Configure SSH and two-step verification

The third-party Git Credential Manager (GCM) can be used as alternative method of connecting to Bitbucket Cloud from the Git CLI. If you do not want to configure SSH access for your Bitbucket Cloud account, you can download and install the GCM from Git Credential Manager on GitHub. Note that the GCM works over HTTPS, not SSH. Ensure your Git remotes are using HTTPS, such as:
git clone https://{username}{workspace}/{repository}.git


 SSH Client Keys

The URL you use to access a repository depends on the connection protocol (HTTPS or SSH) and the distributed version control system. You can find your repository-specific URLs from the repository Source page. The following table shows these URL formats:






Bitbucket supports four encryption algorithms for client keys: Ed25519, ECDSA, RSA, and DSA. The following table shows the supported key types and the minimum key size for each supported key type. Bitbucket Cloud only accepts public keys in OpenSSH's authorized_keys format.

Type of key

Minimum key size (bits)


Ed25519 (ed25519)


1 ssh-keygen -t ed25519 -b 256

ECDSA (ecdsa)


1 ssh-keygen -t ecdsa -b 256

RSA (rsa)


1 ssh-keygen -t rsa -b 2048

DSA / DSS (dsa)


1 ssh-keygen -t dsa -b 1024

SSH Host Keys

We recommend that you record Bitbucket Cloud's public SSH host key before connecting to it for the first time. Depending on the security protocols in your network, the system administrator may maintain a centrally located list of approved known hosts. The public SSH host key fingerprints for the on-prem server are:

SHA256 format

1 2 3 256 SHA256:FC73VB6C4OQLSCrjEayhMp9UMxS97caD/Yyi2bhW/J0 (ECDSA) 256 SHA256:ybgmFkzwOSotHTHLJgHO0QN8L0xErw6vd0VhFA9m3SM (ED25519) 2048 SHA256:46OSHA1Rmj8E8ERTC6xkNcmGOw9oFxYr0WF6zWW8l1E (RSA)

To get the format suitable for storage in the known hosts, you can use the following curl command:

1 curl

Additional Help