Deployment key allows write access

Issue #7703 resolved
Leon Woestenberg
created an issue

<pre> Problem: Deployment key grants write access on bitbucket.org. Situation: git.lancero.eu points to bitbucket.org lancero is a team account on bitbucket.org lancero_leon is my non-team account on bitbucket.org I have uploaded a deployment key to that account. * I have disabled my (write) SSH in my .ssh/config: Host git.lancero.eu User lancero_leon IdentityFile ~/.ssh/id_dsa_lancero_trisendo_deploy

$ git remote -v trace: built-in: git 'remote' '-v' origin git@git.lancero.eu:lancero/trisendo-dng.git (fetch) origin git@git.lancero.eu:lancero/trisendo-dng.git (push)

I have a script called myssh which calls ssh -v $@ to show SSH log

Now, what is unexpected is when I add a change, commit, then push, the commit/push is accepted and the repository is modified.

As can be seen, this was with the deployment key, which is not in the SSH keys section of any of my bitbucket user or team accounts.

leon@lunar:~/sandbox/sidebranch/openembedded/trisendo/openembedded/dng$ git push trace: built-in: git 'push' trace: run_command: '/home/leon/sandbox/sidebranch/openembedded/trisendo/openembedded/dng/myssh' 'git@git.lancero.eu' 'git-receive-pack '\''lancero/trisendo-dng.git'\''' OpenSSH_5.3p1 Debian-3ubuntu7, OpenSSL 0.9.8k 25 Mar 2009 debug1: Reading configuration data /home/leon/.ssh/config debug1: Applying options for git.lancero.eu debug1: Reading configuration data /etc/ssh/ssh_config debug1: Applying options for debug1: Connecting to git.lancero.eu [207.223.240.182] port 22. debug1: Connection established. debug1: identity file /home/leon/.ssh/id_dsa_lancero_trisendo_deploy type 2 debug1: Checking blacklist file /usr/share/ssh/blacklist.DSA-1024 debug1: Checking blacklist file /etc/ssh/blacklist.DSA-1024 debug1: Remote protocol version 2.0, remote software version OpenSSH_5.3 debug1: match: OpenSSH_5.3 pat OpenSSH debug1: Enabling compatibility mode for protocol 2.0 debug1: Local version string SSH-2.0-OpenSSH_5.3p1 Debian-3ubuntu7 debug1: SSH2_MSG_KEXINIT sent debug1: SSH2_MSG_KEXINIT received debug1: kex: server->client aes128-ctr hmac-md5 none debug1: kex: client->server aes128-ctr hmac-md5 none debug1: SSH2_MSG_KEX_DH_GEX_REQUEST(1024<1024<8192) sent debug1: expecting SSH2_MSG_KEX_DH_GEX_GROUP debug1: SSH2_MSG_KEX_DH_GEX_INIT sent debug1: expecting SSH2_MSG_KEX_DH_GEX_REPLY debug1: Host 'git.lancero.eu' is known and matches the RSA host key. debug1: Found key in /home/leon/.ssh/known_hosts:90 debug1: ssh_rsa_verify: signature correct debug1: SSH2_MSG_NEWKEYS sent debug1: expecting SSH2_MSG_NEWKEYS debug1: SSH2_MSG_NEWKEYS received debug1: SSH2_MSG_SERVICE_REQUEST sent debug1: SSH2_MSG_SERVICE_ACCEPT received debug1: Authentications that can continue: publickey debug1: Next authentication method: publickey debug1: Offering public key: /home/leon/.ssh/id_dsa_lancero_trisendo_deploy debug1: Remote: Forced command: conq username:lancero_leon debug1: Remote: Port forwarding disabled. debug1: Remote: X11 forwarding disabled. debug1: Remote: Agent forwarding disabled. debug1: Remote: Pty allocation disabled. debug1: Server accepts key: pkalg ssh-dss blen 434 debug1: read PEM private key done: type DSA debug1: Remote: Forced command: conq username:lancero_leon debug1: Remote: Port forwarding disabled. debug1: Remote: X11 forwarding disabled. debug1: Remote: Agent forwarding disabled. debug1: Remote: Pty allocation disabled. debug1: Authentication succeeded (publickey). debug1: channel 0: new [client-session] debug1: Requesting no-more-sessions@openssh.com debug1: Entering interactive session. debug1: Sending environment. debug1: Sending env LANG = en_US.UTF-8 debug1: Sending command: git-receive-pack 'lancero/trisendo-dng.git' trace: run_command: 'pack-objects' '--all-progress-implied' '--revs' '--stdout' '--thin' '--delta-base-offset' trace: exec: 'git' 'pack-objects' '--all-progress-implied' '--revs' '--stdout' '--thin' '--delta-base-offset' trace: built-in: git 'pack-objects' '--all-progress-implied' '--revs' '--stdout' '--thin' '--delta-base-offset' Counting objects: 5, done. Delta compression using up to 8 threads. Compressing objects: 100% (3/3), done. Writing objects: 100% (3/3), 375 bytes, done. Total 3 (delta 1), reused 0 (delta 0) debug1: client_input_channel_req: channel 0 rtype exit-status reply 0 debug1: client_input_channel_req: channel 0 rtype eow@openssh.com reply 0 debug1: channel 0: free: client-session, nchannels 1 debug1: fd 0 clearing O_NONBLOCK debug1: fd 1 clearing O_NONBLOCK Transferred: sent 2992, received 3224 bytes, in 0.8 seconds Bytes per second: sent 3749.5, received 4040.2 debug1: Exit status 0 To git@git.lancero.eu:lancero/trisendo-dng.git d6911f4..b29dd3f master -> master </pre>

Comments (5)

  1. Log in to comment