How do I use xinetd to forward port 22 for SSH connections to Bitbucket Server

Platform Notice: Data Center Only - This article only applies to Atlassian products on the Data Center platform.

Note that this KB was created for the Data Center version of the product. Data Center KBs for non-Data-Center-specific features may also work for Server versions of the product, however they have not been tested. Support for Server* products ended on February 15th 2024. If you are running a Server product, you can visit the Atlassian Server end of support announcement to review your migration options.

*Except Fisheye and Crucible

Summary

The content on this page relates to platforms which are not supported. Consequently, Atlassian Support cannot guarantee providing any support for it. Please be aware that this material is provided for your information only and using it is done so at your own risk.

By default, Bitbucket Server listens for SSH connections on port 7999, this guide will help forward port 22 so that SSH operations can be accessed at ssh://git@bitbucket.mycompany.com/PROJECT/repo.git instead of ssh://git@bitbucket.mycompany.com:7999/PROJECT/repo.git. The default sshd service will need to be moved to an alternative port other than 22.

This is an alternative to using HAProxy as described in Setting up SSH port forwarding.

Solution

Single IP Address Available

  • Using the package manager for your distribution (apt-get, yum, or rpm), install xinetd

  • Create a configuration file named bitbucket_ssh under /etc/xinetd.d with the following content

    1 2 3 4 5 6 7 8 9 10 11 service bitbucket_ssh { disable = no type = UNLISTED socket_type = stream protocol = tcp user = nobody wait = no redirect = 127.0.0.1 7999 port = 22 }

  • Restart xinetd with /etc/init.d/xinetd restart

  • Once port forwarding is set up, you will need to configure the SSH base URL in Bitbucket Server so that the clone urls presented in Bitbucket Server indicate the correct host and port to clone from. See the SSH base URL section in Enable SSH access to Git repositories.

Multiple IP Addresses Available

This option is available if more than one IP address is available on the server. sshd_config will need to be modified so that it listens to only one of the IP addresses.

  • Using the package manager for your distribution (apt-get, yum, or rpm), install xinetd

  • Create a configuration file named bitbucket_ssh under /etc/xinetd.d with the following content

    1 2 3 4 5 6 7 8 9 10 11 12 service bitbucket_ssh { disable = no type = UNLISTED socket_type = stream protocol = tcp user = nobody wait = no redirect = 127.0.0.1 7999 bind = 192.168.1.11 port = 22 }

  • Modify /etc/ssh/sshd_config so that it will only bind to one of the IP addresses (different from what xinetd is listening on

    /etc/ssh/sshd_config

    1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 # Package generated configuration file # See the sshd_config(5) manpage for details # What ports, IPs and protocols we listen for Port 22 # Use these options to restrict which interfaces/protocols sshd will bind to #ListenAddress :: ListenAddress 192.168.1.10 ListenAddress 127.0.0.1 Protocol 2 # HostKeys for protocol version 2 HostKey /etc/ssh/ssh_host_rsa_key HostKey /etc/ssh/ssh_host_dsa_key

  • Restart xinetd with /etc/init.d/xinetd restart

  • Restart sshd with service sshd restart

  • Once port forwarding is set up, you will need to configure the SSH base URL in Bitbucket Server so that the clone urls presented in Bitbucket Server indicate the correct host and port to clone from. See the SSH base URL section in Enable SSH access to Git repositories.

Updated on April 16, 2025
Platform
Data Center only
Product
Bitbucket Data Center
On this pageSummarySolution

Still need help?

The Atlassian Community is here for you.
Ask the Community