Support OpenSSH-style host constraints (from="") on SSH/deployment keys (BB-6926)

Issue #5661 closed
Marcin Lewandowski created an issue


I think it could be useful if deployment keys syntax supported OpenSSH-style constraints added to keys. I mean especially from="" syntax (see

It would prevent some problems in case of leakage of a key or will bring possbility to deploy only from specific (trusted) locations.

Comments (6)

  1. Oliver

    I would like to join this request for feature. In my case I have a particular machine which hosts the authoritative copy of an Hg repo. Now I can't always log on to push stuff on to Bitbucket. However, storing my main private keys unencrypted on that machine isn't an option either. This is why I wanted to have an unsecured private key on that machine, but limit the repo on Bitbucket's side to only accept this key from a particular IP (or range of IPs).

    Also see:

  2. Atlassian Bitbucket

    This issue has been closed due to inactivity. If you continue to see problems, please reopen or create a new issue.

  3. Log in to comment