[git] Repository access denied. access via a deployment key is read-only

After successfully cloning my repo from heroku and added another remote

1/ git clone [email protected]:[APP].git
2/ git remote add bitbucket ssh://[email protected]/[ACCOUNT]/[REPO].git
3/ git push bitbucket master

I am still getting this error after running line (3) or using SourceTree

conq: repository access denied. access via a deployment key is read-only.

First I don't understand what this message means in practice. And that's shame.

I did create ssh key pair and added to heroku :

ssh-keygen -t rsa 
heroku keys:add ./id_rsa.pub 

I also added my key in deployment keys section in BitBucket. But I must be missing something. This question is not out of laziness, I have been reading various docs including BitBuckets guides. But it still don't get around this issue.

This post is related to Can I import my heroku git repo into bitbuket? and how?

ADDITIONAL FACTS:

ssh -T [email protected]
conq: authenticated via a deploy key.

You can use git or hg to connect to Bitbucket. Shell access is disabled.


$ ssh -v [email protected]
OpenSSH_5.6p1, OpenSSL 0.9.8r 8 Feb 2011
debug1: Reading configuration data /Users/joel/.ssh/config
debug1: Applying options for bitbucket.org
debug1: Reading configuration data /etc/ssh_config
debug1: Applying options for *
debug1: Connecting to bitbucket.org [207.223.240.181] port 22.
debug1: Connection established.
debug1: identity file /Users/joel/.ssh/id_rsa type 1
debug1: identity file /Users/joel/.ssh/id_rsa-cert type -1
debug1: Remote protocol version 2.0, remote software version OpenSSH_5.3
debug1: match: OpenSSH_5.3 pat OpenSSH*
debug1: Enabling compatibility mode for protocol 2.0
debug1: Local version string SSH-2.0-OpenSSH_5.6
debug1: SSH2_MSG_KEXINIT sent
debug1: SSH2_MSG_KEXINIT received
debug1: kex: server->client aes128-ctr hmac-md5 none
debug1: kex: client->server aes128-ctr hmac-md5 none
debug1: SSH2_MSG_KEX_DH_GEX_REQUEST(1024<1024<8192) sent
debug1: expecting SSH2_MSG_KEX_DH_GEX_GROUP
debug1: SSH2_MSG_KEX_DH_GEX_INIT sent
debug1: expecting SSH2_MSG_KEX_DH_GEX_REPLY
debug1: Host 'bitbucket.org' is known and matches the RSA host key.
debug1: Found key in /Users/joel/.ssh/known_hosts:5
debug1: ssh_rsa_verify: signature correct
debug1: SSH2_MSG_NEWKEYS sent
debug1: expecting SSH2_MSG_NEWKEYS
debug1: SSH2_MSG_NEWKEYS received
debug1: Roaming not allowed by server
debug1: SSH2_MSG_SERVICE_REQUEST sent
debug1: SSH2_MSG_SERVICE_ACCEPT received
debug1: Authentications that can continue: publickey
debug1: Next authentication method: publickey
debug1: Offering RSA public key: /Users/joel/.ssh/id_rsa
debug1: Remote: Forced command: conq deploykey:13907
debug1: Remote: Port forwarding disabled.
debug1: Remote: X11 forwarding disabled.
debug1: Remote: Agent forwarding disabled.
debug1: Remote: Pty allocation disabled.
debug1: Server accepts key: pkalg ssh-rsa blen 279
debug1: read PEM private key done: type RSA
debug1: Remote: Forced command: conq deploykey:13907
debug1: Remote: Port forwarding disabled.
debug1: Remote: X11 forwarding disabled.
debug1: Remote: Agent forwarding disabled.
debug1: Remote: Pty allocation disabled.
debug1: Authentication succeeded (publickey).
Authenticated to bitbucket.org ([207.223.240.181]:22).
debug1: channel 0: new [client-session]
debug1: Requesting [email protected]
debug1: Entering interactive session.
debug1: Sending environment.
debug1: Sending env LC_CTYPE = UTF-8
PTY allocation request failed on channel 0

Looks like all is fine.

I had the same issue Kabir Sarin had. The solution was to clone the repo via SSH, instead of using the https URL. so this is what helped me, and hopefully others:

    git clone [email protected]:{accountName}/{repoName}.git

First choose or create the key you want to use for pushing to Bitbucket. Let's say its public key is at ~/.ssh/bitbucket.pub

• Add your public key to Bitbucket by logging in and going to your public profile, settings, ssh-key, add key.
• Configure ssh to use that key when communicating with Bitbucket. E.g. in Linux add to ~/.ssh/config:

    Host bitbucket.org
    IdentityFile ~/.ssh/bitbucket

Now the SSH option is under the security settings

Click Your Avatar --> Bitbucket Settings --> SSH Key --> Add Key

Paste your public key

I would like to re-emphasize the following:

• You might have added the SSH key to your repository (e.g. ExampleRepo), but this is NOT where the SSH key goes.
• It is meant to go into YOUR PROFILE. This is the small avatar on the bottom left corner of the screen. Here, you'll find a different place to put your SSH Keys (under Security) > then you add the key here instead.
• If you accidentally put your SSH key into the repository (as opposed to your account), then delete the one in the repository.

Took me ages to realise, somehow even after reading the answers here it didn't click.

Recently I faced the same issue. I got the following error:

repository access denied. access via a deployment key is read-only.

You can have two kinds of SSH keys:

1. For your entire account which will work for all repositories
2. Per repository SSH key which can only be used for that specific repository.

I simply removed my repository SSH key and added a new SSH key to my account and it worked well.

I hope it helps someone. Cheers

Sometimes it doesn't work because you manually set another key for bitbucket in ~/.ssh/config.

Steps:

1. Create ssh keys on source server

   ssh-keygen

2. Cat and copy id_rsa.pub located under ~./ssh directory

3. Go to Bitbucket, if you have already set the access keys for repository(s) then delete existing public key(s)
4. Go to Bitbucket avatar> Bitbucket settings> SSH Keys (under Security, left pane)> Click on 'Add Keys'> paste the public key.

5. Check if it works by running below command on the source server

   git remote show origin

6. For fetch and push from the source server, if the protocol is 'https' then you have to change it to 'git+ssh' by running below command

   git remote set-url origin git+ssh://<bitbucketaccount>@bitbucket.org/<accountname>/repo.git

7. Check if you can do push to the repo.

Done!

Two step process to be able to push pull
Step1: Generate ssh key(public and private) on mac

Step2: Put private key in mac and public key in git website

below detailed steps are for mac users

Step 1: Generating keys

1. (make sure you have git installed)https://git-scm.com/download/mac
2. open terminal and type ssh-keygen this will prompt you to enter storage location for key, you may type /Users/[machinename]/.ssh/[keyname]
3. Next it will ask for passphrase, you can either leave it blank by pressing enter or enter some keyword to be entered again at next prompt
4. This will have created two keys for you, private and public, with name [keyname] and [keyname].pub

Step2:pushing keys to appropriate locations[mac and remote accounts i.e Github, bitbucket, gitlab etc ]

1. Type ssh-add -K ~/.ssh/[keyname] in terminal to add your private key to the mac
2. Type pbcopy < ~/.ssh/[keyname].pub to copy public key to clipboard
3. Open account settings on your respective git website and go to add key, there paste the public key copied above

Done, now you can push pull.

You have to delete the deployment key first if you are going to add the same key under Manage Account SSH Key.

Deployment keys are read only. To enable write access you need to:

• Remove this deployment key from your repository settings. You won't be able to write to this repo with this key anyway.

• Go to "Avatar -> Settings -> SSH Keys" and add the same key

• Now try to push to remove branch

You were able to write to repositories before but this is a change in BitBucket where you're no longer able to write with deploy key.

All you need - add another key and use it.

As i've found first key - always Deployment Key.

'Deployment Key' is only for Read Only access. Following is a good way to work through this.

• Create and SSH key and add it to bitbucket (User Avatar -> Bitbucket Setting-> SSH keys)
• ~/.ssh/known_hosts
• ssh-add -D (Remove keys loaded to SSH agent)
• ssh-add ~/.ssh/your_private_key_for_bitbucket
• ssh [email protected] -Tv (Verify that your key is getting used to connect to bitbucket)
• git push 'remote name' 'branch name'

here is yhe full code to clone all repos from a given BitBucket team/user

# -*- coding: utf-8 -*-
"""

    ~~~~~~~~~~~~

    Little script to clone all repos from a given BitBucket team/user.

    :author: https://thepythoncoding.blogspot.com/2019/06/python-script-to-clone-all-repositories.html
    :copyright: (c) 2019
"""

from git import Repo
from requests.auth import HTTPBasicAuth

import argparse
import json
import os
import requests
import sys

def get_repos(username, password, team):
    bitbucket_api_root = 'https://api.bitbucket.org/1.0/users/'
    raw_request = requests.get(bitbucket_api_root + team, auth=HTTPBasicAuth(username, password))
    dict_request = json.loads(raw_request.content.decode('utf-8'))
    repos = dict_request['repositories']

    return repos

def clone_all(repos):
    i = 1
    success_clone = 0
    for repo in repos:
        name = repo['name']
        clone_path = os.path.abspath(os.path.join(full_path, name))

        if os.path.exists(clone_path):
            print('Skipping repo {} of {} because path {} exists'.format(i, len(repos), clone_path))
        else:
            # Folder name should be the repo's name
            print('Cloning repo {} of {}. Repo name: {}'.format(i, len(repos), name))
            try:
                git_repo_loc = '[email protected]:{}/{}.git'.format(team, name)
                Repo.clone_from(git_repo_loc, clone_path)
                print('Cloning complete for repo {}'.format(name))
                success_clone = success_clone + 1
            except Exception as e:
                print('Unable to clone repo {}. Reason: {} (exit code {})'.format(name, e.stderr, e.status))
        i = i + 1

    print('Successfully cloned {} out of {} repos'.format(success_clone, len(repos)))

parser = argparse.ArgumentParser(description='clooney - clone all repos from a given BitBucket team/user')

parser.add_argument('-f',
                    '--full-path',
                    dest='full_path',
                    required=False,
                    help='Full path of directory which will hold the cloned repos')

parser.add_argument('-u',
                    '--username',
                    dest="username",
                    required=True,
                    help='Bitbucket username')

parser.add_argument('-p',
                    '--password',
                    dest="password",
                    required=False,
                    help='Bitbucket password')

parser.add_argument('-t',
                    '--team',
                    dest="team",
                    required=False,
                    help='The target team/user')

parser.set_defaults(full_path='')
parser.set_defaults(password='')
parser.set_defaults(team='')

args = parser.parse_args()

username = args.username
password = args.password
full_path = args.full_path
team = args.team

if not team:
    team = username

if __name__ == '__main__':
    try:
        print('Fetching repos...')
        repos = get_repos(username, password, team)
        print('Done: {} repos fetched'.format(len(repos)))
    except Exception as e:
        print('FATAL: Could not get repos: ({}). Terminating script.'.format(e))
        sys.exit(1)

    clone_all(repos)

More info: https://thepythoncoding.blogspot.com/2019/06/python-script-to-clone-all-repositories.html

TLDR: ssh-add ~/.ssh/yourkey

I've just worked through this problem.

And none of the other answers helped.

I did have a ./ssh/config with all the right stuff, also an earlier repository working fine (same bitbucket account, same key). Then I generated a deploy_key, and after that created a new repository.

After that could not clone the new repo.

I wish I knew how/why ssh agent was messing this up, but adding the key solved it. I mean adding the key in my local Ubuntu, not in bitbucket admin. The command is just

    ~/.ssh$ ssh-add myregualrkey

Hope this helps someone.

I had this happen when I was trying to use a deployment key because that is exactly what I wanted.

I could connect via ssh -T [email protected] and it would tell me I had access to read the repository I wanted, but git clone would fail.

Clearing out ~/.ssh/known_hosts, generating a new key via ssh-keygen, adding that new key to bitbucket, and retrying fixed it for me.

you need to add your key to your profile and NOT to a specific repository. follow this: https://community.atlassian.com/t5/Bitbucket-questions/How-do-I-add-an-SSH-key-as-opposed-to-a-deployment-keys/qaq-p/413373

for this error : conq: repository access denied. access via a deployment key is read-only.

I change the name of my key, example

cd /home/try/.ssh/
mv try id_rsa
mv try.pub id_rsa.pub

I work on my own key on bitbucket