Issue
I've created public and private keys, and added the public key to the Bitbucket repository.
These private/public key pair is available in the .ssh folder of the user account I hope to clone to.
Attempting to clone with SSH produces a connection refused:
This lead me to believe that either the Bitbucket project/server is not configured for ssh, or maybe this is a firewall/port issue for my companies network. However, port 7999 and port 22 are open.
This lead me to investigate other means of cloning with ssh, but over http as described here (just in case if port 22 or 7999 was blocked): https://support.atlassian.com/bitbucket-cloud/docs/troubleshoot-ssh-issues/
To do this I modified my ssh config as follows:
Doing this allowed me to atleast establish a connection with bitbucket, but it acts as if the request was bad:
This lead me to believe that maybe i signed the cert incorrectly so I attempted a flavor of this: https://unix.stackexchange.com/questions/503851/how-to-generate-a-certificate-file-which-to-be-used-with-ssh-config
To add the certificatefile provided in the ssh config. It sounded like I would need to add that public key of the private key used to sign the user key (that generated the certificate). However, I won't have access to the private key for the cert available on the bitbucket server.
Separately, I was able to grab the public cert from altssh.bitbucket.di2e.net:443 and I did try using this, but still got a bad request... This probably doesn't make sense to use since this is in PEM format, but I figured it was worth a try..
openssl s_client connect altssh.bitbucket.di2e.net:443 < /dev/null | sed -ne '/-BEGIN CERTIFICATE/,/END CERTIFICATE/p' > public.crt
I'm wondering if I've incorrectly signed the user key with the cert key, but would like advise on best steps to do this.
Thanks!
Solution
Come to find out the bitbucket proxy server I was trying to connect to was not configured to handle altssh.bitbucket.di2e.net which caused the connection over :443 to get dropped.
Root of the issue was a combination of corporate firewall blocking 7999 to external (wasn't blocked internally), as well as /etc/ssh/sshd_config on the remote machine I was attempting to clone to not being configured to AllowAgentForwarding
Answered By - JLuxton