Troubleshoot SSH issues

このページの内容

If you're having problems with SSH, here are some things you can try when troubleshooting your issues.

Troubleshoot error messages

You may see the following error messages when trying to authenticate over SSH.

このページの内容

Permission denied (publickey)

もしくは

No suitable response from remote

When attempting to clone, push, or pull over SSH with Git or Mercurial, you may receive one of these messages if Bitbucket couldn't authenticate with the keys that your SSH agent offered.

Here are the most common reasons why you may see these messages:

  • You used sudo when attempting the connection

    You shouldn't use sudo when cloning, pushing, or pulling because the ssh-agent runs on the user level, not the root level.


  • Your public key isn't loaded into Bitbucket

    To check if your public key is loaded into Bitbucket, do the following:

    1. From Bitbucket, choose Bitbucket settings from your avatar in the lower left.
      The Account settings page displays.
    2. Click SSH keys.
      The SSH keys page shows a list of any existing keys.
    3. If you don't have any keys listed, you can follow our Set up an SSH key documentation to set one up.

  • Your key isn't loaded into your SSH agent

    If your SSH agent doesn't know to offer Bitbucket a key, the connection fails.

    To find out what keys your SSH agent is currently offering and to add them to the agent:

    From the terminal

    Check to see if your SSH key is loaded:

    $ ssh-add -l

    If you don't see your key listed, add it by entering ssh-add followed by the path to the private key file:

    $ ssh-add ~/.ssh/<private_key_file>
    From Sourcetree

    Windows:

    Double click the Pageant icon in your system tray to open the Pageant Key List dialog.


    If you don't see your SSH key, click Add Key.

Could not open a connection to your authentication agent

You may see this error when trying to use the ssh-add command. Most likely your ssh-agent did not start properly. To start the agent, run the following:

 

$ eval `ssh-agent`
Agent pid 9700
Then, continue using the  ssh-add  command to add your keys.

unexpected token

If your .bashrc doesn't launch correctly, you may see these types of messages:

line19: syntax error near unexpected token 'then'
line 19: ' if[ $? -eq 0 ]; then '
These messages mean that you might have introduced errors when cutting and pasting from a browser. This error is common when using Chrome, so try another browser such as Firefox.
Operation timed out

If you have an operation that timed out, you'll receive this message or something similar:

 

ssh: connect to host bitbucket.org port 22: Operation timed out
fatal: The remote end hung up unexpectedly
Completed with errors, see above
A timeout means that your computer was unable to reach Bitbucket, likely due to something in your own network. For example, your network administrator may have a firewall rule that blocks the connection. Talk to your network administrator to resolve the issue.

The authenticity of host 'bitbucket.org (104.192.143.1)' can't be established.

Because Bitbucket hosts only allow Git and Mercurial to make SSH connections, the first time you access Bitbucket using the SSH URL, your SSH client checks to see if the Bitbucket host is a known host. If the host is not in your ~/.ssh/known_hosts file, SSH warns you that it's adding the Bitbucket host to known hosts if you continue:

$ hg clone ssh://hg@bitbucket.org/newuserme/mquotefork testkey
The authenticity of host 'bitbucket.org (104.192.143.1)' can't be established.
RSA key fingerprint is 97:8c:1b:f2:6f:14:6b:5c:3b:ec:aa:46:46:74:7c:40.
Are you sure you want to continue connecting (yes/no)?

When you see this warning, you can enter yes.

 

If you view the contents of known hosts, you'll see the actual key is stored in a base64 encoded format:

bitbucket.org,104.192.143.1 ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAQEAubiN81eDcafrgMeLzaFPsw2kNvEcqTKl/VqLat/MaB33pZy0y3rJZtnqwR2qOOvbwKZYKiEO1O6VqNEBxKvJJelCq0dTXWT5pbO2gDXC6h6QDXCaHo6pOHGPUy+YBaGQRGuSusMEASYiWunYN0vCAI8QaXnWMXNMdFP3jHAJH0eDsoiGnLPBlBp4TNm6rYI74nMzgz3B9IikW4WVK+dc8KZJZWYjAuORU3jc1c/NPskD2ASinf8v3xnfXeukU0sJ5N6m5E8VLjObPEO+mN2t/FZTMZLiFqPWc/ALSqnMnnhwrNi2rbfg/rd/IpL8Le3pSBne8+seeFVBoGqzHM9yXw==
We suggest you record Bitbucket's public host key before connecting to it for the first time. Depending on the security protocols in your network, the system administrator may maintain a centrally located list of approved known hosts. The public key fingerprints for the Bitbucket server are:
SHA256 形式
2048 SHA256:zzXQOXSRBEiUtuE8AikJYKwbHaxvSc0ojez9YXaGp1A bitbucket.org (RSA)
1024 SHA256:RezPkAnH1sowiJM0NQXH90IohWdzHc3fAisEp7L3O3o bitbucket.org (DSA)
md5 形式
97:8c:1b:f2:6f:14:6b:5c:3b:ec:aa:46:46:74:7c:40 (RSA)
35:ee:d7:b8:ef:d7:79:e2:c6:43:9e:ab:40:6f:50:74 (DSA)
To get the format suitable for storage in the known hosts, you can use the following  ssh-keyscan  command:

 

$ ssh-keyscan -t rsa bitbucket.org
# bitbucket.org SSH-2.0-OpenSSH_5.3
bitbucket.org ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAQEAubiN81eDcafrgMeLzaFPsw2kNvEcqTKl/VqLat/MaB33pZy0y3rJZtnqwR2qOOvbwKZYKiEO1O6VqNEBxKvJJelCq0dTXWT5pbO2gDXC6h6QDXCaHo6pOHGPUy+YBaGQRGuSusMEASYiWunYN0vCAI8QaXnWMXNMdFP3jHAJH0eDsoiGnLPBlBp4TNm6rYI74nMzgz3B9IikW4WVK+dc8KZJZWYjAuORU3jc1c/NPskD2ASinf8v3xnfXeukU0sJ5N6m5E8VLjObPEO+mN2t/FZTMZLiFqPWc/ALSqnMnnhwrNi2rbfg/rd/IpL8Le3pSBne8+seeFVBoGqzHM9yXw==

remote: No supported authentication methods left to try!

You can get this error when trying to authenticate with SSH on Windows with Sourcetree.

To fix this error:

  • Check that Pageant is running and has a key loaded.
  • Check that you've added the corresponding public key to your Bitbucket account.

Troubleshoot other SSH issues

You may run into the following SSH issues without getting an error message.

If pushing to a Mercurial repository is slow

If you're pushing a new Mercurial repository that's slow or hangs, you may need to enable Mercurial compression if you haven't done so already.

Enabling SSH compression is recommended but not required.

By default, Git automatically performs compression when sending or retrieving data, but Mercurial doesn't. Enabling SSH compression can speed up sending and retrieving data, drastically in some cases.

To enable SSH compression:

  1. Open the Mercurial global configuration file (~/.hgrc).
  2. Add this line to the UI section:

    ssh = ssh -C

    When you are done the file should look similar to this:

    [ui]
    # Name data to appear in commits
    username = Emma <emmap1@atlassian.com>
    ssh = ssh -C
  3. Save and close the file.

If port 22 is blocked

Some network administrators block outgoing SSH connections on port 22. If your network blocks this port, Bitbucket provides an alternate hostname and port combination you can use.

Instead, use altssh.bitbucket.org over port 443. Typically, port 443 is used for HTTPS, so administrators leave this port open for outbound web browsing. In this case, here's the URLs you can use:

Mercurial ssh://hg@altssh.bitbucket.org:443/<account_name>/<repo_name>/
Git ssh://git@altssh.bitbucket.org:443/<account_name>/<repo_name>/

Test SSH authentication

Use the commands in this section to troubleshoot SSH authentication issues.

To test your SSH authentication

This command checks your SSH agent for an SSH key, and then checks if that private key matches a public key for an existing Bitbucket account:

 

Git

Mercurial

$ ssh -T hg@bitbucket.org
If you don't have any keys loaded in the agent:
$ ssh -T hg@bitbucket.org
Permission denied (publickey).
If your local machine is unable to get the bitbucket.org IP address:
$ ssh -T hg@bitbucket.org
ssh: connect to host bitbucket.org port 22: Connection refused
If your connection is successful:
$ ssh -T hg@bitbucket.org
conq: logged in as teamsinspace.
You can use git or hg to connect to bitbucket. Shell access is disabled.

To track down problems with your SSH connection

If you receive a Permission denied (publickey) error, and you've already verified that your key is loaded into your SSH agent and into your Bitbucket account, you can get more information about your connection issues:

Git

Mercurial

$ ssh -v hg@bitbucket.org

With this command, the type of information in the response may include:

  • The SSH config file your terminal is reading

  • The IP address is connected to your local machine

  • The SSH keys that load for authentication
Response showing error
$ ssh -v hg@bitbucket.org
OpenSSH_5.6p1, OpenSSL 0.9.8r 8 Feb 2011
debug1: Reading configuration data /Users/emmap1/.ssh/config
debug1: Applying options for bitbucket.org
debug1: Reading configuration data /etc/ssh_config
debug1: Applying options for *
debug1: Connecting to bitbucket.org [172.16.10.101] port 22.
debug1: Connection established.
debug1: identity file /Users/emmap1/.ssh/emmap1 type 1
debug1: identity file /Users/emmap1/.ssh/emmap1-cert type -1
debug1: Remote protocol version 2.0, remote software version OpenSSH_5.3
debug1: match: OpenSSH_5.3 pat OpenSSH*
debug1: Enabling compatibility mode for protocol 2.0
debug1: Local version string SSH-2.0-OpenSSH_5.6
debug1: SSH2_MSG_KEXINIT sent
debug1: SSH2_MSG_KEXINIT received
debug1: kex: server->client aes128-ctr hmac-md5 zlib@openssh.com
debug1: kex: client->server aes128-ctr hmac-md5 zlib@openssh.com
debug1: SSH2_MSG_KEX_DH_GEX_REQUEST(1024<1024<8192) sent
debug1: expecting SSH2_MSG_KEX_DH_GEX_GROUP
debug1: SSH2_MSG_KEX_DH_GEX_INIT sent
debug1: expecting SSH2_MSG_KEX_DH_GEX_REPLY
debug1: Host 'bitbucket.org' is known and matches the RSA host key.
debug1: Found key in /Users/emmap1/.ssh/known_hosts:2
debug1: ssh_rsa_verify: signature correct
debug1: SSH2_MSG_NEWKEYS sent
debug1: expecting SSH2_MSG_NEWKEYS
debug1: SSH2_MSG_NEWKEYS received
debug1: Roaming not allowed by server
debug1: SSH2_MSG_SERVICE_REQUEST sent
debug1: SSH2_MSG_SERVICE_ACCEPT received
debug1: Authentications that can continue: publickey
debug1: Next authentication method: publickey
debug1: Offering RSA public key: /Users/emmap1/.ssh/emmap1
debug1: Authentications that can continue: publickey
debug1: No more authentication methods to try.
Permission denied (publickey).

In this run, the system offered the emmap1 public key first. It failed, so the system tried to use the default key and failed again. If the proper key fails, use the troubleshooting steps for the Permission denied (publickey) error message.

Response showing success
$ ssh -v hg@bitbucket.org
OpenSSH_5.6p1, OpenSSL 0.9.8r 8 Feb 2011
debug1: Reading configuration data /Users/manthony/.ssh/config
debug1: Applying options for bitbucket.org
debug1: Reading configuration data /etc/ssh_config
debug1: Applying options for *
debug1: Connecting to bitbucket.org [172.16.10.101] port 22.
debug1: Connection established.
debug1: identity file /Users/manthony/.ssh/manthony type 1
debug1: identity file /Users/manthony/.ssh/manthony-cert type -1
debug1: Remote protocol version 2.0, remote software version OpenSSH_5.3
debug1: match: OpenSSH_5.3 pat OpenSSH*
debug1: Enabling compatibility mode for protocol 2.0
debug1: Local version string SSH-2.0-OpenSSH_5.6
debug1: SSH2_MSG_KEXINIT sent
debug1: SSH2_MSG_KEXINIT received
debug1: kex: server->client aes128-ctr hmac-md5 zlib@openssh.com
debug1: kex: client->server aes128-ctr hmac-md5 zlib@openssh.com
debug1: SSH2_MSG_KEX_DH_GEX_REQUEST(1024<1024<8192) sent
debug1: expecting SSH2_MSG_KEX_DH_GEX_GROUP
debug1: SSH2_MSG_KEX_DH_GEX_INIT sent
debug1: expecting SSH2_MSG_KEX_DH_GEX_REPLY
debug1: Host 'bitbucket.org' is known and matches the RSA host key.
debug1: Found key in /Users/manthony/.ssh/known_hosts:2
debug1: ssh_rsa_verify: signature correct
debug1: SSH2_MSG_NEWKEYS sent
debug1: expecting SSH2_MSG_NEWKEYS
debug1: SSH2_MSG_NEWKEYS received
debug1: Roaming not allowed by serverhg
debug1: SSH2_MSG_SERVICE_REQUEST sent
debug1: SSH2_MSG_SERVICE_ACCEPT received
debug1: Authentications that can continue: publickey
debug1: Next authentication method: publickey
debug1: Offering RSA public key: /Users/manthony/.ssh/manthony
debug1: Remote: Forced command: conq manthony
debug1: Remote: Port forwarding disabled.
debug1: Remote: X11 forwarding disabled.
debug1: Remote: Agent forwarding disabled.
debug1: Remote: Pty allocation disabled.
debug1: Server accepts key: pkalg ssh-rsa blen 279
debug1: PEM_read_PrivateKey failed
debug1: read PEM private key done: type <unknown>
debug1: read PEM private key done: type RSA
Identity added: /Users/manthony/.ssh/manthony (/Users/manthony/.ssh/manthony)
debug1: read PEM private key done: type RSA
Connection closed by 172.16.10.101

To check whether you're running multiple versions of the ssh-agent

Enter ps at the command line when you have at least one loaded SSH key.

 

$ ps
PID PPID PGID WINPID TTY UID STIME COMMAND
5192 1 5192 5192 ? 500 19:23:34 /bin/ssh-agent
5840 1 5840 5840 con 500 08:38:20 /bin/sh
6116 5840 6116 1336 con 500 08:38:22 /bin/ps

The previous response shows only one running ssh-agent:

  • /bin/ssh-agent – The running ssh-agent.
  • /bin/sh – The shell you're in.
  • /bin/ps – The process you're running.

If this response returns more than one ssh-agent, kill all versions of the agents and restart ssh-agent.

To kill each version, use the kill command and the process ID, which is 5192 in the previous example:

$ kill 5192
To restart the ssh-agent , run:
$ eval 'ssh-agent'

To check that the SSH key you want to use is loaded

To list your loaded keys, enter ssh-add -l (that's the letter, not the number). This example returns two different keys:

$ ssh-add -l
2048 4c:80:61:2c:00:3f:9d:dc:08:41:2e:c0:cf:b9:17:69 /Users/manthony/.ssh/workid (RSA)
2048 7a:9c:b2:9c:8e:4e:f4:af:de:70:77:b9:52:fd:44:97 /Users/manthony/.ssh/personalid (RSA)

If you don't see the SSH key you want to use, add it by entering ssh-add followed by the path to the private key file:

$ ssh-add ~/.ssh/<private_key_file>

If you're still having problems, try removing all the SSH keys that you don't want to use:

$ ssh-add -d ~/.ssh/<private_key_file>
On Windows using Sourcetree

Double click the Pageant icon in your system tray to open the Pagent Key List dialog.


If you don't see your SSH key, click Add Key to add it.

To check that the ssh-agent is running

Enter ps -e  | grep [s]sh-agent to check whether it's running. If the ssh-agent is running, you'll see the following response:

$ ps -e  | grep [s]sh-agent
 9060 ??         0:00.28 /usr/bin/ssh-agent -l

If the agent isn't running, the terminal doesn't return anything. If that's the case, start the agent manually with the following command:

$ ssh-agent /bin/bash
On Windows using Sourcetree

Make sure Pageant is running in your system tray:

Click Add Key to add any key not included in the list.

最終更新日 2017 年 9 月 13 日

この翻訳に満足しましたか?

はい
いいえ
この記事についてのフィードバックを送信する

お探しの情報が見つかりませんか?

コミュニティへの質問

Powered by Confluence and Scroll Viewport.