Problem

Bitbucket Server is receiving SSH requests with a valid public key that is not associated to an active user.

The following appears in the atlassian-bitbucket.log:

INFO c.a.b.i.ssh.server.SshCommandAdapter git was successfully authenticated via public key, but is no longer active in the underlying user directory. The request has been blocked

Diagnosis

Environment

• Bitbucket Server is connected to an external user directory.

• The external user directory is setup as a Delegated LDAP user directory

Cause

There are two potential causes that have been identified for this issue.

Cause #1 - User deleted from the delegated directory

This happens because when a user is deleted from the delegated user directory, it is still preserved in Bitbucket Server. A user removed or deactivated from a delegated LDAP user directory needs to be manually removed as described on the Delegated LDAP user directory page.

Cause #2 - Changes in remote directory

Some configuration was performed in the remote directory, affecting Bitbucket synchronization.

Resolution

Cause #1 - User deleted from the delegated directory

While this is the expected behavior and is not a symptom of any problem, it is still recommended to address this to make sure that no requests are authenticated using an SSH public key.

To address this:

• delete the user from Bitbucket
• remove the SSH key from the user

This is a suggestion to automatically delete these users from Bitbucket: BSERV-11403 - As an admin, I would like users available in Bitbucket via a delegated user directory to be automatically removed

Cause #2 - Changes in the remote directory

Check what change was made in the remote directory that is impacting Bitbucket and address it by fixing it or reverting the change.