Bitbucket is throwing "git was successfully authenticated via public key, but is no longer active in the underlying user directory. The request has been blocked"

Summary

Problem

Bitbucket Server is receiving SSH requests with a valid public key that is not associated to an active user.

The following appears in the atlassian-bitbucket.log:

Diagnosis

Environment

• Bitbucket Server is connected to an external user directory.

• The external user directory is setup as a Delegate authentication to an LDAP directory

Cause

There are two potential causes that have been identified for this issue.

Cause #1 - User deleted from the delegated directory

This happens because when a user is deleted from the delegated user directory, it is still preserved in Bitbucket Server. A user removed or deactivated from a delegated LDAP user directory needs to be manually removed as described on the Delegate authentication to an LDAP directory page.

Cause #2 - Changes in remote directory

Some configuration was performed in the remote directory, affecting Bitbucket synchronization.

Solution

Resolution

Cause #1 - User deleted from the delegated directory

While this is the expected behavior and is not a symptom of any problem, it is still recommended to address this to make sure that no requests are authenticated using an SSH public key.

To address this:

• delete the user from Bitbucket

• remove the SSH key from the user

This is a suggestion to automatically delete these users from Bitbucket: BSERV-11403 - As an admin, I would like users available in Bitbucket via a delegated user directory to be automatically removed

Cause #2 - Changes in the remote directory

Check what change was made in the remote directory that is impacting Bitbucket and address it by fixing it or reverting the change.