Bitbucket SSH authentication

4
votes

I have a problem connecting with my SSH service,

ssh-agent is running:

ps -e | grep ssh

12163 ? 00:00:00 ssh-agent

and caches my only identity:

ssh-add -l

4096 25:56:f4:9c:09:65:fe:39:b3:17:73:bd:3c:76:3f:8d /home/matthias/.ssh/id_rsa (RSA)

everything exists as it should:

ls ~/.ssh/

id_rsa id_rsa.pub known_hosts

and id_rsa.pub is uploaded to Bitbucket.org SSH-Keys section..

However SSH authentication fails (using the verbose mode, one can see, that it somehow tries to load the non-existing id_dsa file)

ssh -v -T [email protected]
[...]
debug1: Next authentication method: publickey
debug1: Offering RSA public key: /home/matthias/.ssh/id_rsa
debug1: Authentications that can continue: publickey
debug1: Offering RSA public key: /home/matthias/.ssh/id_rsa
debug1: Remote: Forced command: conq username:matthias_hueser
debug1: Remote: Port forwarding disabled.
debug1: Remote: X11 forwarding disabled.
debug1: Remote: Agent forwarding disabled.
debug1: Remote: Pty allocation disabled.
debug1: Server accepts key: pkalg ssh-rsa blen 535
debug1: key_parse_private_pem: PEM_read_PrivateKey failed
debug1: read PEM private key done: type
Enter passphrase for key '/home/matthias/.ssh/id_rsa':
debug1: read PEM private key done: type RSA
debug1: Remote: Forced command: conq username:matthias_hueser
debug1: Remote: Port forwarding disabled.
debug1: Remote: X11 forwarding disabled.
debug1: Remote: Agent forwarding disabled.
debug1: Remote: Pty allocation disabled.
debug1: Authentications that can continue: publickey
debug1: Trying private key: /home/matthias/.ssh/id_dsa
no such identity: /home/matthias/.ssh/id_dsa: No such file or directory
debug1: Trying private key: /home/matthias/.ssh/id_ecdsa
no such identity: /home/matthias/.ssh/id_ecdsa: No such file or directory
debug1: No more authentication methods to try.
Permission denied (publickey).

Has somebody else run into the same problem and has a suggestion?

[Thanks for the Edit]

1
ssh
Are the permissions 700 for ~/.ssh and 600 for your keys? From the debug log it doesn’t look like this is the issue. - JoePasq

1 Answers

1
votes

The output you're seeing looks consistent with the server rejecting your id_rsa key. ssh will check for id_rsa, id_dsa, and id_ecdsa even if you don't specify them on the command-line or have them loaded in your ssh-agent.

If I were troubleshooting this, I'd remove ssh-agent from the picture and specify your private key on the command-line.

Run this in a new shell you'll close afterward, so you don't trash your existing environment:

$ bash
$ unset SSH_AGENT_PID SSH_AUTH_SOCK
$ ssh -v -T -i ~/.ssh/id_rsa [email protected]
[...]
$ exit

(ssh-keygen should prompt you for your key's password)

If that works, I'd double-check that the key your ssh-agent is providing is actually the correct one. You can 

$ ssh-keygen -y -f ~/.ssh/id_rsa

And check that against what's in your ssh-agent:

$ ssh-add -L

If the identity in your agent is different, you should dump your keys with ssh-add -D and re-load them. If it's not different, I'm not sure what's up. Hope that helps a bit.