Create
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Sign up Log in
Products
See all
Community resources
Top groups
Explore all groups
Community resources
Learn
Community resources
Events
Community resources

Is this a bug? I can clone a private repository without any credentials if I have its git URL

splixt
splixt July 7, 2015

I just noticed this today.  This seems wrong/bad!  I was able to clone my own private repo without having any ssh keys set up, and it didn't ask me for a password.

Watch
Like Be the first to like this
1400 views

1 answer

Comments for this post are closed

Community moderators have prevented the ability to post new answers.

Post a new question

2 votes
@Dan
@Dan
Atlassian Team
Atlassian Team members are employees working across the company in a wide variety of roles.
July 7, 2015

I have caused a bit of panic for myself in the past when seemingly cloning something that should not have been accessible. Do the following:

  • Confirm that you do not have any SSH keys on your account, keys on your repositories are not the only keys active. The quickest way to check this is by attempting a direct SSH into Bitbucket.

    ssh git@bitbucket.org
  • Confirm that you do not have your username or password stored in your Hg settings or the Git password cache.
  • Confirm that the repository is, in fact, private.

If you still cannot figure out what is happening you can contact Bitbucket support (support@bitbucket.org) and provide us with the clone URL and your username.

View More Comments
splixt
splixt July 9, 2015

I confirmed the first and third things several times. What threw me was I had a brand new laptop I had just installed Fedora 22 onto, and I didn't have any Bitbucket stuff, no git tree (yet), no .ssh keys set up. The only thing in my .ssh directory is known_hosts. As for the second thing, "Confirm that you do not have your username or password stored in your Hg settings or the Git password cache." how do I do this? Is this cache on the client side or on bitbucket?

Like
splixt
splixt July 9, 2015

Interesting. Today when I try the exact same git clone operation, not having changed a single thing my new laptop since last time, I get what I expect: "Permission denied (public key)." So maybe something changed on Bitbucket's end. Freaky! Something to keep an eye on.

Like
splixt
splixt July 23, 2015

Solved. I figured out what happened. When I logged into my new machine using ssh, and ran the git clone command, I had forgotten that that I have the "ssh" command aliased to "ssh -A", which does automatic key forwarding. So I was cloning using the keys from my older system.

Like
Reply
Atlassian logo
Answers Developer Questions
TAGS
AUG Leaders

Atlassian Community Events

    See all events