Forums
Home Product Q&A Discussion groups Articles Ask a question Search
Learning
Events
Champions

Forums

Articles
Create
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Product Q&A
See all
Community resources
Top groups
Explore all groups
Community resources
Learn
Community resources
Events
Community resources

"invalid privatekey: [B@xxxxxx" when connecting to Bitbucket Cloud over SSH

Stuart Longland
Stuart Longland March 25, 2025

We have a Bamboo Data Centre deployment here that we've been using for some years, successfully, via SSH.  (OpenSSH, not JSSH.)  The server is an Ubuntu Linux virtual machine hosted in Amazon AWS.  Release is 8.1.1 build 80108.

Today, we had to start migrating repositories in Bitbucket over to a new workspace, and as part of that, we're generating new SSH keys for Bamboo to use when fetching these repositories.

We can't use the old key on the workspace because Bitbucket requires unique SSH keys.  (It's probably high time it was rotated anyway.)

I've tried 3 different keypairs so far… generated with the following commands:

  • ssh-keygen -f /tmp/keypair -t ed25519  -N '' -C 'Bamboo CI deployment key'
  • ssh-keygen -f /tmp/keypair-rsa -t rsa  -N '' -C 'Bamboo CI deployment key'
  • ssh-keygen -f /tmp/keypair-pem -t ed25519 -m pem -N '' -C 'Bamboo CI deployment key'

I then went to "Shared Credentials" and tried submitting the private keys (the file without the .pub extension).  I for obvious reasons won't reveal its full content, but I can reveal this:

$ grep --line-number ^----- keypair*
keypair:1:-----BEGIN OPENSSH PRIVATE KEY-----
keypair:8:-----END OPENSSH PRIVATE KEY-----
keypair-pem:1:-----BEGIN OPENSSH PRIVATE KEY-----
keypair-pem:8:-----END OPENSSH PRIVATE KEY-----
keypair-rsa:1:-----BEGIN OPENSSH PRIVATE KEY-----
keypair-rsa:39:-----END OPENSSH PRIVATE KEY-----

When I tell Bamboo to use this key, then test access to a repository, I get this:

We couldn't connect to the repository. Here's what we got back:

ssh://git@bitbucket.org/workspace/repository: invalid privatekey: [B@fd422e6
The `[B@xxxxxx` string changes, but appears nowhere in any file I have uploaded.
In the logs, we see a similar story:

2025-03-26 01:12:25,180 INFO [http-nio-8085-exec-8] [RepositoryResource] Testing connection to repository (type: Bitbucket Cloud, location: https://bitbucket.org/workspace/repository)
2025-03-26 01:12:25,192 INFO [http-nio-8085-exec-8] [RepositoryResource] Failed to connect to repository (type: Bitbucket Cloud, location: https://bitbucket.org/workspace/repository, time: 11.68 ms, errors
: [ssh://git@bitbucket.org/workspace/repository: invalid privatekey: [B@2f7ddda])

I note there's a `]` character not seen in the web UI.

I had a look in the backend database, I see the SSH key gets "wrapped" in some sort of proprietary XML schema (in the `credentials` table).  I'm not sure how the integration of OpenSSH is being done (it could be a SSH agent protocol socket or writing out a file), but something is getting mangled here and I can't see where this is happening.

How on earth do we upload a valid key in Bamboo?

(PS: can someone tell whoever wrote the submission form on this site that CTRL-V should put the text where the cursor is positioned and not append it to the end?  It's mighty frustrating pasting some text, then finding that it didn't put it where you intended, but instead jammed it on the end of the document.  I regard this as broken behaviour.)

Answer
Watch
Like Be the first to like this
313 views

1 answer

0 votes
Jeremy Owen
Jeremy Owen
Atlassian Team
Atlassian Team members are employees working across the company in a wide variety of roles.
May 4, 2025

G'day Stuart,

Sorry, pretty late to the party here so you may have already resolved it, but on the off-chance you haven't or someone else runs into this:

It's a problem with the old/abandoned JSCH library that the in-built JGit in your version of Bamboo uses to authenticate with Git repositories. It doesn't support the new OpenSSH format of keys that start with -----BEGIN OPENSSH PRIVATE KEY----- or ed25519 keys in general.

If you install a native Git client and add it as a capability to the Bamboo Server, it will allow you to use these keys. This knowledge-base article covers the issue and contains the workaround:

You could also use ssh-keygen to generate a RSA key in the old format like so:

ssh-keygen -t rsa -m PEM -b 2048 -f id_rsa_olderformat

Native Git does work a lot better with Bamboo though, enabling a few capabilities JGit doesn't support and is more performant. If you can go down that route, you'll be better off and can use newer key formats.

I couldn't reproduce the issue with the submission form, pasting is working as expected for me, so maybe it's been fixed, but if you're still having problems -- let me know which browser and version and I'll send the feedback along.

Hope this helps.

 

 

Reply

Suggest an answer

Log in or Sign up to answer
Bamboo
Bamboo
TAGS
AUG Leaders

Atlassian Community Events

    See all events
    Community
    Forums
    FAQs Forums guidelines
    Learning
    About learning Resources
    Events
    Champions
    Copyright © 2025 Atlassian
    Privacy Policy Notice at Collection Terms Security
    Welcome illustration

    Welcome to the new Atlassian Community

    Online forums and learning are now in one easy-to-use experience.

    By continuing, you accept the updated Community Terms of Use and acknowledge the Privacy Policy. Your public name, photo, and achievements may be publicly visible and available in search engines.