Bitbucket provides for setting up a key on a repository for read-only access. Without debating the merits of the following methodology, I want to use this feature in order to git pull to deploy changes to websites (as user root), but I also want to provide for a non-root user to very occasionally be able to push to the repo from the web server using their own key. I've assigned root's default id_rsa.pub key as the Bitbucket repository key, and the pull (read-only) functionality is working when signed in as root. However, I get an error when trying to push from a specific user. The error is:
Load key "/home/user1/.ssh/bitbucket": Permission denied
[email protected]: Permission denied (publickey).
fatal: Could not read from remote repository.
I am issuing the git push as user1, so I don't understand why it's giving a Permission denied error when trying to load the key. Why can't user1 load and use his own key? The private part of both keys mentioned below has permissions set to 600, and the public part has permissions set to 644.
The setup:
- Ubuntu 20.04
- Two users: root and user1
- root's
id_rsa.pubkey added to the Bitbucket repository's Access Keys - user1's key for accessing Bitbucket (named
bitbucket.pub) added to the user's SSH Keys in BitBucket
A config file in /root/.ssh/ with the following:
Host bitbucket.org
HostName bitbucket.org
IdentityFile /root/.ssh/id_rsa
IdentitiesOnly yes
A config file in /home/user1/.ssh/ with the following:
Host bitbucket.org
HostName bitbucket.org
User git_user1
IdentityFile /home/user1/.ssh/bitbucket
IdentitiesOnly yes
git remote -v shows:
origin [email protected]:our_bitbucket_organization/website-name.git (fetch)origin [email protected]:our_bitbucket_organization/website-name.git (push)
user1 can push to the repo fine from their development server - the user is a user in the organization and so is a user on the repo. I have also tried commenting out the User line in user1's config file but get the same error.
I've also studied this question (and especially this answer) but can't find anything in there that quite addresses this error. I want to have two separate config files, not a single config file.
Any suggestions are greatly appreciated.
CodePudding user response:
Load key "/home/user1/.ssh/bitbucket": Permission denied
The error means the file is not readable by user1. To fix:
chown -R user1 /home/user1/.ssh
chmod -R u=rwX,go= /home/user1/.ssh
PS. This is more generic than just a fix for one file. Just in case.