Bitbucket Server is throwing "git was successfully authenticated via public key, but is no longer active in the underlying user directory. The request has been blocked"
プラットフォームについて: Server と Data Center のみ - この記事は、サーバーおよびデータセンター プラットフォームのアトラシアン製品にのみ適用されます。
問題
Bitbucket Server is receiving SSH requests with a valid public key that is not associated to an active user.
atlassian-bitbucket.log に次のメッセージが表示される。
INFO c.a.b.i.ssh.server.SshCommandAdapter git was successfully authenticated via public key, but is no longer active in the underlying user directory. The request has been blocked診断
環境
Bitbucket Server is connected to an external user directory.
- The external user directory is setup as a Delegated LDAP user directory
原因
This happens because when a user is deleted from the delegated user directory, it is still preserved in Bitbucket Server. A user removed or deactivated from a delegated LDAP user directory needs to be manually removed as described on the Delegated LDAP user directory page.
ソリューション
While this is the expected behaviour and is not a symptom of any problem, it is still recommended to address this to make sure that no requests are authenticated using an SSH public key.
To address this:
- delete the user from Bitbucket
- remove the SSH key from the user
This is a suggestion to automatically delete these users from Bitbucket: BSERV-11403 - Getting issue details... STATUS