Bitbucket and SSH keys

The provider Bitbucket (even in the paid tariffs Standard and Premium) does not offer the option to store SSH keys with write rights at the repository level. Storing your personal SSH key on the production server is not an option, since otherwise you can access all other projects that you are currently working on. There are so-called access keys , but these only allow read access.


If you develop locally on a project and then integrate this repository on a production server with write access, there are two options: Either you create your own user (to be licensed and for a fee from 5 users) or you use it the rather unknown SSH agent forwarding .

With this procedure you can reuse your local SSH key on a remote server in the current session without having to permanently store the key there. The setup is simple: First, make sure that you can connect directly to both the remote server and Bitbucket using your SSH key. Then you start the SSH agent with eval `ssh-agent -s` on your local machine and save your current key with ssh-add -k . Now you connect to the remote server with activated agent forwarding via ssh -A username @ host1 and can then access your Bitbucket repository without a further password prompt , without having to store the SSH key of the remote server there.

Another alternative is to switch to a completely different provider: GitLab, for example, offers a free quota of 10 GB (compared to 2 GB for Bitbucket), an unlimited number of team members, and so-called deploy keys . This means that you can store as many additional SSH keys (e.g. from the production server) as you like for each repository, which grant write access to the repository.

Back