M0UNTAIN 0F C0DE

I maintain and work on a number of repositories on BitBucket for both work and in my own time and use a separate account for each. SSH is used to talk with the remotes and I use my Multi SSH Key Manager to manage the keys.

The problem with this is that the remotes for all BitBucket repos have the same username and server git@bitbucket.org and as soon as I associate a key for git@bitbucket.org with my work account, I can't associate it with my personal account.

I could link the accounts together and then they could both use the same key but I want to keep them separate, so I needed to find a way of telling Git to use a certain key with a certain remote.

Here's how I did it...

Today I was writing a script that needs to run without user interaction and need to get the latest version of a single file from a private BitBucket Git repo over SSH.

BitBucket allows you to do this over HTTPS and I could use something like curl or wget with digest auth but then that would require the user name and password to be added to the script in plain text...

Not ideal, esspecially when SSH keys are already setup and far more secure than passwords, but there is a solution...

I use SSH literally every single day, at work and at home, so for security and because I don't want to spend time typing long secure passwords I use SSH keys for authentication.

What's the problem?

Usually you'll generate a key pair with ssh-keygen, copy the public key to any server you want to login to and youre done. So what's the problem with that? Well if you ever want to renew that single key, increase it's length for better security, find out which user and server that key is authorised for etc then you are going to have to change the public key on each of servers you can access.

It would be much better if we had a key pair per user per server, then we can renew, change or delete a key for a single login. We have complete control.