0

I followed the instructions provided in this Atlassian Documentation for multiple ssh identities.

Here are the identities as listed:

$ ssh-add -l
4096 SHA256:bWBUbxKV4xJ5aOwrcshlfq6qMq6upXmphMkgYONwApU bitbucket:foo1@gmail.com (RSA)
4096 SHA256:gzM1ZEJPi8Ke3i3Ny1azl/ytqOHOd0AiP1hRgn58tBw github:foo2@gmail.com (RSA)
4096 SHA256:555uTqY8ijI7Jj8cyBeTkh6zGcDrFO+Kf7p9XLIPd64 bitbucket:foo3@legalmatch.com (RSA)
4096 SHA256:LGS5XTYu/nxtaa69JO0SZ1sUt6M1do6YCJSDdGpOVtA gitlab:foo4@gmail.com (RSA)

Here's the ~/ssh./config:

Host bitbucket-foo1
    HostName bitbucket.org
    IdentityFile ~/.ssh/id_rsa_bitbucket

Host github-foo2
    HostName github.com
    IdentityFile ~/.ssh/id_rsa_github

Host bitbucket-foo3
    HostName bitbucket.org
    IdentityFile ~/.ssh/id_rsa_legalmatch

Host gitlab-foo4
    HostName gitlab.com
    IdentityFile ~/.ssh/id_rsa_gitlab

The problem right now is that bitbucket-foo3 does not get authenticated. bitbucket-foo1 and the rest works fine.

I tried to use ssh -vvv user@bitbucket-foo3, here's the log:

$ ssh -vvv user@bitbucket-foo3
OpenSSH_6.9p1 Ubuntu-2ubuntu0.2, OpenSSL 1.0.2d 9 Jul 2015
debug1: Reading configuration data /home/ryeballar/.ssh/config
debug1: /home/ryeballar/.ssh/config line 13: Applying options for bitbucket-foo3
debug1: Reading configuration data /etc/ssh/ssh_config
debug1: /etc/ssh/ssh_config line 19: Applying options for *
debug2: ssh_connect: needpriv 0
debug1: Connecting to bitbucket.org [104.192.143.1] port 22.
debug1: Connection established.
debug1: identity file /home/ryeballar/.ssh/id_rsa_legalmatch type 1
debug1: key_load_public: No such file or directory
debug1: identity file /home/ryeballar/.ssh/id_rsa_legalmatch-cert type -1
debug1: Enabling compatibility mode for protocol 2.0
debug1: Local version string SSH-2.0-OpenSSH_6.9p1 Ubuntu-2ubuntu0.2
debug1: Remote protocol version 2.0, remote software version OpenSSH_6.4
debug1: match: OpenSSH_6.4 pat OpenSSH* compat 0x04000000
debug2: fd 3 setting O_NONBLOCK
debug1: Authenticating to bitbucket.org:22 as 'user'
debug3: hostkeys_foreach: reading file "/home/ryeballar/.ssh/known_hosts"
debug3: record_hostkey: found key type RSA in file /home/ryeballar/.ssh/known_hosts:4
debug3: load_hostkeys: loaded 1 keys from bitbucket.org
debug3: order_hostkeyalgs: prefer hostkeyalgs: ssh-rsa-cert-v01@openssh.com,ssh-rsa-cert-v00@openssh.com,ssh-rsa
debug1: SSH2_MSG_KEXINIT sent
debug1: SSH2_MSG_KEXINIT received
debug2: kex_parse_kexinit: curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1
debug2: kex_parse_kexinit: ssh-rsa-cert-v01@openssh.com,ssh-rsa-cert-v00@openssh.com,ssh-rsa,ecdsa-sha2-nistp256-cert-v01@openssh.com,ecdsa-sha2-nistp384-cert-v01@openssh.com,ecdsa-sha2-nistp521-cert-v01@openssh.com,ssh-ed25519-cert-v01@openssh.com,ssh-dss-cert-v01@openssh.com,ssh-dss-cert-v00@openssh.com,ecdsa-sha2-nistp256,ecdsa-sha2-nistp384,ecdsa-sha2-nistp521,ssh-ed25519,ssh-dss
debug2: kex_parse_kexinit: chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,arcfour256,arcfour128,aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,aes192-cbc,aes256-cbc,arcfour,rijndael-cbc@lysator.liu.se
debug2: kex_parse_kexinit: chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,arcfour256,arcfour128,aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,aes192-cbc,aes256-cbc,arcfour,rijndael-cbc@lysator.liu.se
debug2: kex_parse_kexinit: umac-64-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha1-etm@openssh.com,umac-64@openssh.com,umac-128@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-md5-etm@openssh.com,hmac-ripemd160-etm@openssh.com,hmac-sha1-96-etm@openssh.com,hmac-md5-96-etm@openssh.com,hmac-md5,hmac-ripemd160,hmac-ripemd160@openssh.com,hmac-sha1-96,hmac-md5-96
debug2: kex_parse_kexinit: umac-64-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha1-etm@openssh.com,umac-64@openssh.com,umac-128@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-md5-etm@openssh.com,hmac-ripemd160-etm@openssh.com,hmac-sha1-96-etm@openssh.com,hmac-md5-96-etm@openssh.com,hmac-md5,hmac-ripemd160,hmac-ripemd160@openssh.com,hmac-sha1-96,hmac-md5-96
debug2: kex_parse_kexinit: none,zlib@openssh.com,zlib
debug2: kex_parse_kexinit: none,zlib@openssh.com,zlib
debug2: kex_parse_kexinit: 
debug2: kex_parse_kexinit: 
debug2: kex_parse_kexinit: first_kex_follows 0 
debug2: kex_parse_kexinit: reserved 0 
debug2: kex_parse_kexinit: ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1
debug2: kex_parse_kexinit: ssh-dss,ssh-rsa
debug2: kex_parse_kexinit: aes128-ctr,aes192-ctr,aes256-ctr,arcfour256,arcfour128,aes128-gcm@openssh.com,aes256-gcm@openssh.com,aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,aes192-cbc,aes256-cbc,arcfour,rijndael-cbc@lysator.liu.se
debug2: kex_parse_kexinit: aes128-ctr,aes192-ctr,aes256-ctr,arcfour256,arcfour128,aes128-gcm@openssh.com,aes256-gcm@openssh.com,aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,aes192-cbc,aes256-cbc,arcfour,rijndael-cbc@lysator.liu.se
debug2: kex_parse_kexinit: hmac-md5-etm@openssh.com,hmac-sha1-etm@openssh.com,umac-64-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-ripemd160-etm@openssh.com,hmac-sha1-96-etm@openssh.com,hmac-md5-96-etm@openssh.com,hmac-md5,hmac-sha1,umac-64@openssh.com,umac-128@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-ripemd160,hmac-ripemd160@openssh.com,hmac-sha1-96,hmac-md5-96
debug2: kex_parse_kexinit: hmac-md5-etm@openssh.com,hmac-sha1-etm@openssh.com,umac-64-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-ripemd160-etm@openssh.com,hmac-sha1-96-etm@openssh.com,hmac-md5-96-etm@openssh.com,hmac-md5,hmac-sha1,umac-64@openssh.com,umac-128@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-ripemd160,hmac-ripemd160@openssh.com,hmac-sha1-96,hmac-md5-96
debug2: kex_parse_kexinit: none,zlib@openssh.com
debug2: kex_parse_kexinit: none,zlib@openssh.com
debug2: kex_parse_kexinit: 
debug2: kex_parse_kexinit: 
debug2: kex_parse_kexinit: first_kex_follows 0 
debug2: kex_parse_kexinit: reserved 0 
debug1: kex: server->client aes128-ctr umac-64-etm@openssh.com none
debug1: kex: client->server aes128-ctr umac-64-etm@openssh.com none
debug1: sending SSH2_MSG_KEX_ECDH_INIT
debug1: expecting SSH2_MSG_KEX_ECDH_REPLY
debug1: Server host key: ssh-rsa SHA256:zzXQOXSRBEiUtuE8AikJYKwbHaxvSc0ojez9YXaGp1A
debug3: hostkeys_foreach: reading file "/home/ryeballar/.ssh/known_hosts"
debug3: record_hostkey: found key type RSA in file /home/ryeballar/.ssh/known_hosts:4
debug3: load_hostkeys: loaded 1 keys from bitbucket.org
debug3: hostkeys_foreach: reading file "/home/ryeballar/.ssh/known_hosts"
debug3: record_hostkey: found key type RSA in file /home/ryeballar/.ssh/known_hosts:5
debug3: load_hostkeys: loaded 1 keys from 104.192.143.1
debug1: Host 'bitbucket.org' is known and matches the RSA host key.
debug1: Found key in /home/ryeballar/.ssh/known_hosts:4
debug2: set_newkeys: mode 1
debug1: SSH2_MSG_NEWKEYS sent
debug1: expecting SSH2_MSG_NEWKEYS
debug2: set_newkeys: mode 0
debug1: SSH2_MSG_NEWKEYS received
debug1: SSH2_MSG_SERVICE_REQUEST sent
debug2: service_accept: ssh-userauth
debug1: SSH2_MSG_SERVICE_ACCEPT received
debug2: key: /home/ryeballar/.ssh/id_rsa_legalmatch (0x55c8f9da84c0), explicit
debug2: key: bitbucket:ryeballar@gmail.com (0x55c8f9da8d60),
debug2: key: github:ryeballar@gmail.com (0x55c8f9da82a0),
debug2: key: gitlab:ryeballar@gmail.com (0x55c8f9dab900),
debug1: Authentications that can continue: publickey
debug3: start over, passed a different list publickey
debug3: preferred gssapi-keyex,gssapi-with-mic,publickey,keyboard-interactive,password
debug3: authmethod_lookup publickey
debug3: remaining preferred: keyboard-interactive,password
debug3: authmethod_is_enabled publickey
debug1: Next authentication method: publickey
debug1: Offering RSA public key: /home/ryeballar/.ssh/id_rsa_legalmatch
debug3: send_pubkey_test
debug2: we sent a publickey packet, wait for reply
debug1: Authentications that can continue: publickey
debug1: Offering RSA public key: bitbucket:ryeballar@gmail.com
debug3: send_pubkey_test
debug2: we sent a publickey packet, wait for reply
debug1: Authentications that can continue: publickey
debug1: Offering RSA public key: github:ryeballar@gmail.com
debug3: send_pubkey_test
debug2: we sent a publickey packet, wait for reply
debug1: Authentications that can continue: publickey
debug1: Offering RSA public key: gitlab:ryeballar@gmail.com
debug3: send_pubkey_test
debug2: we sent a publickey packet, wait for reply
debug1: Authentications that can continue: publickey
debug2: we did not send a packet, disable method
debug1: No more authentication methods to try.
Permission denied (publickey).
ryeballar
  • 29,658
  • 10
  • 65
  • 74
  • How should ssh know to use key 3 instead of key 1? Both have the same hostname `bitbucket.org`. – xxfelixxx Jun 09 '16 at 05:17
  • @xxfelixxx `HostName` specifies the real hostname to log into. And if you read the [Atlassian Documentation](https://confluence.atlassian.com/bitbucket/configure-multiple-ssh-identities-for-gitbash-mac-osx-linux-271943168.html#ConfiguremultipleSSHidentitiesforGitBash,MacOSX,&Linux-CreateaSSHconfigfile) that's how they structured it. – ryeballar Jun 09 '16 at 05:21
  • @xxfelixxx I also tried changing it, but I think it doesn't make sense to change it. Regardless, it didn't work as well. – ryeballar Jun 09 '16 at 05:26
  • Try running: `ssh -vvv user@bitbucket-foo3`. – xxfelixxx Jun 09 '16 at 05:27
  • @xxfelixxx Please check the logs – ryeballar Jun 09 '16 at 05:44
  • Check that your key permissions are correct `chmod 600 keyname`. Have you installed the public key in bitbucket? `id_rsa_legalmatch.pub` – xxfelixxx Jun 09 '16 at 05:47
  • Yes, originally I only had the `id_rsa_legalmatch`, and it works fine. Not until `id_rsa_bitbucket` was added, that `id_rsa_legalmatch` stopped working and have the `id_rsa_bitbucket` working. So, working=id_rsa_bitbucket, not working=id_rsa_legalmatch. – ryeballar Jun 09 '16 at 05:50
  • I'm out of ideas...at this point, i would go over to the server itself, and turn sshd debugging on to see what it is complaining about. Maybe someone at bitbucket can help you out. – xxfelixxx Jun 09 '16 at 05:55
  • @xxfelixxx okay thanks for the help! – ryeballar Jun 09 '16 at 05:56
  • I guess for now, I'll just have to remove specific `id_rsa` keys, depending when I need them. – ryeballar Jun 09 '16 at 05:57
  • From the log, the key is successfully used, but not accepted by the server. This is the problem. Make sure that your have really the same key in bitbucket, as the `id_rsa_legalmatch.pub` – Jakuje Jun 09 '16 at 07:16
  • @Jakuje I already mentioned that `id_rsa_legalmatch` was working properly before adding the `id_rsa_bitbucket`. As of now, removing `id_rsa_bitbucket` makes the `id_rsa_legalmatch` working again. The same is true otherwise. – ryeballar Jun 09 '16 at 07:45

1 Answers1

0

It seems that all I needed to do was to simply change the bitbucket host using the alias in the remote origin. The problem was that the old ssh key was no longer recognized as it uses the new one that was added.

So changing remote origin from:

git@bitbucket.org:<project-url>.git

to

git@bitbucket-foo1:<project-url>.git

solved the problem for me.

ryeballar
  • 29,658
  • 10
  • 65
  • 74