Multiple ssh-keys for bitbucket server on Windows 10

Question

I have 2 bitbucket accounts. One - is for work purposes, another one for my pet-projects.

I followed the bitbucket documentation, how to setup multiple ssh-keys.

Account for work purposes has username: user4work. Account for home pet-projects has username: user4home.

~\.ssh\config file looks like that:

IdentityFile ~/.ssh/user4work
IdentityFile ~/.ssh/user4home

Host bitbucket.org-user4work
    HostName bitbucket.org
    User git
    IdentityFile ~/.ssh/user4work
    IdentitiesOnly yes

Host bitbucket.org-user4home
    HostName bitbucket.org
    User git
    IdentityFile ~/.ssh/user4home
    IdentitiesOnly yes

folder ~/.ssh/ has the following files:

config
known_hosts
user4home
user4home.pub
user4work
user4work.pub

Contents of *.pub files are set as SSH-keys in corresponding bitbucket account settings.

"OpenSSH Authentication Agent" (ssh-agent) service is set to start automatically upon Windows startup.

The problem is, that the user4work account is accessible for git commands via ssh, but user4home account is not.

Upon cloning something from user4home's repo via ssh, I get the Forbidden error.

When I call ssh -v bitbucket.org in git bash window I get the following output.

$ ssh -v git@bitbucket.org
OpenSSH_8.0p1, OpenSSL 1.1.1c  28 May 2019
debug1: Reading configuration data /c/Users/Rafael/.ssh/config
debug1: Reading configuration data /etc/ssh/ssh_config
debug1: Connecting to bitbucket.org [18.234.32.157] port 22.
debug1: Connection established.
debug1: identity file /c/Users/Rafael/.ssh/user4work type 0
debug1: identity file /c/Users/Rafael/.ssh/user4work-cert type -1
debug1: identity file /c/Users/Rafael/.ssh/user4home type 0
debug1: identity file /c/Users/Rafael/.ssh/user4home-cert type -1
debug1: Local version string SSH-2.0-OpenSSH_8.0
debug1: Remote protocol version 2.0, remote software version conker_51a1cf6f2c app-141
debug1: no match: conker_51a1cf6f2c app-141
debug1: Authenticating to bitbucket.org:22 as 'git'
debug1: SSH2_MSG_KEXINIT sent
debug1: SSH2_MSG_KEXINIT received
debug1: kex: algorithm: curve25519-sha256@libssh.org
debug1: kex: host key algorithm: ssh-rsa
debug1: kex: server->client cipher: chacha20-poly1305@openssh.com MAC: <implicit> compression: none
debug1: kex: client->server cipher: chacha20-poly1305@openssh.com MAC: <implicit> compression: none
debug1: expecting SSH2_MSG_KEX_ECDH_REPLY
debug1: Server host key: ssh-rsa SHA256:abcdef1234567890
debug1: Host 'bitbucket.org' is known and matches the RSA host key.
debug1: Found key in /c/Users/Rafael/.ssh/known_hosts:1
debug1: rekey out after 134217728 blocks
debug1: SSH2_MSG_NEWKEYS sent
debug1: expecting SSH2_MSG_NEWKEYS
debug1: SSH2_MSG_NEWKEYS received
debug1: rekey in after 134217728 blocks
debug1: Will attempt key: /c/Users/Rafael/.ssh/user4work RSA SHA256:xxxxxxxxxxxxxxxxxxxxx explicit
debug1: Will attempt key: /c/Users/Rafael/.ssh/user4home RSA SHA256:yyyyyyyyyyyyyyyyyyyyy explicit
debug1: SSH2_MSG_SERVICE_ACCEPT received
debug1: Authentications that can continue: publickey
debug1: Next authentication method: publickey
debug1: Offering public key: /c/Users/Rafael/.ssh/user4work RSA SHA256:xxxxxxxxxxxxxxxxxxxxx explicit
debug1: Server accepts key: /c/Users/Rafael/.ssh/user4work RSA SHA256:xxxxxxxxxxxxxxxxxxxxx explicit
debug1: Authentication succeeded (publickey).
Authenticated to bitbucket.org ([18.234.32.157]:22).
debug1: channel 0: new [client-session]
debug1: Entering interactive session.
debug1: pledge: network
PTY allocation request failed on channel 0
debug1: client_input_channel_req: channel 0 rtype exit-status reply 0
logged in as user4work

You can use git or hg to connect to Bitbucket. Shell access is disabled
debug1: channel 0: free: client-session, nchannels 1
Connection to bitbucket.org closed.
Transferred: sent 3404, received 1988 bytes, in 0.3 seconds
Bytes per second: sent 13427.0, received 7841.6
debug1: Exit status 0

If in the ~/.ssh/config file I replace two first two lines from

IdentityFile ~/.ssh/user4work
IdentityFile ~/.ssh/user4home

to

IdentityFile ~/.ssh/user4home    
IdentityFile ~/.ssh/user4work

Then user4home account works via ssh in git, but user4work does not.

I think I am missing something here. Any ideas?

Thank you.

This is how I resolved the issue for MacOS: check this [link](https://stackoverflow.com/a/71520433/4685823). — Gastón Antonio Montes, Mar 18 '22 at 00:13

score 2 · Accepted Answer · answered Jul 28 '20 at 21:12

2

You should replace the git@bitbucket.org portion of clone URLs with bitbucket.org-user4work when you want to access a repository with work credentials

You should replace the git@bitbucket.org portion of clone URLs with bitbucket.org-user4home when you want to access a repository with personal credentials

So, for example, if you have a work repository that is originally cloned using:

git clone git@bitbucket.org:organization/project.git

You should instead run

git clone bitbucket.org-user4work:organization/project.git

answered Jul 28 '20 at 21:12

Omer Tuchfeld

2,886
1
17
24

Thank you for your help. But this does not work for `user4home` account. Only for `user4work`. But when I replace 2 lines in config and put `user4home` IdentityFile at the first, then user4home starts working, but user4work stops. This works this way regardless of putting username in clone (remote names) command as you advised. – Rafael Jul 28 '20 at 21:27
Completely remove the `IdentityFile` lines in `ssh.config` that don't belong to any `Host`. Replace `git@bitbucket.org` with `bitbucket.org-user4work` in clone URLs, not with `user4work`. Note that this is the name of the `ssh.config` host and NOT the username. Does that work? – Omer Tuchfeld Jul 28 '20 at 21:29
1

Yes, that solved the issue. I have to remove two identityfile declarations. Thank you. – Rafael Jul 28 '20 at 21:32

Multiple ssh-keys for bitbucket server on Windows 10

1 Answers1