Support OpenSSH-style host constraints (from="") on SSH/deployment keys (BB-6926)

Marcin Lewandowski avatarMarcin Lewandowski created an issue


I think it could be useful if deployment keys syntax supported OpenSSH-style constraints added to keys. I mean especially from="" syntax (see

It would prevent some problems in case of leakage of a key or will bring possbility to deploy only from specific (trusted) locations.

Comments (5)

  1. Oliver Schneider

    I would like to join this request for feature. In my case I have a particular machine which hosts the authoritative copy of an Hg repo. Now I can't always log on to push stuff on to Bitbucket. However, storing my main private keys unencrypted on that machine isn't an option either. This is why I wanted to have an unsecured private key on that machine, but limit the repo on Bitbucket's side to only accept this key from a particular IP (or range of IPs).

    Also see:

  2. Log in to comment
Tip: Filter by directory path e.g. /media app.js to search for public/media/app.js.
Tip: Use camelCasing e.g. ProjME to search for
Tip: Filter by extension type e.g. /repo .js to search for all .js files in the /repo directory.
Tip: Separate your search with spaces e.g. /ssh pom.xml to search for src/ssh/pom.xml.
Tip: Use ↑ and ↓ arrow keys to navigate and return to view the file.
Tip: You can also navigate files with Ctrl+j (next) and Ctrl+k (previous) and view the file with Ctrl+o.
Tip: You can also navigate files with Alt+j (next) and Alt+k (previous) and view the file with Alt+o.