Issue #5661 open

Support OpenSSH-style host constraints (from="") on SSH/deployment keys (BB-6926)

Marcin Lewandowski
created an issue


I think it could be useful if deployment keys syntax supported OpenSSH-style constraints added to keys. I mean especially from="" syntax (see

It would prevent some problems in case of leakage of a key or will bring possbility to deploy only from specific (trusted) locations.

Comments (5)

  1. Oliver Schneider

    I would like to join this request for feature. In my case I have a particular machine which hosts the authoritative copy of an Hg repo. Now I can't always log on to push stuff on to Bitbucket. However, storing my main private keys unencrypted on that machine isn't an option either. This is why I wanted to have an unsecured private key on that machine, but limit the repo on Bitbucket's side to only accept this key from a particular IP (or range of IPs).

    Also see:

  2. Log in to comment