Bitbucket ssh key seems to "expire" after a few days - ssh

I have never had this issue before was hoping someone could help explain why this is happening, as I can't find anything online about it.
I was just given access to a new bitbucket project and account. When I first add my ssh key to my new account, I am able to clone things down easily everything works normally. For some reason though, after a few hours, I suddenly start getting Permission denied (public key) errors, and the only way i've found to solve it is to delete my previous ssh key and create a brand new one!
I am on a mac and I use ssh-keygen to create my key, and i always run ssh-add to add it to the agent. Then I delete the public key from bitbucket and create a new one with the new key's info, and it starts working again but only for a few hours!!
Is this a setting on the bitbucket i've been given access to? It doesn't seem to be as everyone I've spoken to that also has access does not have this issue. This has always been the way i've added ssh keys and I have no clue what I'm doing wrong.
Thanks!

Related

Setting up an SSH key for github

I'm doing pre-courses for my classes that start soon and one of the tasks they'd like me to complete is setting up an SSH key for GitHub. Everything was going great, but upon copying the key to paste it into GitHub, the code "clip <> ~ / . SSH / id_ed25519.pub" I was instructed to enter didn't copy it, but said something like "...Is a directory". I'm not familiar with any of this as I'm just a beginner, so I started googling. I found the code "clip < ~/.ssh/id_rsa.pub" to copy, and tried that out. So it did copy the key and successfully link it in GitHub, but I then got to a point where the course was telling me to confirm it in the GitBash terminal. So I start to confirm it and the course tells me to confirm that the key fingerprint matches GitHub's public RSA key fingerprint. It did not match, but it did match the Ed25519 fingerprint. I connected anyways just to see if I could, and successfully connected. Any idea what I did wrong? Will this serve the same purpose, should it be fine? Thanks in advance.

Mercurial: How to post-hook push to Bitbucket?

We have a 'master' Mercurial server on our network that we use for a local staging box. Our team does all of our pushes and pulls to/from this one box. I'm having trouble with the implementation I'm using, but I'm also second guessing whether what I want to do is even a good idea...
We also want to start using BitBucket, but only as a secondary server. I'd like to use a hook to automatically push to Bitbucket, but I can't get it working right...
Here's the HGRC from the 'master' repo:
[hooks]
changegroup =
changegroup.update = hg update
changegroup.bitbucket = hg push ssh://hg#bitbucket.org/account/repo
If I manually fire off the above push, everything works perfectly. However, as a hook it fails:
warning: changegroup.bitbucket hook exited with status 255
I followed this guide to get SSH working: Set up SSH for Git and Mercurial on Mac OSX/Linux
I get my keys generated, I run ssh-agent, and I ssh-add the key. But ssh-agent doesn't seem to be doing anything, and as soon as I exit the SSH session it seems to leave memory. Additionally, when I test it out with ssh -Tv hg#bitbucket.org it prompts me for my password. I thought the whole point of this was for it not to do that?
But taking a step back, maybe this is a terrible idea to being with. If I give my public key to Bitbucket wouldn't that theoretically mean if someone got a hold of it, they could SSH in to my box without a password?
And if so, what alternative do I have to forward commits to bitbucket? I'd rather not use HTTPS because it would require putting our bitbucket password as plain/text in the .hg/hgrc file...
Maybe there's some more obvious way to do this that I'm missing? For the developers, I'd rather keep things the way they are now (everyone push to master) instead of reconfiguring everyone's developer box to have a private key and to push to bitbucket instead...
As always, thanks for any help you guys can provide.
Woah, there are a lot of questions there. I'll hit a few of 'em:
But ssh-agent doesn't seem to be doing anything, and as soon as I exit the SSH session it seems to leave memory.
You're correct. ssh-agent is for interactive sessions, not for automation. In most usages when you log out it's killed, but even if that weren't the case it wouldn't be working as you imagine because when someone does that hg push they're running a new, non-interactive session that wouldn't have access to the ssh-agent anyway
Additionally, when I test it out with ssh -Tv hg#bitbucket.org it prompts me for my password.
Testing it out like that isn't valid. That's saying "I want to log into an interactive session at bitbucket with the username hg", but that's not what they authorize you to do. If you send them your public key they let you login as the user hg only for the purposes of doing hg non-interactive commands.
Additionally, when I test it out with ssh -Tv hg#bitbucket.org it prompts me for my password.
No, public keys are meant to be public -- you can list anyone's on github for example. The public key just says "anyone who has the private key that matches this is authorized to...", so any site that wants your private key are crooks, but any site that wants you public key is just offering you a way to use something better than a password.
One thing you may be missing about hooks is "who" the hook runs as. When people are pushing to your "centralish" repo over ssh that the hook is being run as their unix user, and if they're pushing over http the hook is being run as the web server's user.
If you had:
a private ssh key with no password on it
the public key matching that private key setup on bitbucket
the unix user running the hook using that private key for access to bitbucket.org
then what you're trying to do would work.

GCE permission denied (publickey)

When I create a new instance in GCE I'm able to ssh to that new instance without an issue. gcutil checks to see if I have the keys (google_compute_engine) and if not, it will create them for me. It will then push the keys to the instance and will pause for five minutes to ensure the keys are placed there. Again, this all works smoothly on a new instance that I create. This also tells me that my ssh works.
However, when trying to connect to another instance that already exists using "gcutil --project= ssh ", it produces "Permission Denied (publickey). I removed the keys and re-ran the command and same error. The expected result would be like above - i.e create keys and push them to the instance. But this doesn't happen.
ssh -vvv has no useful info. /var/log/auth.log doesn't even show an attempted connection.
Anyone in GCE world/ssh have any idea why gcutil works so smoothly for one instance but not for the other? What should I check for debugging this?
Thanks in advance.
You might want to look at the answer to this question that explains how gcutil works. It covers a number of different scenarios at the end.

SSH Public Keys not working against CloudBees Repositories

I'm trying to use git as my repository, and I keep getting the error: Permission denied (publickey).
I've tried generating keys on my computer and placing the generated key in my cloudbees account as well as my known_hosts file.
I've also tried adding the key listed in the Jenkins job that I created in my known_hosts, and I'm still unable to connect.
I'm not really sure how to obtain the correct key or how/where to go about placing the key in the correct places.
Any help would be much appreciated.
Thanks,
Danny
There are a couple of things to try shown at http://wiki.cloudbees.com/bin/view/DEV/Git+-+Getting+Started#HTroubleshooting
That being said, it sounds like you're new to SSH, and the commands in the above FAQ may not help.
Generally speaking you will generate a public and private key pair. The public key (~/.ssh/id_rsa.pub / ~/.ssh/id_dsa.pub) will be pasted into GrandCentral as shown in the link above.

How to change EC2 Public Key?

I'm trying to change my EC2 public key for myself, the rest of my team who uses AWS, and also for running instances.
So the old key was (for example) 'my_key', and I made a new key called 'my_key2'.
I made the new key, saved the .pem file alongside the old one, so both 'my_key.pem' and 'my_key2.pem' are residing in my ~/.ssh folder.
Now, I'm trying to ssh into other instances to change they authorization_keys to share my public key, but when I try to ssh, I get
amy$ ssh ***-**-**-***-***.foo.com
Permission denied (publickey).
I tried taking the new 'my_key2' file out of the .ssh folder, and the same problem occurs. I didn't have this problem before I started mucking around. Any tips on getting ssh to recognize my old certificates so that I can get everyone going on the new keys?
You will need to stop the instance (if EBS-backed instance) in order to change the key pair to be used for the instance. If not EBS-backed volume you will just need to start another instance from your AMI with the the new key pair.
If you are not able to easily restart the instance or create a new instance, there is this method which purports to being able to change public keys on a running instance, but I haven;t tried it. Really the right way to do it is by stopping/starting or creating new instances.
http://seabourneinc.com/2011/01/19/change-key-pairs-on-aws-ec2-instance/
http://seabourneinc.com/2011/01/19/change-key-pairs-on-aws-ec2-instance/
This solution works. I checked it.
In simple steps.
login to AWS console, create a new pem key, it will ask you to save it to local, save it.
run the following command.
ssh-keygen -y | tee my_key.pub
type the path to where you have saved the new pem key file along with the file name.
the above command will display the contents on the screen, copy it, and paste into the
authorized_keys file of the EC2 instance, save and close.
now you can use the saved/downloaded new pem key file to access the EC2 instance.