Uploaded image for project: 'Bitbucket Data Center'
  1. Bitbucket Data Center
  2. BSERV-19637

Correct the line "newer than 8.13" mentioned on the Bitbucket Data Center FAQ page

XMLWordPrintable

    • Icon: Suggestion Suggestion
    • Resolution: Unresolved
    • None
    • Smart Mirroring, SSH
    • None
    • 0
    • We collect Bitbucket feedback from various sources, and we evaluate what we've collected when planning our product roadmap. To understand how this piece of feedback will be reviewed, see our Implementation of New Features Policy.

      There's a line mentioned on the Bitbucket Data Center FAQ, that says the below:

      Do my mirrors need to be on the same version as my primary Bitbucket instance?

      No, they don't. Your primary Bitbucket instance and all existing mirrors can run any version of Bitbucket, provided it's 4.2.0 or higher. For mirrors that are newer than 6.7, they can't point to a primary older than Bitbucket version 6.7. Additionally, for mirrors that are newer than 8.13, they can't point to a primary older than Bitbucket version 8.13.

      This line "Additionally, for mirrors that are newer than 8.13, they can't point to a primary older than Bitbucket version 8.13." needs to be changed to include 8.13.

      This is because from Bitbucket 8.13 onwards, support for ECDSA-SK SSH keys started as mentioned in the Bitbucket 8.13 as per the release notes:

      Support of security keys for Git over SSH

      We now support the ED25519-SK and ECDSA-SK SSH keys designed to work with FIDO2/U2F hardware authenticators like YubiKey, SoloKey, etc.

      Security keys are a safer substitute for passwords or traditional SSH keys to protect your code, offering a reliable way to improve your security posture and implement multifactor authentication for Git operations.

      To start using ED25519-SK or ECDSA-SK, you need to create a public and private key pair, as for any other SSH key type. The difference is that the private key file isn’t stored on your computer, but references the private key stored on the FIDO2/U2F hardware authenticator.

      For every Git operation, a Git client will ask a user to touch the hardware key to confirm their physical presence. Even if the private key file is stolen from the computer, it’ll be useless without pairing the hardware key.

      Learn more about how to create the new security keys

      which means, Bitbucket Primary and 7.21 and Mirror on 8.13 would not work.

      Please change the line in the document to the following:

      Additionally, for Mirrors that are on Bitbucket version 8.13 and newer than 8.13, they can't point to a Primary older than Bitbucket version 8.13.

      Latest Primary and older mirror:

      Will 8.19 Upstream work with 8.9 mirror ( or an older mirror ) in that scenario?
      8.19 upstream does work well with an 8.9 mirror, we ran with that config on stash for a few months. The only caveat with that though is that even though an -sk key can be registered with the 8.13+ upstream and used for SSH operations successfully, it will fail to work for such operations via the mirror until the mirror also has been upgraded to 8.13

              Unassigned Unassigned
              04f11a9d4cc8 Apoorva
              Votes:
              0 Vote for this issue
              Watchers:
              2 Start watching this issue

                Created:
                Updated: