rsa1
IdentitiesOnly yes
Configure your Git repo
Setup local copy
- If you don’t have a local copy of your repo, you have to clone a Bitbucket repo over SSH.
$ git clone git@bitbucket.org:YourWorkSpace/your-repo-name.git
Where you can copy the git clone command like the above? Simply head to bitbucket and access the repository you want to clone. On the Source page, you will see the Clone button. Click on the button, the popup will show and you have HTTPS and SSH choices for the git clone command. Just select the SSH choice and copy the git clone command and paste it into your terminal.
- If you already have a local copy of your repo, you have to update the origin URL as shown below.
$ git remote set-url origin git@bitbucket.org:YourWorkSpace/your-repo-name.git
The origin URL can copy from bitbucket. Simply head to bitbucket and access the repository you want to copy the origin URL. On the Source page, you will see the Clone button. Click on the button, the popup will show and you have HTTPS and SSH choices for the git clone command. Just select the SSH choice and copy the origin URL.
Configure your local git repo
Run the command below. Note that, the user.name needs to match the username you set in the SSH config file.
$ git config user.name "YourBitbucketUserName1"
$ git config user.email "YourEmail"
Using the command below, you can see the remote origin that you connect with. By running the command, it will ask you to enter your passphrase. It also shows the SSH key path so you know which SSH key you are using.
$ git remote show origin
Enter passphrase for key '/c/Users/AppleRinquest/.ssh/id_rsa1':
After entering the passphrase, you can push or fetch from the remote origin as normal.
Permission denied(publickey) for one of your bitbucket accounts.
if you update the remote URL from HTTPS to SSH then run `git remote show origin`. After entering your passphrase and you see the error says “git@bitbucket.org: Permission denied (publickey). fatal: Count not read from remote repository. Please make sure you have the correct access rights and the repository exists.”.
Quick fix: You can update the remote URL back from SSH to HTTPS for a quick fix. I have this issue with my first bitbucket account where I created the first SSH key pair. The issue may come from the SSH agent won’t load the private key. This is because I use Windows 10 and the SSH agent won’t automatically load after Windows start. I think you can set the SSH agent automatically load after Windows start by setting in the OpenSSL from Windows 10. What I think to solve this permission denied(publickey), is to start the SSH agent in PowerShell or CMD with the administrator and add the private SSH key to the agent. It should work. In my second bitbucket account, I can pull and push my changes to bitbucket using SSH without any issue. I will be back to update what I did for my issue when I am free. Just want to leave the note for you.
Additional – known_hosts file
When you run the git command for fetching or pushing to the remote repo, you will see this warning message.
$ git fetch origin
Warning: Permanently added the RSA host key for IP address 'xxxx:xxxx:xxxx::xxxx:xxxx' to the list of known
Enter passphrase for key '/c/Users/AppleRinquest/.ssh/id_rsa1':
Just enter your passphrase. This warning just lets you know that it will add the RSA host key for the identified IP address(IPV6) to the known_hosts file.
In the end, you will see the files under the `.ssh` directory as below.
- config
- id_rsa
- id_rsa.pub
- id_rsa1
- id_rsa1.pub
- known_hosts
Don’t want to type your password each time
In VSCode, use the bash terminal and follow the steps below.
$ eval `ssh-agent`
Agent pid 700
$ ssh-add ~/.ssh/<private_key_file>
First, run eval `ssh-agent`. it will show “Agent pid xxx“. Then enter ssh-add following the private key file path. After that, it will ask you to enter the passphrase. Next time, you push or fetch from the remote repo, it won’t ask for your password in the VSCode bash terminal again.
SSH commands explanation
- start the ssh-agent by using “eval `ssh-agent`”. we run the eval command if the ssh-agent is not automatically started at login.
- By default, the agent uses SSH keys stored in the .ssh directory under the user’s home directory. The ssh-add command is added identities to the agent.
- If you want to check which private SSH key the agent accesses, you can use the `ssh-add -l` command. It will list the private keys currently accessible to the agent.
That’s it for today.