Login/Register
Can't push/pull to bitbucket via SSH using IPv6
Asked Answered
Solved gitsshbitbucketvpnipv6
P

3

18

When I can push/pull to bitbucket:

  • From my work computer via ssh key id_rsa_bitbucket_work
  • From my laptop, but only when logged into VPN (Cisco AnyConnect) via ssh key id_rsa_bitbucket. My VPN has a static IP.
  • Always using https.

When I cannot push/pull to bitbucket:

  • From my laptop anytime VPN is not connected, via ssh key ida_rsa_bitbucket.
  • From my laptop on my work network network when not on VPN, even though I'm nominally on the same network I would be with VPN.

The appropriate entry in my ~/.ssh/config is:

Host bitbucket
     HostName bitbucket.org
     User git
     IdentityFile ~/.ssh/id_rsa_bitbucket

Connecting to github repositories via SSH always works, regardless of what network/VPN I am going through.

I have checked to make sure that:

  • My SSH agent is running and has the correct keys loaded.
  • My SSH agent is handing out the same key regardless of VPN settings.

The output from ssh -Tv bitbucket when NOT logged in to VPN is:

OpenSSH_6.9p1, LibreSSL 2.1.8
debug1: Reading configuration data /Users/fcarter/.ssh/config
debug1: /Users/fcarter/.ssh/config line 1: Applying options for bitbucket
debug1: Reading configuration data /etc/ssh/ssh_config
debug1: /etc/ssh/ssh_config line 21: Applying options for *
debug1: /etc/ssh/ssh_config line 56: Applying options for *
debug1: Connecting to bitbucket.org [2401:1d80:1010::150] port 22.
debug1: Connection established.
debug1: identity file /Users/fcarter/.ssh/id_rsa_bitbucket type 1
debug1: key_load_public: No such file or directory
debug1: identity file /Users/fcarter/.ssh/id_rsa_bitbucket-cert type -1
debug1: Enabling compatibility mode for protocol 2.0
debug1: Local version string SSH-2.0-OpenSSH_6.9
debug1: Remote protocol version 2.0, remote software version conker_1.0.284-7b46313 app-127
debug1: no match: conker_1.0.284-7b46313 app-127
debug1: Authenticating to bitbucket.org:22 as 'git'
debug1: SSH2_MSG_KEXINIT sent
debug1: SSH2_MSG_KEXINIT received
debug1: kex: server->client aes128-ctr hmac-sha2-256 none
debug1: kex: client->server aes128-ctr hmac-sha2-256 none
debug1: expecting SSH2_MSG_KEX_ECDH_REPLY
debug1: Server host key: ssh-rsa SHA256:zzXQOXSRBEiUtuE8AikJYKwbHaxvSc0ojez9YXaGp1A
debug1: Host 'bitbucket.org' is known and matches the RSA host key.
debug1: Found key in /Users/fcarter/.ssh/known_hosts:12
debug1: SSH2_MSG_NEWKEYS sent
debug1: expecting SSH2_MSG_NEWKEYS
debug1: SSH2_MSG_NEWKEYS received
debug1: SSH2_MSG_SERVICE_REQUEST sent
debug1: SSH2_MSG_SERVICE_ACCEPT received
debug1: Authentications that can continue: publickey
debug1: Next authentication method: publickey
debug1: Offering RSA public key: /Users/fcarter/.ssh/id_rsa_bitbucket
debug1: Server accepts key: pkalg ssh-rsa blen 535
debug1: Authentication succeeded (publickey).
Authenticated to bitbucket.org ([2401:1d80:1010::150]:22).
debug1: channel 0: new [client-session]
debug1: Entering interactive session.
debug1: Sending environment.
debug1: Sending env LANG = en_US.UTF-8
debug1: channel 0: free: client-session, nchannels 1
Transferred: sent 4048, received 1776 bytes, in 10.1 seconds
Bytes per second: sent 401.8, received 176.3
debug1: Exit status -1

It appears to connect and authenticate (via IPv6?), but exits with an error.

The output from ssh -Tv bitbucket when logged into my VPN is:

OpenSSH_6.9p1, LibreSSL 2.1.8
debug1: Reading configuration data /Users/fcarter/.ssh/config
debug1: /Users/fcarter/.ssh/config line 1: Applying options for bitbucket
debug1: Reading configuration data /etc/ssh/ssh_config
debug1: /etc/ssh/ssh_config line 21: Applying options for *
debug1: /etc/ssh/ssh_config line 56: Applying options for *
debug1: Connecting to bitbucket.org [2401:1d80:1010::151] port 22.
debug1: connect to address 2401:1d80:1010::151 port 22: Permission denied
debug1: Connecting to bitbucket.org [104.192.143.3] port 22.
debug1: Connection established.
debug1: identity file /Users/fcarter/.ssh/id_rsa_bitbucket type 1
debug1: key_load_public: No such file or directory
debug1: identity file /Users/fcarter/.ssh/id_rsa_bitbucket-cert type -1
debug1: Enabling compatibility mode for protocol 2.0
debug1: Local version string SSH-2.0-OpenSSH_6.9
debug1: Remote protocol version 2.0, remote software version conker_1.0.284-7b46313 app-125
debug1: no match: conker_1.0.284-7b46313 app-125
debug1: Authenticating to bitbucket.org:22 as 'git'
debug1: SSH2_MSG_KEXINIT sent
debug1: SSH2_MSG_KEXINIT received
debug1: kex: server->client aes128-ctr hmac-sha2-256 none
debug1: kex: client->server aes128-ctr hmac-sha2-256 none
debug1: expecting SSH2_MSG_KEX_ECDH_REPLY
debug1: Server host key: ssh-rsa SHA256:zzXQOXSRBEiUtuE8AikJYKwbHaxvSc0ojez9YXaGp1A
debug1: Host 'bitbucket.org' is known and matches the RSA host key.
debug1: Found key in /Users/fcarter/.ssh/known_hosts:12
debug1: SSH2_MSG_NEWKEYS sent
debug1: expecting SSH2_MSG_NEWKEYS
debug1: SSH2_MSG_NEWKEYS received
debug1: SSH2_MSG_SERVICE_REQUEST sent
debug1: SSH2_MSG_SERVICE_ACCEPT received
debug1: Authentications that can continue: publickey
debug1: Next authentication method: publickey
debug1: Offering RSA public key: /Users/fcarter/.ssh/id_rsa_bitbucket
debug1: Server accepts key: pkalg ssh-rsa blen 535
debug1: Authentication succeeded (publickey).
Authenticated to bitbucket.org ([104.192.143.3]:22).
debug1: channel 0: new [client-session]
debug1: Entering interactive session.
debug1: Sending environment.
debug1: Sending env LANG = en_US.UTF-8
logged in as faustin315.

You can use git or hg to connect to Bitbucket. Shell access is disabled.
debug1: client_input_channel_req: channel 0 rtype exit-status reply 0
debug1: channel 0: free: client-session, nchannels 1
Transferred: sent 4048, received 1984 bytes, in 0.2 seconds
Bytes per second: sent 16284.6, received 7981.4
debug1: Exit status 0

It appears to connect and authenticate (via IPv4?) and everything is fine.

Update: After finding this issue on bitbucket's site, I tried adding 104.192.143.2 bitbucket.org to my /etc/hosts file. This did not fix the issue.

Pompom answered 19/3, 2017 at 16:7 Comment(0)
P
30

Updated after lots of help from Bitbucket support:

After much more research, the problem appears to be on my router's end (Linksys E3200) and is somehow related to IPv6. I have no trouble accessing IPv6-only sites, and everything works fine with github (this is because github is IPv4 only). However, there is something being filtered out that SSH needs to work properly. If I jack directly into my modem and run ssh -Tvv bitbucket it authenticates properly over IPv6.

In order to work around the problem (while I shop for a new router), I am forcing connections to bitbucket to only use IPv4 by adding AddressFamily inet to my ~/.ssh/config file (thanks to: https://mcmap.net/q/20743/-configure-git-to-use-ipv4-instead-of-ipv6-by-default). So the updated entry for bitbucket now reads:

Host bitbucket
     HostName bitbucket.org
     User git
     IdentityFile ~/.ssh/id_rsa_bitbucket
     AddressFamily inet
Pompom answered 19/3, 2017 at 19:32 Comment(2)
I'd just moved house and changed internet supplier. This was causing me considerable irritation, thanks for your help :)Phonation
Wow. I spent months trying to solve this. In my case, my guess is that my Internet provider (Claro ARG) was blocking the IPv6 traffic at the router level. I use your solution but I add also bitbucket.org as a separate host with the same config. Thanks!Hopi
F
0

If somebody needs this maybe adding (on answer above):

... ConnectTimeout 10 ...

can help.

Floccule answered 25/7, 2023 at 15:4 Comment(1)
As it’s currently written, your answer is unclear. Please edit to add additional details that will help others understand how this addresses the question asked. You can find more information on how to write good answers in the help center.Nguyetni
S
0

Simply adding 104.192.141.1 bitbucket.org in /etc/hosts as an entry worked for me as mentioned in this official documentation.

Strep answered 25/8, 2023 at 2:44 Comment(0)

© 2022 - 2025 — McMap. All rights reserved.