Adding a Bitbucket linked repository in Bamboo fails with "URI 'ssh://git@mybitbucket:<ssh_port>/<project_name>/<repo_name>.git' is not allowed by system administrator" error
Platform notice: Server and Data Center only. This article only applies to Atlassian products on the Server and Data Center platforms.
Support for Server* products ended on February 15th 2024. If you are running a Server product, you can visit the Atlassian Server end of support announcement to review your migration options.
*Except Fisheye and Crucible
Summary
This article covers the scenario when adding a Bitbucket Data Centre repository in Bamboo fails with the error "New access key is required but could not be added to Bitbucket Server. URI 'ssh://git@mybitbucket:<ssh_port>/<project_name>/<repo_name>.git' is not allowed by system administrator"
Environment
- Bamboo 10.0.0
- Bitbucket 9.0.0 but will be applicable for other supported versions
Diagnosis
When adding a Bitbucket Data Center repository in Bamboo 10 and alter, the below error can be seen in the Bamboo UI:
The below error can be seen in the <bamboo-home>/logs/atlassian-bamboo.log
2024-08-15 15:09:27,158 INFO [http-nio-8085-exec-24 url: /admin/createLinkedRepository.action; user: user_name] [BitbucketServerServerConfigurator] Public key was added to Bitbucket Server (Bamboo user: user_name, application: Bitbucket [http://mybitbucket:7990], location: repository <project_name>/<repo_name>): ssh-ed25519 AAAAC3NzaC1l...............vZfiKR7Xth+h http://mybamboo:8085
2024-08-15 15:09:27,159 INFO [http-nio-8085-exec-24 url: /admin/createLinkedRepository.action; user: user_name] [OutboundWhitelistImpl] No outbound rule found matching URI: ssh://git@mybitbucket:<ssh_port>/<project_name>/<repo_name>.git
2024-08-15 15:09:27,159 INFO [http-nio-8085-exec-24 url: /admin/createLinkedRepository.action; user: user_name] [BitbucketServerServerConfigurator] Can't authenticate with Bitbucket Server despite successful public key storage: ssh-ed25519 AAAAC3NzaC1l...............vZfiKR7Xth+h http://mybamboo:8085
This behaviour has also been observed on Bamboo 10 instances that had been upgraded from 9.6 and earlier versions.
Cause
Starting from Bamboo 10, Bamboo administrators can choose to allow outgoing connections and content by adding URLs to the allowlist. Please check the details of Configuring the allowlist in Bamboo.
If you have configured a different SSH port than Bitbucket's SSH default port 7999, Bamboo won't be able to connect to it because the new port hasn’t been added to the allowlist.
Below are the default rules added by Bamboo in the Allowlist:
Solution
Modify Bamboo Allowed List Bitbucket SSH Port in Bamboo from 7999 to the configured SSH port in Bitbucket
- Find the SSH Port configured in Bitbucket
- Navigate to Allowlist in Bamboo using <bamboo_base_url>/plugins/servlet/whitelist
- Modify the Domain name entry for the SSH port and replace the number from
ssh://mybitbucket:7999
tossh://mybitbucket:<ssh_port_from_bitbucket>
If the resolution steps mentioned earlier didn't work, please check the following knowledge base article for further instructions: