1. Bitbucket
  2. Public Issue Tracker
  3. master
  4. Issues


Issue #5661 closed

Support OpenSSH-style host constraints (from="") on SSH/deployment keys (BB-6926)

Marcin Lewandowski
created an issue


I think it could be useful if deployment keys syntax supported OpenSSH-style constraints added to keys. I mean especially from="" syntax (see http://www.eng.cam.ac.uk/help/jpmg/ssh/authorized_keys_howto.html)

It would prevent some problems in case of leakage of a key or will bring possbility to deploy only from specific (trusted) locations.

Comments (6)

  1. Oliver

    I would like to join this request for feature. In my case I have a particular machine which hosts the authoritative copy of an Hg repo. Now I can't always log on to push stuff on to Bitbucket. However, storing my main private keys unencrypted on that machine isn't an option either. This is why I wanted to have an unsecured private key on that machine, but limit the repo on Bitbucket's side to only accept this key from a particular IP (or range of IPs).

    Also see: https://answers.atlassian.com/questions/133109/ssh-key-limited-to-particular-ip

  2. Log in to comment