Bamboo SSH Key addition failures with Load Balancer configurations
Platform Notice: Data Center Only - This article only applies to Atlassian products on the Data Center platform.
Note that this KB was created for the Data Center version of the product. Data Center KBs for non-Data-Center-specific features may also work for Server versions of the product, however they have not been tested. Support for Server* products ended on February 15th 2024. If you are running a Server product, you can visit the Atlassian Server end of support announcement to review your migration options.
*Except Fisheye and Crucible
Summary
When a Load Balancer is used, Bamboo encounters an issue adding the SSH key for a repository in Bitbucket, although other functionalities such as application links continue to work as expected.
Environment
This issue has been observed with Bamboo version 9.6.3 and Bitbucket version 8.19.5, but it is also relevant to other versions. The problem occurs in both on-premises setups and environments where a Load Balancer manages the requests.
Diagnosis
The issue occurs specifically when Bamboo attempts to add the SSH Key to a Bitbucket repository. The following error messages are indicative of the problem:
1
2
INFO [http-nio-8085-exec-1] [BitbucketServerServerConfigurator] Public key was added to Bitbucket Server (Bamboo user: username, application: Bitbucket [https://bitbucket-server.com], location: repository SomeRepository/SR): ssh-ed25519 7aLHhFvzPQmN3flZ1K5dC/7jI67+oA8AnNtE47sxSAAAIaGcF1UYbPq3eW+rX{H}i67uL https://bamboo-server.com
INFO [http-nio-8085-exec-1] [BitbucketServerServerConfigurator] Can't authenticate with Bitbucket Server despite successful public key storage: ssh-ed25519 7aLHhFvzPQmN3flZ1K5dC/7jI67+oA8AnNtE47sxSAAAIaGcF1UYbPq3eW+rX{H}i67uL https://bamboo-server.com 1
2
3
4
New access key is required but could not be added to Bitbucket Server.
Warning: Permanently added '[127.0.0.1]:35223' (RSA) to the list of known hosts.
BAMBOO-SSH-PROXY: [SSH proxy tried to connect to [git@<bitbucket-url>/<load-balancer-ip>:7999]: and failed due to the following error: [Remote connection failed]: Failed to get the session.]
fatal: Could not read from remote repository. Please make sure you have the correct access rights and the repository exists.Cause
Although the key storage was successful, Bamboo was unable to authenticate with the Bitbucket Server shortly thereafter. The initial step of adding the SSH key to Bitbucket succeeds because it is performed via an HTTP/REST API call. However, the subsequent SSH connection fails due to improper configuration of SSH port forwarding.
It's crucial to verify the SSH Information in Bitbucket under Settings > "Troubleshooting and support tools" > "System Information" to check if all traffic is routed through the load balancer and to confirm the port used (default is 7999).
If the load balancer isn't properly forwarding SSH port 7999 to Bitbucket, the problem is likely there.
Solution
To diagnose the issue, if there's direct connectivity between Bamboo and Bitbucket, try using the Bitbucket URL directly instead of going through the Load Balancer. This can help confirm if the problem is with the Load Balancer's configuration.
The resolution involves adjusting the Load Balancer's settings to ensure that the SSH Port 7999 is correctly forwarded to Bitbucket. This adjustment is critical for establishing a successful SSH connection between Bamboo and Bitbucket.
For detailed guidance on configuring SSH port forwarding in Bitbucket, refer to the documentation on:Setting up SSH port forwarding
By addressing the Load Balancer's configuration to correctly forward the SSH port, connectivity issues between Bamboo and Bitbucket can be resolved, allowing for the successful addition of SSH keys and the restoration of full functionality.
Was this helpful?