問題

Bitbucket Server is receiving SSH requests with a valid public key that is not associated to an active user.

atlassian-bitbucket.log に次のメッセージが表示される。

INFO c.a.b.i.ssh.server.SshCommandAdapter git was successfully authenticated via public key, but is no longer active in the underlying user directory. The request has been blocked

診断

環境

• Bitbucket Server is connected to an external user directory.

• The external user directory is setup as a Delegated LDAP user directory

原因

この問題の原因として 2 種類の原因が確認されています。

Cause #1 - User deleted from the delegated directory

This happens because when a user is deleted from the delegated user directory, it is still preserved in Bitbucket Server. A user removed or deactivated from a delegated LDAP user directory needs to be manually removed as described on the Delegated LDAP user directory page.

Cause #2 - Changes in remote directory

Some configuration was performed in the remote directory, affecting Bitbucket synchronization.

ソリューション

Cause #1 - User deleted from the delegated directory

While this is the expected behavior and is not a symptom of any problem, it is still recommended to address this to make sure that no requests are authenticated using an SSH public key.

To address this:

• delete the user from Bitbucket
• remove the SSH key from the user

This is a suggestion to automatically delete these users from Bitbucket:  BSERV-11403 - Getting issue details... STATUS

Cause #2 - Changes in the remote directory

Check what change was made in the remote directory that is impacting Bitbucket and address it by fixing it or reverting the change.