I'm running a CI machine on AppCenter and need to allow read/write access to a private BitBucket repository but I can't figure out how to do this.
My approach is to create an ssh key and during CI builds add the private key to the machine ssh-agent using ssh-add -K (mac machine).
I've created an ssh key on my local computer (mac) using ssh-keygen and uploaded the .pub key to BitBucket. Then as my CI runs I'm trying to take the private key and add it to the ssh-agent but I'm being prompt to enter a password and can't figure out how to inject it in a non-interactive shell mode.
Is this the right approach to grant access to BitBucket in CI? if so, how can I add an ssh key without being prompt to enter a password?
Scripts are in Ruby or Bash.
The repo contains certificates used for Fastlane Match
Answering my own question...
I ended up using BitBucket AppPasword and cloning via https. I think there has to be a better way but this work for my needs at the moment.
I needed access from my CI to a private BitBucket certificates repo to use with Fastlane Match, the value in my MatchFile forgit_url that allows me to clone the repo is:
git_url "https://{BITBUCKET_USER}:{BITBUCKET_APP_PASSWORD}#bitbucket.org/{BITBUCKET_USER}/{REPO}.git"
You can obtain a bitbucket app password by clicking your profile (Avatar) -> Settings -> App Passwords
I used bitbucket a lot in the past (mostly because of the private repos). Have not used it for a while and now I always get "fatal: Authentication failed" error when trying to clone a repo. I feel it may be related to this whole Atlassian thing because now I cannot find how to configure bitbucket user password, only Atlassian password. That's why I am asking: is there some other bitbucket user password and is there any way to change it?
All I see after clicking in the upper right corner when logged in bitbucket is "Manage Atlassian account, View profile, Bitbucket settings, Integrations, Log ot". Password changing is only located in "Manage Atlassian account".
This what I've done so far (without success):
changed password (several times, now it consists of the small letters only)
played with variations of URL (with/out username, adding password to url)
deleted bitbucket account and created a new one (however, connected to the same Atlassian account as before)
tested via different networks at home/work.
Nothing worked so far. The same result on different computers (Windows and Linux). In the same time I can clone Github repos and work with them as usual. I need HTTPS only.
You likely need to configure your SSH keys properly. Login to Bitbucket through the web browser. Click on your icon in the top right corner and click on Bitbucket Settings from the pop-up menu. On the next screen will be a Settings menu on the left hand side. Click on SSH keys. If you already have SSH keys setup on your computer you can add your current keys. If you don't you'll need to create some keys, usually done with the ssh-keygen command line tool. This should generate two files, id_rsa and id_rsa.pub. Open the id_rsa.pub file and copy the contents to your clip board. Back in your web browser click the Add Key button. Give it a label and paste the contents of your clipboard into the Key text box.
You'll need to make sure git is set to use this key when you connect either through an SSH config file.
Everything works after creating a brand new user for both Bitbucket and Atlassian with another email.
I'm trying to connect to my Debian Google Compute Engine server through PuTTy (I've tried other alternatives too) but when I do I get the error "Disconnected: No supported authentication methods available (server sent: publickey)
The google server came without a username and password, only a url to automatically login to their own terminal.
I had PuTTY working and then one day got this error.
Solution: I had revised the folder path name containing my certificates (private keys), and this caused Pageant to lose track of the certificates and so was empty.
Once I re-installed the certificate into Pageant then Putty started working again.
Turn on Password Authentication
By default, you need to use keys to ssh into your google compute engine machine, but you can turn on password authentication if you do not need that level of security.
Tip: Use the Open in browser window SSH option from your cloud console to gain access to the machine. Then switch to the root user with sudo su - root to make the configuration changes below.
Edit the /etc/ssh/sshd_config file.
Change PasswordAuthentication and ChallengeResponseAuthentication to yes.
Restart ssh /etc/init.d/ssh restart.
Please follow this guide: https://gist.github.com/feczo/7282a6e00181fde4281b
with pictures.
In short:
Using Puttygen, click 'Generate' move the mouse around as instructed and wait
Enter your desired username
Enter your password
Save the private key
Copy the entire content of the 'Public key for pasting into OpenSSH authorized_keys file' window. Make sure to copy every single character from the beginning to the very end!
Go to the Create instances page in the Google Cloud Platform Console and in the advanced options link paste the contents of your public key.
Note the IP address of the instance once it is complete.
Open putty, from the left hand menu go to Connection / SSH / Auth and define the key file location which was saved.
From the left hand menu go to Connection / Data and define the same username
Enter the IP address of your instance
name the connection below saved Sessions as 'GCE' click on 'Save'
double click the 'GCE' entry you just created
accept the identy of the host
Now login with the password you specified earlier and run
sudo su - and you are all set.
You need to use an SSH key to login to your instance.
The GCE documentation explains the process here.
I had the same problem but got it working by changing enable-oslogin from TRUE to FALSE in google cloud.
from:
to:
I had the same issue and just figured it out !!
Assuming that you already went and created private/public key added your public key on the remote server ... type in username#remotehost.com and THEN go to Connection -> SSH -> Auth and click Browse to locate your private key. After you choose it will populate the input field. After that click OPEN ...
So the important thing here is the order... make sure you first enter parameters for the host and then locate your private key.
I got this error because I had forgotten to add my username behind the key in the GCE metadata section. For instance, you are meant to add an entry into the metadata section which looks like this:
sshKeys username:key
I forgot the username: part and thus when I tried to login with that username, I got the no supported auth methods error.
Or, to turn off the ssh key requirement entirely, check out my other answer.
Apparently running sudo chmod -R a+rw on your home folder causes this to happen as well.
This problem mainly caused by your connected username not have the access to the shell in GCE. So you use the following steps to solve this issue.
gcloud auth list
If you are using the correct login. please follow the below steps. otherwise use
gcloud auth revoke --all
gcloud auth login [your-iam-user]
and you get the token or it automatically detect the token.
gcloud compute --project "{projectid}" ssh --zone "{zone_name}" "{instance_name}" .
if you dont know this above line click to compute engine-> ssh dropdown arrow-> view google command-> copy that code and use it
Now it update your metadata and it is available in your computer's folder Users->username
~/.ssh/google_compute_engine.ppk
~/.ssh/google_compute_engine.pub
Then you create a new ppk file using puttygen and you give the username, which you want like my_work_space. Then
save the publickey and privatekey in a folder.
Next step: Copy the public key data from puttygen and create new ssh key in gcloud metadata
cloud console ->compute engine->metadata->ssh key->add new item->paste the key and save it
and now return your shell commandline tool then enter
sudo chown -R my_work_space /home/my_work_space
now you connect this private key using sftp to anywhere. and it opens the files without showing the permission errors
:) happy hours.
If the private key has been generated with ssh-keygen in Linux it needs to be converted with puttygen because Putty does not support openssh keys.
Start puttygen, and click on Conversions - Import key, then click Browse and select the private key generated with openssh, then click on Save private key.
Use your new key to connect.
I faced the same issue and solve after several trial and error.
In the /etc/ssh/ssh_config, set
PubkeyAuthentication yes
AuthorizedKeysFile .ssh/authorized_keys
PasswordAuthentication no
AuthenticationMethods publickey
then, open putty.
In the "Saved Sessions", enter the server IP, go through the path Connection->SSH->Auth->Browse on the left panel to search your private key and open it.
Last but not least, go back to Session of putty on the left panel and you can see the server IP address is still in the field, "Saved Sessions", then click "Save", which is the critical step.
It will let the user login without password any more.
Have fun,
Download "PuttyGEN" get publickey and privatekey
use gcloud SSH edit and paste your publickey located in /home/USER/.ssh/authorized_keys
sudo vim ~/.ssh/authorized_keys
Tap the i key to paste publicKEY.
To save, tap Esc, :, w, q, Enter.
Edit the /etc/ssh/sshd_config file.
sudo vim /etc/ssh/sshd_config
Change
PasswordAuthentication no
[...]
ChallengeResponseAuthentication to no.
[...]
UsePAM no
[...]
Restart ssh
/etc/init.d/ssh restart.
the rest config your putty as tutorial
NB:choose the pageant add keys and start session would be better
Electricity went down and got this error. Solution was to double click your .ppk (Putty Private Key) and enter your password.
PasswordAuthentication and ChallengeResponseAuthentication default set to NO in rhel7.
Change them to NO and restart sshd.
Similar problem - same error message. I got the same message when trying to clone something from bitbucket with ssh. The problem was in my ssh configuration configured in the mercurial.ini: I used the wrong bitbucket username. After I corrected the user name things worked.
For me these was my problem, solution from https://unix.stackexchange.com/questions/282908/server-refused-public-key-signature-despite-accepting-key-putty
"Looking at the log /var/log/secure showed that it was just downright refused. I'm somewhat new to centos since I'm mainly a debian kind of guy, so I was unaware of /var/log/secure
After checking this and doing a bit of searching, it turns out PermitRootLogin no needs to be PermitRootLogin without-password if you want to specifically use just keys for root login. That did the trick. Thanks everyone for contributing."
I had the same error message and discovered that my mistake was in the username I used with putty. Apparently GCE SSH Keys listing would change your username characters in some of the listing. In my case, the underscore was changed to period. i.e: my_username becomes my.username
I inadvertently copied the wrong username from the listing and got the same error message.
I know this is an old question, but I had the same problem and solved it thanks to this answer.
I use Putty regularly and have never had any problems. I use and have always used public key authentication. Today I could not connect again to my server, without changing any settings.
Then I saw the answer and remembered that I inadvertently ran chmod 777 . in my user's home directory. I connected from somewhere else and simply ran chmod 755 ~. Everything was back to normal instantly, I didn't even have to restart sshd.
I hope I saved some time from someone
I've set up my local system for working with GitHub how descrided in the "Generating SSH Keys" How-To.
The key files and the known_hosts have been created, the public key has been added to the GitHub account, and I get the message "Hi ***! You've successfully authenticated, but GitHub does not provide shell access."
But all my attempts to do something, what needs a connection to the server (EDIT: with writing access) -- git clone, git push etc. -- end with an error:
fatal: The remote end hung up unexpectedly
EDIT:
I can clone, but only via HTTP (https://github.com/account/reponame.git) or Git Read-Only (git://github.com/account/reponame.git).
EDIT:
***#**** ~/.ssh
$ ssh-add -l
Could not open a connection to your authentication agent.
Although an ssh-agent daemon (ssh-agent.exe) is running.
Probably that is the problem.
The only instance where that error message pops up, while your public ssh key is correctly recorded by GitHub, is when
you try to clone a repo with a wrong case or an improper ssh url.
It should be:
git clone git#github.com:user/repo.git
you try to clone a repo for which you don't have write access (public repo), or any access (private repo).
From the GitHub page "Which remote URL should I use?"
To use these URLs, you must have write access to a public repo or any access to a private repo.
These URLs will not work with a public repo you do not have write access to.
the private key is passphrase protected and your authentication agent doesn't run properly:
$ ssh-add -l
Could not open a connection to your authentication agent.
For the last case, consider "How to run (git/ssh) authentication agent?" or "ssh-add complains: Could not open a connection to your authentication agent"
It works!
I've started the Pageant (PuTTY SSH authentication agent) and added my PuTTY private key id_rsa.pkk (exported with PuTTYgen (PuTTY Key Generator) from id_rsa) to it. Now I can write to my repos.
A small how-to for everyone, who has the same troubles I had:
0) Set up the local system for working with GitHub, how descrided in the "Generating SSH Keys" How-To.
1) Open PuTTYgen, load/import the (OpenSSH) private key id_rsa and save it (button Save private key) as id_rsa.pkk (in the same folder, where id_rsa is saved, -- ~/.ssh). You need this PuTTY variant of the key for PuTTY authentification with Pageant and (if you use it) TortoiseGit.
2a) Open Pageant (on my computer it's C:\Program Files (x86)\PuTTY\pageant.exe) and add the PuTTY private key. Or just open the PuTTY private key file (id_rsa.pkk) with Pageant.
2b) For TrtoiseGit I had only to set the SSH client (C:\Program Files (x86)\Git\bin\ssh.exe) in the global TrtoiseGit settings.
That's it.
I've got it working, but I don't have a deep understanding of this
thema and cannot provide a low level explanation of the solution and
the causes of this problem (and e.g why it was working in some clients
and wasn't in some others). So feel free to edit/comment this post, if
you can explain all this better.
I created private repository on bitbucket.org. I want to use it from IntelliJ IDEA.
I choose "Check out from Version Control" and there is message box with field Mercurial Repository URL and Test Repository button.
What should I enter into Mercurial Repository URL?
I tried
http://bitbucket.org/my_user_name/my_repo_name,
https://, and https://my_user_name#bitbucket.org/my_user_name/my_repo_name.
Nothing works.
When I click Test Repository I always get the message "Repository test has failed.".
I assume it is because there is no field for username and password, but can't I enter this data somehow?
Since only the latest hg4idea version supports authentication, you could try, for accessing and cloning your Bitbucket repo:
hg clone http://myuser:mypassword#bitbucket.org/MY_USER/MY_REPO
(that is, if your Bitbucket repo is a private one, which you did mention in your question:
'myuser' and 'mypassword' would then be the login and password for your Bitbucket account, using basic access authentication for the http url)
I was able to get this working by cloning the repository via a command-line prompt using the command that BitBucket gives me on my overview page. After doing that and activating version control on the project in IDEA, IDEA allowed me to push and pull from the repository successfully.