Often I'll connect via SSH to VM instances to deploy code from private Bitbucket repositories, cloning repositories via git over SSH. Today I was getting the error:
conq: repository access denied. deployment key is not associated with the requested repository.
A quick search showed it was the problem described in Repository access denied. access via a deployment key is read-only. The issue is my forwarded SSH agent was trying to connect to Bitbucket with a Vagrant development key that I'd added since I'd last tried to clone a private repository over SSH. (Removing the Vagrant key from my .ssh
directory allowed me access to the private repositories again.)
My SSH config
is:
Host bitbucket.org User git IdentityFile ~/.ssh/bitbucket_key IdentitiesOnly yes
and locally this seems to behave as expected. The output of ssh -v git@bitbucket.org
shows
debug1: Authentications that can continue: publickey debug1: Next authentication method: publickey debug1: Offering RSA public key: /home/me/.ssh/bitbucket_key
whereas when I'm connected to another server over SSH:
debug1: Offering RSA public key: steve@not_a_bitbucket_key debug1: Authentications that can continue: publickey debug1: Offering RSA public key: steve@still_not_a_bitbucket_key debug1: Authentications that can continue: publickey debug1: Offering RSA public key: steve@bitbucket_key
Is there some other configuration other than IdentitiesOnly
that I'm missing to ensure only the requested keys are sent to particular servers when using agent forwarding?
Running Ubuntu 12.04 with OpenSSH 5.9p1 installed.
Best Answer
Did you try adding
ForwardAgent no
to your ssh config file for host bitbucket?Helpful sources: https://developer.github.com/guides/using-ssh-agent-forwarding/ https://support.ssh.com/manuals/server-zos-admin/55/Disabling_Agent_Forwarding.html
Edit: I reread your question's title (sorry I just woke up), but add
ForwardAgent no
to your config for all hosts if you don't want it to send to every machine you ssh to and just addForwardAgent yes
to hosts that you wish ssh agent forwarding to be active.