Often I'll connect via SSH to VM instances to deploy code from private Bitbucket repositories, cloning repositories via git over SSH. Today I was getting the error:
conq: repository access denied. deployment key is not associated with the requested repository.
A quick search showed it was the problem described in Repository access denied. access via a deployment key is read-only. The issue is my forwarded SSH agent was trying to connect to Bitbucket with a Vagrant development key that I'd added since I'd last tried to clone a private repository over SSH. (Removing the Vagrant key from my .ssh
directory allowed me access to the private repositories again.)
My SSH config
is:
Host bitbucket.org User git IdentityFile ~/.ssh/bitbucket_key IdentitiesOnly yes
and locally this seems to behave as expected. The output of ssh -v [email protected]
shows
debug1: Authentications that can continue: publickey debug1: Next authentication method: publickey debug1: Offering RSA public key: /home/me/.ssh/bitbucket_key
whereas when I'm connected to another server over SSH:
debug1: Offering RSA public key: steve@not_a_bitbucket_key debug1: Authentications that can continue: publickey debug1: Offering RSA public key: steve@still_not_a_bitbucket_key debug1: Authentications that can continue: publickey debug1: Offering RSA public key: steve@bitbucket_key
Is there some other configuration other than IdentitiesOnly
that I'm missing to ensure only the requested keys are sent to particular servers when using agent forwarding?
Running Ubuntu 12.04 with OpenSSH 5.9p1 installed.
ssh-agent-proxy
?