Configure SSH and two-step verification

The third-party Git Credential Manager (GCM) can be used as alternative method of connecting to Bitbucket Cloud from the Git CLI. If you do not want to configure SSH access for your Bitbucket Cloud account, you can download and install the GCM from Git Credential Manager on GitHub. Note that the GCM works over HTTPS, not SSH. Ensure your Git remotes are using HTTPS, such as:
git clone https://{username}@bitbucket.org/{workspace}/{repository}.git

 

 SSH Client Keys

The URL you use to access a repository depends on the connection protocol (HTTPS or SSH) and the distributed version control system. You can find your repository-specific URLs from the repository Source page. The following table shows these URL formats:

HTTPS

https://<repo_owner>@bitbucket.org/<accountname>/<reponame>.git

SSH

git@bitbucket.org:<repo_owner>/<reponame>.git

or

ssh://git@bitbucket.org/<repo_owner>/<reponame>.git

Bitbucket supports four encryption algorithms for client keys: Ed25519, ECDSA, RSA, and DSA. The following table shows the supported key types and the minimum key size for each supported key type. Bitbucket Cloud only accepts public keys in OpenSSH's authorized_keys format.

Type of key

Minimum key size (bits)

Example

Ed25519 (ed25519)

256

1 ssh-keygen -t ed25519 -b 256

ECDSA (ecdsa)

256

1 ssh-keygen -t ecdsa -b 256

RSA (rsa)

2048

1 ssh-keygen -t rsa -b 2048

DSA / DSS (dsa)

1024

1 ssh-keygen -t dsa -b 1024

SSH Host Keys

We recommend that you record Bitbucket Cloud's public SSH host key before connecting to it for the first time. Depending on the security protocols in your network, the system administrator may maintain a centrally located list of approved known hosts. The public SSH host key fingerprints for the on-prem server are:

SHA256 format

1 2 3 256 SHA256:FC73VB6C4OQLSCrjEayhMp9UMxS97caD/Yyi2bhW/J0 bitbucket.org (ECDSA) 256 SHA256:ybgmFkzwOSotHTHLJgHO0QN8L0xErw6vd0VhFA9m3SM bitbucket.org (ED25519) 2048 SHA256:46OSHA1Rmj8E8ERTC6xkNcmGOw9oFxYr0WF6zWW8l1E bitbucket.org (RSA)

To get the format suitable for storage in the known hosts, you can use the following curl command:

1 curl https://bitbucket.org/site/ssh

Still need help?

The Atlassian Community is here for you.