I just noticed this today. This seems wrong/bad! I was able to clone my own private repo without having any ssh keys set up, and it didn't ask me for a password.
Community moderators have prevented the ability to post new answers.
I have caused a bit of panic for myself in the past when seemingly cloning something that should not have been accessible. Do the following:
Confirm that you do not have any SSH keys on your account, keys on your repositories are not the only keys active. The quickest way to check this is by attempting a direct SSH into Bitbucket.
ssh git@bitbucket.org
If you still cannot figure out what is happening you can contact Bitbucket support (support@bitbucket.org) and provide us with the clone URL and your username.
I confirmed the first and third things several times. What threw me was I had a brand new laptop I had just installed Fedora 22 onto, and I didn't have any Bitbucket stuff, no git tree (yet), no .ssh keys set up. The only thing in my .ssh directory is known_hosts. As for the second thing, "Confirm that you do not have your username or password stored in your Hg settings or the Git password cache." how do I do this? Is this cache on the client side or on bitbucket?
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
Interesting. Today when I try the exact same git clone operation, not having changed a single thing my new laptop since last time, I get what I expect: "Permission denied (public key)." So maybe something changed on Bitbucket's end. Freaky! Something to keep an eye on.
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
Solved. I figured out what happened. When I logged into my new machine using ssh, and ran the git clone command, I had forgotten that that I have the "ssh" command aliased to "ssh -A", which does automatic key forwarding. So I was cloning using the keys from my older system.
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.