Bitbucket and SSH keys

The provider Bitbucket does not offer (even in the paid tariffs Standard and Premium) the possibility to store SSH keys with write permissions on repository level. Storing your personal SSH key on the production server is not an option, because from there you have access to all other projects you are currently working on. Although there are so-called Access Keys, they only allow read permissions.


So if you develop locally on a project and then integrate this repository on a production server with write access, there are two options: Either you create your own user (to be licensed and from 5 users chargeable) for this purpose, or you use the rather unknown SSH agent forwarding .

With this procedure, you can reuse your local SSH key on a remote server in the current session without having to permanently store the key there. The setup is simple: First, you make sure that you can connect directly to both the remote server and Bitbucket using your SSH key. Then you start the SSH agent on your local machine with eval `ssh-agent -s` and store your current key with ssh-add -k . With agent forwarding activated, you can now connect to the remote server via ssh -A username @ host1 and then access your Bitbucket repository without any further password query, without having to store the SSH key of the remote server there.

Another alternative is to switch to a completely different provider: GitLab, for example, offers a free quota of 10 GB (compared to 2 GB for Bitbucket) and an unlimited number of team members, as well as so-called Deploy Keys, which allows you to add as many additional SSH keys (e.g. from the production server) to each repository as you wish, granting write access to the repository.

Back