Logo Questions Linux Laravel Mysql Ubuntu Git Menu
 

Can't push/pull to bitbucket via SSH using IPv6

When I can push/pull to bitbucket:

  • From my work computer via ssh key id_rsa_bitbucket_work
  • From my laptop, but only when logged into VPN (Cisco AnyConnect) via ssh key id_rsa_bitbucket. My VPN has a static IP.
  • Always using https.

When I cannot push/pull to bitbucket:

  • From my laptop anytime VPN is not connected, via ssh key ida_rsa_bitbucket.
  • From my laptop on my work network network when not on VPN, even though I'm nominally on the same network I would be with VPN.

The appropriate entry in my ~/.ssh/config is:

Host bitbucket
     HostName bitbucket.org
     User git
     IdentityFile ~/.ssh/id_rsa_bitbucket

Connecting to github repositories via SSH always works, regardless of what network/VPN I am going through.

I have checked to make sure that:

  • My SSH agent is running and has the correct keys loaded.
  • My SSH agent is handing out the same key regardless of VPN settings.

The output from ssh -Tv bitbucket when NOT logged in to VPN is:

OpenSSH_6.9p1, LibreSSL 2.1.8
debug1: Reading configuration data /Users/fcarter/.ssh/config
debug1: /Users/fcarter/.ssh/config line 1: Applying options for bitbucket
debug1: Reading configuration data /etc/ssh/ssh_config
debug1: /etc/ssh/ssh_config line 21: Applying options for *
debug1: /etc/ssh/ssh_config line 56: Applying options for *
debug1: Connecting to bitbucket.org [2401:1d80:1010::150] port 22.
debug1: Connection established.
debug1: identity file /Users/fcarter/.ssh/id_rsa_bitbucket type 1
debug1: key_load_public: No such file or directory
debug1: identity file /Users/fcarter/.ssh/id_rsa_bitbucket-cert type -1
debug1: Enabling compatibility mode for protocol 2.0
debug1: Local version string SSH-2.0-OpenSSH_6.9
debug1: Remote protocol version 2.0, remote software version conker_1.0.284-7b46313 app-127
debug1: no match: conker_1.0.284-7b46313 app-127
debug1: Authenticating to bitbucket.org:22 as 'git'
debug1: SSH2_MSG_KEXINIT sent
debug1: SSH2_MSG_KEXINIT received
debug1: kex: server->client aes128-ctr hmac-sha2-256 none
debug1: kex: client->server aes128-ctr hmac-sha2-256 none
debug1: expecting SSH2_MSG_KEX_ECDH_REPLY
debug1: Server host key: ssh-rsa SHA256:zzXQOXSRBEiUtuE8AikJYKwbHaxvSc0ojez9YXaGp1A
debug1: Host 'bitbucket.org' is known and matches the RSA host key.
debug1: Found key in /Users/fcarter/.ssh/known_hosts:12
debug1: SSH2_MSG_NEWKEYS sent
debug1: expecting SSH2_MSG_NEWKEYS
debug1: SSH2_MSG_NEWKEYS received
debug1: SSH2_MSG_SERVICE_REQUEST sent
debug1: SSH2_MSG_SERVICE_ACCEPT received
debug1: Authentications that can continue: publickey
debug1: Next authentication method: publickey
debug1: Offering RSA public key: /Users/fcarter/.ssh/id_rsa_bitbucket
debug1: Server accepts key: pkalg ssh-rsa blen 535
debug1: Authentication succeeded (publickey).
Authenticated to bitbucket.org ([2401:1d80:1010::150]:22).
debug1: channel 0: new [client-session]
debug1: Entering interactive session.
debug1: Sending environment.
debug1: Sending env LANG = en_US.UTF-8
debug1: channel 0: free: client-session, nchannels 1
Transferred: sent 4048, received 1776 bytes, in 10.1 seconds
Bytes per second: sent 401.8, received 176.3
debug1: Exit status -1

It appears to connect and authenticate (via IPv6?), but exits with an error.

The output from ssh -Tv bitbucket when logged into my VPN is:

OpenSSH_6.9p1, LibreSSL 2.1.8
debug1: Reading configuration data /Users/fcarter/.ssh/config
debug1: /Users/fcarter/.ssh/config line 1: Applying options for bitbucket
debug1: Reading configuration data /etc/ssh/ssh_config
debug1: /etc/ssh/ssh_config line 21: Applying options for *
debug1: /etc/ssh/ssh_config line 56: Applying options for *
debug1: Connecting to bitbucket.org [2401:1d80:1010::151] port 22.
debug1: connect to address 2401:1d80:1010::151 port 22: Permission denied
debug1: Connecting to bitbucket.org [104.192.143.3] port 22.
debug1: Connection established.
debug1: identity file /Users/fcarter/.ssh/id_rsa_bitbucket type 1
debug1: key_load_public: No such file or directory
debug1: identity file /Users/fcarter/.ssh/id_rsa_bitbucket-cert type -1
debug1: Enabling compatibility mode for protocol 2.0
debug1: Local version string SSH-2.0-OpenSSH_6.9
debug1: Remote protocol version 2.0, remote software version conker_1.0.284-7b46313 app-125
debug1: no match: conker_1.0.284-7b46313 app-125
debug1: Authenticating to bitbucket.org:22 as 'git'
debug1: SSH2_MSG_KEXINIT sent
debug1: SSH2_MSG_KEXINIT received
debug1: kex: server->client aes128-ctr hmac-sha2-256 none
debug1: kex: client->server aes128-ctr hmac-sha2-256 none
debug1: expecting SSH2_MSG_KEX_ECDH_REPLY
debug1: Server host key: ssh-rsa SHA256:zzXQOXSRBEiUtuE8AikJYKwbHaxvSc0ojez9YXaGp1A
debug1: Host 'bitbucket.org' is known and matches the RSA host key.
debug1: Found key in /Users/fcarter/.ssh/known_hosts:12
debug1: SSH2_MSG_NEWKEYS sent
debug1: expecting SSH2_MSG_NEWKEYS
debug1: SSH2_MSG_NEWKEYS received
debug1: SSH2_MSG_SERVICE_REQUEST sent
debug1: SSH2_MSG_SERVICE_ACCEPT received
debug1: Authentications that can continue: publickey
debug1: Next authentication method: publickey
debug1: Offering RSA public key: /Users/fcarter/.ssh/id_rsa_bitbucket
debug1: Server accepts key: pkalg ssh-rsa blen 535
debug1: Authentication succeeded (publickey).
Authenticated to bitbucket.org ([104.192.143.3]:22).
debug1: channel 0: new [client-session]
debug1: Entering interactive session.
debug1: Sending environment.
debug1: Sending env LANG = en_US.UTF-8
logged in as faustin315.

You can use git or hg to connect to Bitbucket. Shell access is disabled.
debug1: client_input_channel_req: channel 0 rtype exit-status reply 0
debug1: channel 0: free: client-session, nchannels 1
Transferred: sent 4048, received 1984 bytes, in 0.2 seconds
Bytes per second: sent 16284.6, received 7981.4
debug1: Exit status 0

It appears to connect and authenticate (via IPv4?) and everything is fine.

Update: After finding this issue on bitbucket's site, I tried adding 104.192.143.2 bitbucket.org to my /etc/hosts file. This did not fix the issue.

like image 392
Faustin Carter Avatar asked Mar 19 '17 16:03

Faustin Carter


People also ask

How do I SSH into a bitbucket repository?

add their own SSH keys to Bitbucket Server use those SSH keys to secure Git operations between their computer and the Bitbucket Server instance. Bitbucket Server users must each add their own SSH key pairs to their Bitbucket Server account to be able to use SSH access to repositories. Supported key types are DSA, RSA2, and Ed25519.

Why doesn't my SSH key work with Bitbucket?

If your SSH agent doesn't know to offer Bitbucket a key, the connection fails. You may run into this issue if you've recently restarted your system. To find out what keys your SSH agent is currently offering and to add them to the agent: Check to see if your SSH key is loaded:

How do I push files from local to Bitbucket?

Enter git push at the command line to copy your files from your local repository to Bitbucket. If prompted for authentication, enter your Bitbucket password. Push changes to a Mercurial repository Create your new files or edit existing files in your local project directory.

How do I add an IP address to Bitbucket?

Get the IP to bitbucket, by ping bitbucket from Windows command prompt. Add the IP to the /etc/hosts file. Add following entry in host (including port number 22) on Windows OS This seems a lot like the issue I'm facing. In my case the problem was related to IPv6 (for details see: Can't push/pull to bitbucket via SSH when behind VPN. IPv6 issue? ).


1 Answers

Updated after lots of help from Bitbucket support:

After much more research, the problem appears to be on my router's end (Linksys E3200) and is somehow related to IPv6. I have no trouble accessing IPv6-only sites, and everything works fine with github (this is because github is IPv4 only). However, there is something being filtered out that SSH needs to work properly. If I jack directly into my modem and run ssh -Tvv bitbucket it authenticates properly over IPv6.

In order to work around the problem (while I shop for a new router), I am forcing connections to bitbucket to only use IPv4 by adding AddressFamily inet to my ~/.ssh/config file (thanks to: https://stackoverflow.com/a/35113901/7735643). So the updated entry for bitbucket now reads:

Host bitbucket
     HostName bitbucket.org
     User git
     IdentityFile ~/.ssh/id_rsa_bitbucket
     AddressFamily inet
like image 61
Faustin Carter Avatar answered Oct 05 '22 12:10

Faustin Carter